如何在 JavaScript 中通过 JIRA REST API 使用基本身份验证?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15006705/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to use Basic Authentication with JIRA REST API in JavaScript?
提问by user2096102
I'm creating a JavaScript app for a Smart TV to show dashboards on the tv. I get the list of dashboards with the JIRA REST API. The url I use for this is:
我正在为智能电视创建一个 JavaScript 应用程序,以在电视上显示仪表板。我使用 JIRA REST API 获取仪表板列表。我为此使用的网址是:
jira/rest/api/2/dashboard?startAt=&maxResults=
afterwards I create a wallboard as followed to show them on the tv:
之后我创建了一个墙板,如下所示在电视上显示它们:
jira/plugins/servlet/Wallboard/?dashboardId=&os_username=&os_password=
because of the os_usernameand os_password, JIRA knows i'm authenticated and gets the right list. this list is the one i need from the beginning but because i call the url above with the parameters os_usernameand os_passwordit does get the right list
由于os_usernameand os_password,JIRA 知道我已通过身份验证并获得正确的列表。这个列表是我从一开始就需要的列表,但是因为我用参数调用了上面的 urlos_username并且os_password它确实得到了正确的列表
but on start up of the tv/the first time i get the list of dashboards with JIRA there is no one authenticated so it takes a random list, not the one i need to get.
但是在电视启动时/我第一次使用 JIRA 获取仪表板列表时,没有人通过身份验证,因此它需要一个随机列表,而不是我需要获取的列表。
there is some way to authenticate in JIRA with the command below:
有一些方法可以使用以下命令在 JIRA 中进行身份验证:
curl -D- -u fred:fred -X GET -H "Content-Type: application/json" http://example.com/rest/api/2/issue/createmeta
but i don't know how to use that command in JavaScript.
但我不知道如何在 JavaScript 中使用该命令。
So can anyone tell me how i can authenticate in JIRA with basic authentication and very important IT HAS TO BE JAVASCRIPT.
那么谁能告诉我如何在 JIRA 中使用基本身份验证进行身份验证,非常重要的是它必须是 JAVASCRIPT。
回答by Borislav Sabev
You got this from here, I presume. Well on the same page it is explained how to "do it yourself". I will "translate" the steps that you need to do in order to manage to do the same request in JS.
我猜你是从这里得到的。好吧,在同一页面上,它解释了如何“自己动手”。我将“翻译”您需要执行的步骤,以便在 JS 中执行相同的请求。
- Request Method should be GET
- You should have 2 headers: Authorization Header and Content-Type Header. Your Content-type header should looks like: "Content-Type: application/json"
- 请求方法应该是GET
- 您应该有 2 个标题:Authorization Header 和 Content-Type Header。您的内容类型标头应如下所示: “内容类型:应用程序/json”
For the Authorization header:
对于授权标头:
- Build a string of the form username:password
- Base64encode the string (Use window.btoa()and window.atob()) - You actually DO NOT need the second one but I put it there for reference
- Supply an "Authorization" header with content "Basic " followed by the encoded string. For example, the string "fred:fred" encodes to "ZnJlZDpmcmVk" in base64, so your Authorization Header should look like": "Authorization: Basic ZnJlZDpmcmVk"
- 构建一个格式为username:password的字符串
- Base64编码字符串(使用window.btoa()和window.atob()) -你实际上不需要第二个,但我把它放在那里以供参考
- 提供内容为“Basic”的“Authorization”标头,后跟编码字符串。例如,字符串“fred:fred”在 base64 中编码为“ZnJlZDpmcmVk”,因此您的授权标头应如下所示: “Authorization: Basic ZnJlZDpmcmVk”
So in the end you need to make your GET request with the two Headers supplied and you should be Authorized. Also BEWARE Base64 is reverseableand NOT an encryption function. It is encoding. The request will go through HTTPS of course, but the Base64 encoded string could be reversed if SSL is broken.
