Excel links to JIRA issues forcing re-authentication - excel

Situation
Attempting to launch a JIRA issue hyperlink from Excel 2013 drives the user to a login page for JIRA which is unexpected as the user has an active login session.
Example link format --> https://<subdomain>.atlassian.net/browse/<proj-#>
Even if the user logs in the first time, checks the box for "Keep me logged in" the user still must repeat this the next time a JIRA link from Excel is selected.
The URL appends the parameter &permission-violation=true
Attempts to Debug
Copy the link to clipboard and paste directly in browser URL bar. This method does not generate the permission violation. User can go directly to issue without logging in again.
Attempt the link in a different Office 2013 application. Using the same link from a MS Outlook 2013 email does not generate the permission violation.
Browse the JIRA administration page for solutions. Could not find any such option to configure.
Tested with both Firefox and Chrome set as the default browser. Issue persists for each.
Any suggestions to fix this? The behavior is very frustrating to our end users.

The Problem
According to StackOverflow user myroslav, certain versions of Excel are first attempting to fetch the webpage using a Microsoft DLL that does not know about your browser's cookies (i.e. your login session). Here's an excerpt of his answer:
If session cookie protects website Hlink naturally is being redirected
to login page and having reached HTML page and not able to
"understand" it opens it in external browser. Note that it opens not
original URL (expected behavior) but the result of redirect, even if
it was 302 redirect.
His full answer can be read here.
The Solution
At this time, Microsoft has recommended that companies with single sign-on sites like Atlassian's should address the issue on their end. Such a fix is low on Atlassian's priority list. In the meantime, we are left to either accept Microsoft's solution - modify the registry as myroslav instructs and accept a loss of Excel functionality - or modify our URL to something that doesn't require single sign-on user validation.
The Workaround
I'm using Excel 2016 and Chrome. Taliesin's workaround, elsewhere on this page, did not work for me, but might work for some. Here's a next-best-thing workaround that did work:
HYPERLINK("https://<subdomain>.atlassian.net/issues/?jql=id%20in%20("&<cell>&")", "link")
Replace <subdomain> with your Atlassian subdomain, and <cell> with the cell containing your JIRA issue key.
This URL variant opens a search query for issues matching the given key. It doesn't take you directly to the issue, but it at least offers a convenient link to get where you want to go, which is at least better than entering your credentials on the login page again.

Try restarting the browser and login to JIRA by selecting keep me signed in

It seems to resolve the issue: https://www.redmine.org/boards/1/topics/14287?r=40540
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\"YOUR OFFICE VERSION"\Common\Internet]
"ForceShellExecute"=dword:00000001

Workaround
Ok. So I have discovered a workaround. Note this will correct the issue in an indirect way by leveraging JIRA's own link correction behavior. Essentially, you can bypass the security issue by providing JIRA with an incorrectly structured URL. JIRA will then fix the URL and redirect you to the correct page.
Here is the structure https://<subdomain>.atlassian.net/browse/<proj-#> + /
Note the last forward slash. This does not belong in the URL construction but when used will establish the redirect and thereby bypass the security violation.
If you already have your hyperlinks in a JIRA file you can easily update those in batch by using this simple VBA code subroutine.
Sub AppendJiraLinks()
Dim c As Range
Dim i As Integer
For Each c In Selection.Cells
If c.Hyperlinks.Count >= 1 Then
For i = 1 To c.Hyperlinks.Count
c.Hyperlinks(i).Address = c.Hyperlinks(i).Address & "/"
Next i
End If
Next c
End Sub
Note this code could be enhanced but works fine for my purposes.

