Skip to content

Add an additional test for client credentials to Jira Integration

Ben King requested to merge benjaminking-jira-improvements into master

What does this MR do and why?

This MR is designed to address #364873.

As noted in this comment, the test function is only checking against server_info, which performs an API call to the Server info endpoint. Atlassian's documentation notes that: "This operation can be accessed anonymously.". Because of this, when a user performs a Test of their connection settings, they are misled to believe that the URL, email, and API/password are correct, when only the URL is checked.

This MR uses the /rest/api/2/myself API endpoint, which will always require authorization against the destination Atlassian server. The test now checks for both server_info and client_info, to validate that:

  • The URL is reachable and returns server information. As long as the Atlassian API is reachable on the endpoint, this will always be successful.
  • The client details are successful and return a positive result. If the credentials aren't correct, this fails.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Invalid Token Valid Token
bad-pass good-pass

Currently, with how errors are presented, this returns the error message as:

Connection failed. Check your integration settings. unexpected token at 'Client must be authenticated to access this resource.'

TO-DO:

  • Consider if we can 'clean up' the error message to catch and report that the failure is due to not being authenticated without the unexpected token bit.
  • Add appropriate tests for this new functionality

How to set up and validate locally

You will need access to an active Jira Cloud instance, and have a valid Atlassian API token.

  1. Navigate to a project and go to integration settings.
  2. In Jira, add the Atlassian URL, Email or username, and API token or password.
  3. Test the following scenarios:
  • When using a valid username and API/password, pressing 'Test settings' will report as successful.
  • When using an invalid username and or API/password, pressing 'Test settings' will report that the connection failed.
Edited by Ben King

Merge request reports