因此,最后您需要使用提供的两个标头发出 GET 请求,并且您应该获得授权。另外请注意Base64 是可逆转的,而不是加密功能。它是编码。该请求当然会通过 HTTPS,但如果 SSL 被破坏,Base64 编码的字符串可能会被反转。
回答by david
In case you are having your own JIRA instance you should whitelist your site to enable CORS for your domain first:
如果您有自己的 JIRA 实例,您应该首先将您的站点列入白名单,以便为您的域启用 CORS:
If you are a JIRA Server customer, simply go to the "Whitelist" section of JIRA Administration and add the domains you wish to request resources from.
如果您是 JIRA 服务器客户,只需转到 JIRA 管理的“白名单”部分并添加您希望从中请求资源的域。
Otherwise your request would end in an error, as it violates the browsers same-origin policy (http://enable-cors.org/).
否则您的请求将以错误结束,因为它违反了浏览器的同源策略 ( http://enable-cors.org/)。
Important: If you are using JIRA on demand / cloud, you won't be able to successfully access the API with Basic Authentication using pure JavaScript / client-side code. This is due to security reasons, and unfortunately there seems to be no solution provided by the Atlassian team yet. One solution to solve that, could be setting up a proxy on your server, which forwards your JavaScript requests from the browser to the actual JIRA instance.
重要提示:如果您使用 JIRA on demand/cloud,您将无法使用纯 JavaScript/客户端代码通过基本身份验证成功访问 API。这是出于安全原因,不幸的是,Atlassian 团队似乎还没有提供解决方案。解决这个问题的一种解决方案是在您的服务器上设置一个代理,它将您的 JavaScript 请求从浏览器转发到实际的 JIRA 实例。
To avoid any possible problems due to bugs in your code, I highly suggest to try access to the JIRA API by using CURL as a first step:
为避免由于代码中的错误而导致任何可能的问题,我强烈建议您首先尝试使用 CURL 访问 JIRA API:
curl -D- -X GET -H "Authorization: Basic %BASE64-CREDENTIDALS%" -H "Content-Type: application/json" "https://webjets.atlassian.net/rest/api/2/issue/WJ-333"
Note that you have to replace %BASE64-CREDENTIDALS% with your actual Base64 encoded user/password pair. It is important to know, that this works only with the JIRA username, not with the JIRA users email address. This might be confusing, as normally you are also able to sign-in at JIRA using the email adress but won't work with the API.
请注意,您必须用实际的 Base64 编码用户/密码对替换 %BASE64-CREDENTIDALS%。重要的是要知道,这仅适用于 JIRA 用户名,不适用于 JIRA 用户的电子邮件地址。这可能会令人困惑,因为通常您也可以使用电子邮件地址登录 JIRA,但不能使用 API。
After having white-listed your domain you are ready to go - build a GETrequest with following details:
将您的域列入白名单后,您就可以开始了 -使用以下详细信息构建GET请求:
- Add a content type header:
Content-Type: application/json Add a basic authentication header by first Base64encoding username and password:
var authCode = window.btoa( user + ":" + password ); var authHeader = "Authorization: Basic " + authCode;Perform the request on an JIRA API endpoint URL, like:
- 添加内容类型标题:
Content-Type: application/json 通过第一个Base64编码用户名和密码添加基本身份验证标头:
var authCode = window.btoa( user + ":" + password ); var authHeader = "Authorization: Basic " + authCode;在 JIRA API 端点 URL 上执行请求,例如:
See StackOverflow question "How to use Basic Auth with jQuery and AJAX?" for approaches how to perform the request using jQuery.
有关如何使用 jQuery执行请求的方法,请参阅 StackOverflow 问题“ How to use Basic Auth with jQuery and AJAX?”。
Security notice: Be aware that the authorization code is not an encrypted value but an encoding. Take care where you store or provide it!
安全注意事项:请注意,授权码不是加密值,而是一种编码。请注意您存储或提供它的位置!
