Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Login into jira with JIRA REST API ( Cookie Based) PHP

William Ross
William Ross November 15, 2017

For our interm assesment we and another classmate have to build a jira extension to a website which allows customers to view everything related to their issues and allows them to create new/view them inside of their project.

We wanted to use cookie based authentication (oposite to re-verifieing the user upon every request)

however the auth request always returns Login failed, and we can't seem to find the cause.

We both have almost no experience in jira or with the api itself so we hoped someone could help us out.

 

We are sending the request via ajax to a different php file to handle the request like below.

 

index.php

<body> 
<form id="login-form" action="jira-oauth.php" method="post">
   <input type="text" id="username-input" name="username" placeholder="username" /><br />
   <input type="password" id="password" name="password" placeholder="password" /><br />
</form> 
<button id="login-button" >login oauth</button>
<button id="profile-button">retrieve profile</button>
script type="text/javascript"> 
   $("#login-button").click(function(){
      $.ajax({
         type: "POST",
         url: "jiracookie.php",
         data: $("#login-form").serialize(),
         success: function(data) {
            var win = window.open();
            win.document.write(data);
         }
      });
 });
 $("#profile-button").click(function(){
      $.ajax({
          type: "POST",
          url: "jiraprofile.php",
          data: $("#username-input").serialize(),
          success: function(data) {
             var win = window.open();
             win.document.write(data);
          }
      });
 });
 </script>
</body>

jiracookie.php 

<?php 
 $ch = curl_init('https://xxxxx.atlassian.net/rest/auth/1/session');
 $jsonData = array( 'username' => $_POST['username'], 'password' => $_POST['password'] );
 $jsonDataEncoded = json_encode($jsonData);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);

 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
 
 $result = curl_exec($ch);
 curl_close($ch);

 $sess_arr = json_decode($result, true);

 echo '<pre>';
 var_dump($ch);
 var_dump($sess_arr);
 echo'</pre>';

 if(isset($sess_arr['errorMessages'][0])) { 
 echo $sess_arr['errorMessages'][0];
 } else {
 setcookie($sess_arr['session']['name'], $sess_arr['session']['value'], time() + (86400 * 30), "/");
 echo "Login Success!";
 }?>

 

Answer
Watch
Like Be the first to like this
3962 views

2 answers

0 votes
dasithaabeysinghe
dasithaabeysinghe September 17, 2018

Hi @William Ross,

You can manage the cookie file as below for both GET and POST requests. Anyhow, you would have to secure the cookie and provide correct file permission to prevent the session hijacking.

POST request - API call - /rest/api/1/session

$apiCallURL = 'https://xxxxx.atlassian.net/rest/auth/1/session';
$jsonData = array('username' => $_POST['username'], 'password' => $_POST['password']);
$jsonDataEncoded = json_encode($jsonData); 

$cookieFile = "cookies.txt";
if(!file_exists($cookieFile)) {
 $fh = fopen($cookieFile, "w");
 fwrite($fh, "");
 fclose($fh);
}

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiCallURL);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile); // Cookie aware
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile); // Cookie aware
curl_setopt($ch, CURLOPT_VERBOSE, true);
if(!curl_exec($ch)){
 die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));
}
else{
 $response = curl_exec($ch); 
}
curl_close($ch);
$result = json_decode($response, true);

echo '<pre>';
var_dump($result);
echo'</pre>';


GET request - API call - /rest/api/1/team/list

 

$apiCallURL = 'https://xxxxx.atlassian.net/rest/auth/1/session';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiCallURL);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookieFile); // Cookie aware
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookieFile); // Cookie aware
curl_setopt($ch, CURLOPT_VERBOSE, true);
if(!curl_exec($ch)){
 die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));
}
else{
 $response = curl_exec($ch); 
}
curl_close($ch);
$result = json_decode($response, true);

echo '<pre>';
print_r($result);
echo'</pre>';


I hope this will solve your issue. Thanks :)

 

Best regards,

Dasitha.

Reply
0 votes
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 15, 2017

Hi Williams,

You forgot to mention if it is the call to create a session or the successive one that uses the cookie to authenticate that is failing.

The best way to troubleshoot this is to try to run the same calls using curl and see if you are able to correctly create a session and use the retrieved cookie to authenticate the successive calls:

1) Create the session and save the cookie in a file named cookie.txt

curl -D- -H "Content-Type: application/json" -c cookie.txt -d '{"username":"EMAIL ADDRESS HERE", "password":"PASSWORD HERE" }' -X POST https://HOSTNAME/rest/auth/1/session

 2) Use the cookie to authenticate a REST request:

curl -D- -H "Content-Type: application/json" -b cookie.txt -X GET https://HOSTNAME/rest/api/2/issuetypes

 

Depending on the outcome of above test you will know whether or not the problem is with your code or with something else.

Finally, in case the problem is with your code you may want to re-ask this question in the developers' community:

https://community.developer.atlassian.com/

 

I hope this helps.

 


Best Regards,
Dario

View More Comments
William Ross
William Ross November 15, 2017

Hello Dario,

 

We have tried your suggestion , but then we get a response back with the which is the same as when we try it in the code when we expect the JSESSIONID with the token.

We don't know the solution or the cause of this problem, could you help us?

the response is like this:

{"session" :{"name":"cloud.session.token=a bunch of random numbers"}}

 

Like
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 15, 2017

@William Ross,

That answer should mean that a session has been created and gives you the session token... There is no error here, and the data inside cookie.txt should be the one you need to authenticate the successive calls. 

Have you tied the second curl command in my previous answer? 

Is it working? Is it failing? 

I am still not sure what the problem is here and since it is not stated explicitly I can just try to guess and that's usually not the best way to proceed.

 

Also, you can find many examples on how to use cookie authentication on jira.atlassian.com:

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events