I am trying to do basic authentication with the help of Python-jira and written the following code
from jira import JIRA
SERVER="https://jira.company.com"
user = user#company.com
apikey='api_token'
class create_issue:
def check_authentication(self):
print("inside the check authentication method#######")
jira = JIRA(options, basic_auth=(user, apikey)) # username is email-ID and apikey is the JIRA api-token
ci= create_issue()
ci.check_authentication()
I am getting following error
WARNING:root:Got recoverable error from GET https://jira.company.com/rest/api/2/serverInfo, will retry [1/3] in 13.772170596345521s. Err: 401
Earlier tried with deprecated username and password, later changed to api_key instead of password. But still getting the issue. Can anybody help on this. When I use the same authentication using the website it is working.
Thanks,
Punith
Their documentation indicates that you should be using a username and password when using basic auth, not an apikey.
https://developer.atlassian.com/server/jira/platform/basic-authentication/
Stick to something simple to make sure it works, before introducing classes.
from jira import JIRA
SERVER="https://jira.company.com"
user = "username"
password = "password"
jira = JIRA(SERVER, basic_auth=(user, password))
Related
I'm working on authorizing a new Twitter standalone app.
For this, I'm using python script from Github:
from birdy.twitter import UserClient
key = "..."
secret = "..."
client = UserClient(key, secret)
token = client.get_signin_token()
access_key = token.oauth_token
access_secret = token.oauth_token_secret
print(token.auth_url)
pin = input("PIN: ")
client = UserClient(key, secret, access_key, access_secret)
client.get_access_token(pin)
print(token)
So this get me a authorization URL, and if I paste the URL to the browser I got stuck at 'Redirecting you back to the application. This may take a few moments.' forever.
Thinking it could be a problem of call-back URL, I tried every solution on this stackoverflow Page. such as localhost, localhost.me, 127.0.0.1, 127.0.0.1:xxxx(where xxx is port number), tlocalhost.com and so on. But none of them have worked. Those call back even failed at taking me to this page: 'Redirecting you back to the application. This may take a few moments.'
As far as now only www.twittersdk:// found on Github took me that page.
Also tried to apply solution from here, but It couldn't help
I can't figure out what I am doing wrong, and how to fix it.
Please can anyone help me with this?
Many Thanks
Just started to play around yubikey, my question is based on the following assumptions:
Passwordless doesn't need to know the username based on the following demo
Based on this doc the allowedCredentials can be omitted
I registered the yubikey by using the django package django-fido
I am having problem using navigator.credentials.get(publicKey) to get the credential from yubikey, the publicKey parameter I am passing in as below:
{challenge: Uint8Array(32), rpId: 'localhost'}
It says the yubikey is not registered with this website, but I am pretty sure I did because if I don't use the passwordless approach, by specifying the allowedCredentials, I can find the key:
{challenge: Uint8Array(32), rpId: 'localhost', allowCredentials: Array(1)}
OK, digging into the django-fido package views.py found that I need to specify resident_key=True to store the credential on the key
def create_fido2_request(self) -> Tuple[Dict, Dict]:
"""Create and return FIDO 2 registration request.
#raise ValueError: If request can't be created.
"""
user = self.get_user()
assert user.is_authenticated, "User must not be anonymous for FIDO 2 requests."
credentials = self.get_credentials(user)
return self.server.register_begin(self.get_user_data(user), credentials, user_verification=self.user_verification, resident_key=True)
Below is python test code to login jira using username and password and it works fine.
from jira import JIRA
jira = JIRA('http://xxx')
jira = JIRA(basic_auth=('username','password'),options={'server': 'http://xxx'})
issue = jira.issue('XXXX-762')
print "For task", issue,", summary is-", issue.fields.summary
Now I require to log in jira without using password.
can anyone help?
Aim of this is to hide the password in general script and also make the script independent of jira password expiry.
Jira version used: JIRA v7.5.2
Thank you.
If I understand correctly, you're wanting to obfuscate the password inside of the script? If so, this is not really a JIRA/python problem. The easiest is to base64 encode the password beforehand and then just use:
jira = JIRA(basic_auth=('username',base64.b64decode("<encrypted_password")),options={'server': 'http://xxx'})
This, of course, doesn't fully protect you but at least makes it much less obvious.
You can work with your Jira administrator to set up OAuth for authentication for your script instead of basic auth, which would eliminate the need for a password. It requires considerable setup to get it working, but would ultimately serve your needs.
Here is an overview from Atlassian on how the overall process works: https://developer.atlassian.com/cloud/jira/platform/jira-rest-api-oauth-authentication/
Here is a link to the Atlassian repository for examples on setting up OAuth including an example in Python: https://bitbucket.org/atlassian_tutorial/atlassian-oauth-examples/overview
I just set the password in an environment variable and have the script read it.
from jira import JIRA
jira_user = os.environ.get("JIRA_USERNAME", None)
jira_password = os.environ.get("JIRA_PASSWORD", None)
jira_server = {'server': "https://jiraserver.url"}
jira = JIRA(options=jira_server, basic_auth=(jira_user, jira_password))
I'm currently setting up a gitlab server using a LDAP backend.
