Add support of basic auth for jira

Review Request #9830 — Created March 23, 2018 and discarded

Information

Review Board
release-3.0.x

Reviewers

If the hosted bug tracker is not readable by
an anonymous connection it is necessary to
provide valid credentials to fetch jira information.

These adds support to add username and password
for a simple authentication.

Added this patch, saved settings with empty username
and empty password. Saw that it cannot fetch any
information from jira as the connection is not
authorized.

Saved the settings wird a valid username and
valid password. Saw that it can fetch all
information.

Description From Last Updated

is this available in public WebAPI? How can I encrypt it? Will it be encrypted with SECRET_KEY?

miserymisery
misery
  1. 
      
  2. reviewboard/hostingsvcs/jira.py (Diff revision 1)
     
     
     
     
     
     

    is this available in public WebAPI? How can I encrypt it? Will it be encrypted with SECRET_KEY?

    1. It gets stored in extra_data, which can be exposed.

      For how to encrypt things, I'd look at some of the other hosting services (beanstalk, for example). Search for encrypt_password/decrypt_password.

    2. Well, I don't know how to encrypt it in class JIRAForm(HostingServiceForm):. Decryption should be easy: auth = (user, decrypt_password(psw)).

      But maybe it would be better to split out the entire bug tracker stuff. We have 350 repositories with the same bug-tracker. I won't add user/psw to all repositories. ;-)

    3. Redoing bug tracker configuration is planned for hopefully RB5. It's long-overdue, and the current model limits us in too many ways. There will be a centralized configuration for each bug tracker you want to use, instead of making that part of the repository configuration.

      For encrypting, you can do:

      def clean_jira_psw(self):
          return encrypt_password(self.cleaned_data['jira_psw'].strip())
      
    4. Thanks!

      I have two problems now.

      • If I have a Jira and did not add the credentials (or bad credentials) but the server requires it, it has this error and the worker nerver stopps und blocks the whole process.
      15:02:00    WARNING     
      
       - root - Got recoverable error from GET https://jira.company.de/rest/api/2/issue/APP-1235, will retry [2/3] in 14.9607447152s. Err: 401
      
      15:02:00    DEBUG   
      
       - urllib3.connectionpool - https://jira.company.de:443 "GET /rest/api/2/issue/APP-1235 HTTP/1.1" 401 None
      

      • If I use the correct credentials it works until I re-open the repository settings and press "Save" again. This will clean the password - so I need to add the password anytime I save the repo settings.
    5. For the former, this seems like something coming from the jira module, which would require seeing if they have a mechanism for turning off retrying logic.

      To handle the latter case, I'd suggest only conditionally saving the username/password. If it's provided, save it. Otherwise, use what's already stored.

    6. Thanks, max_retries did the trick.

      Well, tried it but I don't know RB internals enough to add that. :-(

  3. 
      
misery
  1. 
      
  2. ping? any help?

  3. 
      
misery
misery
misery
Review request changed

Status: Discarded

Change Summary:

Just drop a "reviewboard/site/data/.netrc" file with the following content

machine jira.company.de
login reviewboarduser
password 123456

Loading...