Related

SeleniumBasic and Controlling Existing Edge Browser

For the past few months, I have been using SeleniumBasic with Excel and Microsoft Edge and have created some pretty useful macros for our company.
The problem I can’t seem to solve is being able to control an existing Edge/Chrome browser window that’s already open thru Excel/VisualBasic.
I have done quite a bit of searching and have found a few existing discussions regarding this subject. From what I have read and gathered, what I am trying to do is impossible with SeleniumBasic. However, there is no explanation as to why this is.
Is this just a limitation of SeleniumBasic? I understand it is fairly outdated and hasn’t been updated in a while. I know there’s code in python and java that allows you to extract existing session id through Selenium, and controlling an already open browser instance can be achieved.
I guess ultimately what I’m trying to figure out is if there is any way at all to incorporate into an excel macro coding that would allow control of an existing browser session (Chrome/Edge). Are there alternatives to SeleniumBasic that would allow me to achieve this?
Presently, my macro opens a new instance of Edge, goes to a specific website for our company (which requires login and 2FA), then once logged in, takes the data in the excel sheet and inputs the data into the site. The big annoyance here is the logging in/2FA part. Every time the macro is run, have to redo 2FA and takes up a bunch of time. Ideally would love to login just once, do the 2FA and proceed with the macro.
Anyone have any ideas/suggestions? Am I just SOL? 😅
You can't control an existing browser through SeleniumBasic.
From your description, I think you can open the browser with a specific profile as a workaround. For example, you can remember the login information in a profile, every time you open the website using that profile, it will login automatically.
To open browser with specific profile, you can refer to the following code (I test it only works with Chrome):
Public Sub Test()
Dim driver As New Selenium.ChromeDriver
'If you use the Default profile, you only need to set user-data-dir. Change the UserName to your owns
driver.AddArgument ("--user-data-dir=C:\Users\UserName\AppData\Local\Google\Chrome\User Data")
'If you use other profile, you need to set profile-directory with profile folder name
'driver.AddArgument ("profile-directory=Profile 1")
driver.Get "https://www.google.com"
driver.Wait 3000
driver.Quit
End Sub

Gmail - Link to Draft in non-conversation view

I am importing/creating drafts in Gmail using the Gmail API. After creation I'd like to redirect the user to the Gmail UI with the opened Draft in the composer window.
I made it work properly for https://mail.google.com/mail/#drafts?compose=[MESSAGE ID]. Other urls I found here also worked well. Gmail is doing some redirects and eventually the composer window is opened with the draft.
Now my issue:
If the user has not enabled "Conversation view" this will not work at all. The redirect will then result in https://mail.google.com/mail/u/0/#drafts?compose=new and only an empty, new composer window is shown and a new draft is created by the UI.
If I open the draft directly the ID-format is different. https://mail.google.com/mail/u/0/#drafts?compose=hJzgZpSqgLQcCWgZqnlNRzRBfMbjZVnZklzvcFxhQCdwT... and I have no idea if this format can be generated somehow.
Does anybody has an idea or experience to also make it work with this UI setting. How I can force Gmail to load the draft into the composer window?
Thanks in advance.
If you have Email Threading > Conversation View enabled
Make use of the following URL
https://mail.google.com/mail/u/0/#inbox?compose=DRAFT_MESSAGE_ID
If you have disabled the Email Threading > Conversation View option
Make use of the following URL
https://mail.google.com/mail/u/0/#inbox/DRAFT_MESSAGE_ID
Additional information
The main difference between them is that the first is treated as a conversation while the second example is not.
You can use #drafts instead of #inbox in the URL.
The number after .../mail/u/ is the session you have opened
You can retrieve the DRAFT_MESSAGE_ID by making a request to the API
You can approximately generate the compose ID by yourself, there are some examples out there (not recommended). I strongly recommend you to use the DRAFT_MESSAGE_ID instead.
This appears to still be an issue the one solution I did find was that you can find your draft directly (even though it would be the last draft) and go through multiple accounts by redirecting to
https://accounts.google.com/AccountChooser?authuser={user account}&Email={email account}&continue=https://mail.google.com/mail/#search/rfc822msgid:CAMU-31NcJCVHyGNsAycRKfuS0nMonoaZ6wFMD90Sej996qjuPQ#mail.gmail.com
You need to get your message id toi replace the area from <> from your draft. So you'll have to create the draft first. Get the google message ID, then use that with messages/get to get the Global Message Id (also referred to as message id) and then use that with a search. At this point you'll open a page with a search to a single draft but it will not be opened. Your users will have to click on the one message. Unfortunately there does not seem to be a way to have the good way work for conversation view, and this way work for non.
I tried many different URLS and nothing worked. As noted in the original question, it might work that you could link to the full URL but I see no way to get that. If you spend long enough working with an email you'll even find that ID changes so they aren't even stable within a single day.
Another solution that could work is as explained:
https://mail.google.com/mail/u/0/#inbox/DRAFT_MESSAGE_ID
But as noted this does not open the draft on the first time you go there. It seems you have to travel to that link 2 times in a row to get the message to appear. I guess you could go to the page maybe inject some javascript to go to the page again but I don't know how to do that.

