Hi,
I am following the process described here to try and authenticate my API calls by passing the Cookie with a node.js https request. Don't quite know where I'm going wrong but here is my code:
After posting my login details to auth/latest/session I save the 'set-cookie' header from the response like this:
var authHeader = response.headers["set-cookie"];
Then I use the header content to pass into the "Cookie" header fr
var requestOptions = { host:requestHost, path:apiPath+requestPath, method:'POST', headers: { "Cookie": authHeader, "Content-Type": "application/json" } }
The response I get back is:
{"errorMessages":["Field 'fieldname' does not exist or this field cannot be viewed by anonymous users."],"errors":{}}
I have verified that 'fieldname' exists, so the error must be coming from the authentication.
Community moderators have prevented the ability to post new answers.
I'm guessing here, so I'm probably wrong, but hopefully this leads you on the right path.
You're looking at headers, not cookies. If you're looking at the raw headers, you need to extract out the actual cookie. The header value probably looks something like "JSESSIONID=sdfdskjfhdskjfhkjsdfhskjd; Path=/; HttpOnly
", and all you want to pass in for the authHeader is "sdfdskjfhdskjfhkjsdfhskjd" (or possibly "JSESSIONID=sdfdskjfhdskjfhkjsdfhskjd", I'm not sure).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would suggest following solution:
This should just-work-fine
A short example using node-rest-client (I tried to get the code as short as possible to avoid confusions ):
var Client = require('node-rest-client').Client; client = new Client(); // let's login var loginArgs = { data: { "username": "admin", "password": "admin" }, headers: { "Content-Type": "application/json" } }; client.post("http://localhost:8090/jira/rest/auth/1/session", loginArgs, function(data, response){ if (response.statusCode == 200) { console.log('succesfully logged in, session:', data.session); var session = data.session; // now let's do some request - for example get our session info var args = { headers: { cookie: session.name + '=' + session.value // the session cookie } }; client.get("http://localhost:8090/jira/rest/auth/1/session", args, function(sessionData, response) { console.log('status code:', response.statusCode); console.log('our session details:', sessionData); }); } else { throw "Login failed :<"; } });
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Aleksander, Thanks for your response! I have been able to login ok but still having trouble getting the authorization working with a search POST request. Here is my code below which is a slightly modified version of yours! function jiraPostRequest(request_path, request_args, myCallBack){ var sessionHeader = sessionInfo.name + '=' + sessionInfo.value; console.log("sessionHeader: " + sessionHeader); //LOGS AS "sessionHeader: JSESSIONID=A25B0741253BF7400BA73E031423717F" // now let's do some request - for example get our session info var args = { data:request_args, headers: { cookie: sessionHeader, // the session cookie "Content-Type": "application/json" } }; client.post("https://cohort.atlassian.net/rest/api/latest/"; + request_path, args, function(sessionData, response) { console.log('status code:', response.statusCode); console.log('our session details:', sessionData); myCallBack(response); }); } I still get this response when making the request: status code: 400 our session details: { errorMessages: [ 'Field \'LGS Campaign ID\' does not exist or this field cannot be viewed by anonymous users.' ], errors: {} } (Please note that this works when using BASIC authentication).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I also tried making a request to "https://cohort.atlassian.net/rest/auth/latest/session";, however I then get this response: status code: 401 our session details: { errorMessages: [ 'You are not authenticated. Authentication required to perform this operation.' ], errors: {} }
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you check with network sniffer that what you sending is what you think you're sending? :) For example start local jira and hit it with your code (without https) and record traffic with wireshark - please verify if the headers are in request. From the response from rest/auth/latest/session I deduce that your request doesn't contain the session cookie.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I've quickly modified my code into searching issues (with empty JQL ;)) - http://pastebin.com/HcKqK5xK
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Aleksander - I'll try installing Wireshark to monitor the request I am making. You can see from my code above that I am adding the session cookie header (and I am verifying it's content with a console log). Is there any reason that you can think of that would cause the header not to be set?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Aleksander - I have tried running my request through wireshark but I don't think it appears unless I use http (instead of https as you said). I'm having trouble authenticating when I switch to http though and receive a 301 error followed by "Login failed" getting thrown! How can I authenticate without using the https protocol?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I can only recommend testing your code with local instance - just start JIRA with atlas-run-standalone --product jira (or in any other possible way ;)). The reason why I think that your request is wrong is that you're getting response 401 which should not happen as you've authenticated to JIRA - so either the code is not sending headers, or they are being somehow lost later. Actually, does my test code works for you? Are you able to get search results with the code I shared in http://pastebin.com/HcKqK5xK? If not, then maybe it's a proxy issue?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Harold,
Thanks for your response! Here is the information within the response object that I'm pulling!
The header:
Set-Cookie: JSESSIONID=6E3487971234567896704A9EB4AE501F; Path=/; HttpOnly
The body:
{"session":{ "name":"JSESSIONID", "value":"6E3487971234567896704A9EB4AE501F"}, "loginInfo":{ "failedLoginCount":1, "loginCount":2, "lastFailedLoginTime":"2013-11-27T09:43:28.839+0000", "previousLoginTime":"2013-12-04T07:54:59.824+0000" } }
I already tried including the header in the formats you suggested, for example:
Cookie: JSESSIONID=6E3487971234567896704A9EB4AE501F
Should I try naming the header something different such as: "JSESSIONID" or "Authorization"?
Kind regards,
Jeremy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Community moderators have prevented the ability to post new answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.