Deactivate jira user with powershell's Invoke-WebRequest

Rick van Twillert (TMC) September 26, 2018

Hi,

Since Atlassian is pretty ignorant in providing a REST endpoint to (de)activate a jira user  in Jira Software Server, removing all groups from the user isn't sufficient enough and Bob Swift's CLI is way to slow, I'm trying to deactivate a user by making a webrequest in powershell. Except I keep hitting the XSRF Security Token Missing error.

Does anyone know what I'm doing wrong? Here's the script:

$username = "currentUsername"
$fullname = "User Name"
$email = "username@domain.com"
$active = "false"
$editName = "newUsername"

$adminUsername = "admin"
$adminPassword = "password"
$jiraUrl = "https://jira.domain.com"

$loginUrl="$jiraUrl/login.jsp"
$authUrl="$jiraUrl/secure/admin/WebSudoAuthenticate.jspa"
$deactivateUrl="$jiraUrl/secure/admin/user/EditUser.jspa"


$postParams = @{os_username='$adminUsername';os_password='$adminPassword';os_destination=''}
$temp = Invoke-WebRequest -Uri $loginUrl -SessionVariable session -Method POST -Body $postParams -ContentType "application/x-www-form-urlencoded"

Write-Host $xsrfToken
Write-Host $xsrfToken.GetType().FullName

$postParams = @{atl_token=$xsrfToken;decorator='dialog';username=$username;fullName=$fullname;email=$email;active=$active;editName=$editName;returnUrl='UserBrowser.jspa'}
Invoke-WebRequest -Uri $deactivateUrl -WebSession $session -Method POST -Body $postParams -ContentType "application/x-www-form-urlencoded" | Out-String

The Write-Host output looks correct:

YADA-YADA-YADA-YADA_13d2ad076a732acced5b8da9f3d21abab6eea7cc_lout
System.String

Thanks in advance!

1 answer

1 accepted

2 votes
Answer accepted
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 28, 2018

Hi Rick,

While the Jira REST API can't directly be used to deactivate users, you could use the embedded Crowd's API built into Jira Server in order to manage user deactivations.  Check out the workaround listed in the feature request https://jira.atlassian.com/browse/JRASERVER-37294

 

From that page:

Workaround

Use Crowd REST API following these steps:

  1. Go to User Management -> JIRA User Server
  2. Create a new one with the below details (you can use your own values):
    • Application Name: app_name
    • Password: app_pwd
    • IP Addresses: Insert the IP/s (each on a separate line) of the server where the REST call is to be run (to whitelist it so that the REST call is allowed to run)
  3. Test with this command:
    • If Linux:
      curl -D- -u app_name:app_pwd -X PUT --data '{"name":"andy", "active":"false"}' http://10.60.1.252:8080/rest/usermanagement/1/user?username=andy -H 'Content-Type: application/json' -H 'Accept: application/json'
      
    • If Windows:
      curl -D- -u app_name:app_pwd -X PUT --data "{\"name\":\"andy\", \"active\":\"false\"}" http://10.60.1.252:8080/rest/usermanagement/1/user?username=andy -H "Content-Type: application/json" -H "Accept: application/json"
      

      Use the right username (andy - 2 occurences) and JIRA URL (http://10.60.1.252:8080)

Rick van Twillert (TMC) September 30, 2018

That's one hell of a tip Andrew, thank you very much! This workaround works flawlessly. I was watching JRASERVER-44801 where everyone is bitching about the missing deactivate REST endpoint and it is even linked to the issue you mentioned, but never bothered to look further, like many others. I copied the workaround to this issue as well. Though I suggest Atlassian updates the description of this issue with this workaround as well.

Suggest an answer

Log in or Sign up to answer