tulleuchen
commented
4 years ago Can you please give some additional details such as the version of JIRA you are using and the version of JiraStopWatch you are using? Is this JIRA cloud or on Prem?
Closed rfrenkel123 closed 3 years ago
tulleuchen
commented
4 years ago Can you please give some additional details such as the version of JIRA you are using and the version of JiraStopWatch you are using? Is this JIRA cloud or on Prem?
Shulyaka
commented
4 years ago Same here. Upgraded to 2.3.0, then I am unable to log in:
tulleuchen
commented
4 years ago @Shulyaka @rfrenkel123 For On Prem installations, Just enter your password in the "API Token" field and it will work. There is no API Token that I'm aware of for OnPrem at this time. But again password works in the API token field of this application.
Shulyaka
commented
4 years ago It does not work.
The 2.3.0 version tries to authenticate using headers (https://github.com/tulleuchen/jirastopwatch/pull/139/files#diff-d7951565d10542891fd0d9493ce1483fR73) rather than using POST method (https://github.com/tulleuchen/jirastopwatch/pull/139/files#diff-d62a4156afcebc345264ec7d1923e8abL146). Probably that is the reason.
18.02.2020 11:10:37 Request: http://jira.local:8080/rest/auth/1/session
18.02.2020 11:10:37 Response: Forbidden -
<html>
<head>
<title>Forbidden (403)</title>
<!--[if IE]><![endif]-->
<script tyI have just tested with 2.3.0 both from the installer and from source with debugging. I am using Jira Server 8.2.4 FYI
Looking at the source I hit the following code https://github.com/tulleuchen/jirastopwatch/blob/2.3.0/source/StopWatch/Jira/JiraApiRequester.cs
This does the same thing as if you would send using a REST client take your username and password and base64encode them _value = base64encode(username:password) Method: GET URL: https://yourjiraurl/rest/auth/1/session Header: Authorization Header Value: Basic _value
So even though it shows _apiToken here. It works.
request.AddHeader("Authorization", "Basic " + System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes($"{_username}:{_apiToken}")));Per Atlassian's documentation https://developer.atlassian.com/server/jira/platform/basic-authentication/
Cloud Auth looks about the same only apitoken instead of password is used.
https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/
simium
commented
4 years ago Hi,
I'm reproducing this issue with 2.3.0 and on prem Jira 8.5.0.
07/05/2020 12:33:47 Request: https://jira.myserver.se/rest/auth/1/session
07/05/2020 12:33:47 Response: Forbidden -
<html>
<head>
<title>Forbidden (403)</title>I'm using username and password, no token option.
simium
commented
4 years ago Hi,
I'm reproducing this issue with 2.3.0 and on prem Jira 8.5.0.
07/05/2020 12:33:47 Request: https://jira.myserver.se/rest/auth/1/session 07/05/2020 12:33:47 Response: Forbidden - <html> <head> <title>Forbidden (403)</title>I'm using username and password, no token option.
Just so you know, by revoking all Jira tokens, logging out of Chrome and logging back in (this time with a captcha), the failed logins counter was reset and JiraStopWatch connected flawlessly.
I generated an API token in Jira but was unable to connect using it or my normal password.
12/9/2019 11:00:41 AM Request: https://jira2.ceonex.com/rest/auth/1/session 12/9/2019 11:00:41 AM Response: Forbidden -