Excel Hyperlink adding redirectURL

I'm creating a hyperlink in excel
=HYPERLINK("https://www.redacted.com/index.html?Display=GroupMeetings/index","link")
When I click on this link it changes the Url to
https://www.redacted.com/index.html?redirectURL=Display%3DGroupMeetings%2Findex
if I change the URL to have ?Displayy= with two y's it does not add the redirectURL attribute. I cannot find any documentation about why this is added. Anyone know why?
The end goal is to deep launch users to specific pages within the application via a hyperlink in excel.
Do the users need to be authenticated to view the pages you are sending them to?
If so the cause may be this (taken from this answer on super user https://superuser.com/a/445431/154198):
Clicking a URL in Excel seems to open it in your default browser. But that's not really true. Before opening it in your browser, Excel first runs Microsoft Office Protocol Discovery. This uses a Windows/Internet Explorer component to determine if the URL works. (It does not identify itself as Internet Explorer, but as "User Agent: Microsoft Office Existence Discovery".) And if the results are (somehow) okay then it will open the result of that check in your default browser.
Microsoft have issued a fix for this KB218153 - which can be found here:https://support.microsoft.com/en-gb/help/218153/error-message-when-clicking-hyperlink-in-office-cannot-locate-the-inte
This may not be your specific problem, but it is at least worth knowing about.

How to logout of an HTTP authentication (htaccess) that works in Google Chrome?

I got a solution for Firefox and IE but I didn't find any solution for Google Chrome.
Is there a way to do it in Google Chrome?
I know it's a really old post... I mean like friggin 5 years now, but I just found a somewhat good solution.
Inside your protected folder, create another folder, let's call it "logout". Place the same .htaccess file in here as you have in your protected folder, except with a small modification.
instead of:
Require valid-user
now write:
Require user EXIT
And make sure, you don't have a user named exit! :D
In your protected area, your logout link or button or whatever, should redirect the user to this address: example.com/protectedFolder/logout
The browsers usually are able to keep only one user logged in from one site name or realm name... the sign in attempt for the user Exit will overwrite everything, thus the originally logged in user, would have to log in again to the protected area.
But as always, I might be wrong, and you should still close all your browser window, and restart the computer if you want to be sure! :)
Also, it wouldn't hurt, if you would tell your users what is going to happen, when they hit logout!
I have tested this in chrome and in internet explorer 11.(will not work in edge, and maybe others neither)
The solution was found here:
https://www.mavensecurity.com/media/BasicAuthLogOut.pdf
You can't logout a HTTP authenticated session other then closing the browser window. Also see the accepted answer on this question for an extensive explanation.
try redirect to:
wrong_user:wrong_password#yourdomain.com
I have put together the following article which explains how I have managed to achieve this in Chrome. I hope this helps. https://www.hattonwebsolutions.co.uk/articles/how_to_logout_of_http_sessions
In short - you create a sub folder (as per Gyula's answer) but then send an ajax request to the page (which fails) and then trigger a timeout redirect to the logged out page. This avoids having a secondary popup in the logout folder requesting another username (which would confuse users). My article uses Jquery but it should be possible to avoid this.

Site with Windows authentication - sometimes gives password prompt

I have a local site (IIS6, although similar issue with a totally different site using IIS5.1) which uses integrated windows authentication, from what I can tell - using IE7 if a user enters the URL into the address bar, everything works OK and the user is logged in automatically. However, if the user clicks on a hyperlink within an e-mail (using Outlook), the site opens but the user gets a login prompt - when details are entered everything then works fine.
Can anyone explain why this is the case? I should say it's actually very temperamental, sometimes the above occurs, sometimes it doesn't... any help is appreciated.
cheers!
Are the urls of the two cases identical? If there is a . in the url, IE will not attempt to pass the user credentials to the site, and will therefore not automatically log you in.
Example: http://mysite/page.aspx is different from http://mysite.domain.local/page.aspx, even though they might point to the same server.
If Outlook is launching using the domain.local, you will get the behaviour you describe.

Resources