When I try to login as a user present in the LDAP db, I get the following error:
"Could not authorize you from LDAP because: "Undefined method 'persisted?' for #"
Peeking into the source code (specifically app/controllers/omniauth_callbacks_controller.rb) the villain seems to be:
#user = Gitlab::LDAP::User.find_or_create(oauth)
#user.remember_me = true if #user.persisted?
It is totally correct for him to fail here because there is no method persisted? (neither in lib/gitlab/ldap/user.rb nor lib/gitlab/oauth/user.rb). Changing the second line to
#user.remember_me = false #true if #user.persisted?
doesn't work either since remember_me is an invalid function for ruby.
I really have no clue about ruby, let alone Ruby On Rails, so I stopped digging here.
Since I certainly am not the first person to try using LDAP auth in gitlab I consider this an error on my side. Since authentication seems to work (if I enter a false password for the user gitlab happily tells me so), I don't have any idea where to start looking.
I appreciate any help from you guys,
Best Richard
Edit: My gitlab.yml is here.
Solved the problem myself. The database lookup yielded a nil object due to the user creation failing (whenever a ldap user logs in, gitlab uses the ldap data to fill its own database).
During creation of the user database entry the query got an invalid email entry resulting in a failed insert query. Unfortunately this was very hard to debug.
In case anyone should have this problem, try changing the following code in lib/gitlab/oauth/user.rb:
begin
user.save!
rescue ActiveRecord::RecordInvalid => e
raise_error ("(OAuth) Error #{e.to_s}") # <-- add this line
log.info "(OAuth) Email #{e.record.errors[:email]}. Username #{e.record.errors[:username]}"
return nil, e.record.errors
end
This will - in case gitlab is not able to add your user - print the error message the database backend returned as the usual red error banner when trying to log in. Keep in mind to remove this line when you no longer need it.
I can suggest a patch (tested on Gitlab 7.1.0). This code sets the gitlab_rails['ldap_uid'] as username when a ldap user is connecting for the first time :
in /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/oauth/user.rb (see INCLUDE START and STOP) :
user = model.build_user(opts)
user.skip_confirmation!
# Services like twitter and github does not return email via oauth
# In this case we generate temporary email and force user to fill it later
if user.email.blank?
user.generate_tmp_oauth_email
elsif provider != "ldap"
# Google oauth returns email but dont return nickname
# So we use part of email as username for new user
# For LDAP, username is already set to the user's
# uid/userid/sAMAccountName.
email_username = email.match(/^[^#]*/)[0]
# Strip apostrophes since they are disallowed as part of username
user.username = email_username.gsub("'", "")
else
# INCLUDE START
# if LDAP config "ldap_uid" is set : we pick this attribute to set the username :
if ldap_conf['uid'].present?
user.username = auth.extra.raw_info.send(ldap_conf['uid'])[0]
end
# INCLUDE STOP
end
begin
user.save!
In my case the problem was importing (copying file) fro old gitlab repositories to new one.
Gitlab wasn't able to create clean folder for the new user.
Solution:
remove imported repositories
create new, empty repository by first login with LDAP credentials
read your PRIVATE-TOKEN
start gitlab server on your repository ie. 'git daemon --verbose --export-all'
import data from old gitlab using API:
curl -X POST --header "PRIVATE-TOKEN: xxxxxffxxxyyxxxxzzz" http://testserver07.lq/api/v3/projects"?name=project01&import_url=git://localhost/var/opt/gitlab/git-data/repositories-old/repos/project01.git"
First, check if your email address in Gitlab DB is correct:
# login to Gitlab DB (MySql)
mysql -u gitlab gitlabhq_production -p
# check user email address
select email from users where username like 'foo';
Then remove stored LDAP objects from Gitlab DB for the user:
# clear ldap data
update users set extern_uid = '' where username = 'foo';
On next login Gitlab write a new extern_uid.
I'm trying to access the files on a SharePoint-server(WOSS, 12.0.0.6421) through the WebServices but I can't sign in.
ListsService.Lists lists = new Lists();
lists.Credentials = new NetworkCredential("myusername", "mypassword", "mydomain");
lists.Url = "http://sharepointhost/_vti_bin/Lists.asmx";
XmlNode node = lists.GetListCollection();
return node.OuterXml;
But i get 401: unauthorized on GetListCollection, but the same username and password works perfectly when i access the sharepoint through a browser.
I checked the FAQ and found this: http://support.microsoft.com/default.aspx/kb/896861. But I'm not developing on the servering, I'm developing on another computer.
I found another thread which showed(http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment/thread/e115f790-fe8a-45e9-982b-21833ea01c7f) but when i use that solution I get "The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'." which to me just seems even more confusing.
Try follwoing the steps mentioned in the link and this should solve your problem.
http://www.pentalogic.net/sharepoint-reminder/manual.aspx?Page=reminderservice%2fwssv3.htm
Tried and Tested - It worked for me.
HTH