Following the documentation, to authenticate a JIRA message we need to check if the query was not tempered by creating a hash of it and comparing it with the one in JWT Token.
Unfortunately I'm unable to create said hash, even after following the instructions.
My addon-descriptor has the following structure:
{ "name": "JiraMantisInSync", "description": "JiraMantisInSync", "key": "xx.xxxxxxx.jira", "baseUrl": "http://localhost/mantisbt-1.2.19/", "vendor": { "name": "xxxx", "url": "-xxx" }, "authentication": { "type": "jwt" }, "lifecycle": { "installed": "plugin.php?page=JiraMantisInSync/install", "uninstalled": "plugin.php?page=JiraMantisInSync/uninstall", "enabled": "plugin.php?page=JiraMantisInSync/enable" }, "apiVersion": 1 }
If I understood correctly the hash of the query when we're uninstalling the addon should be:
$method = 'POST'; $url = '/plugin.php'; //$_SERVER['QUERY_STRING'] = "page=JiraMantisInSync/uninstall?user_key=admin" $query = 'page=JiraMantisInSync%2Funinstall&user_key=admin'; $queryString = $method . '&' . $url . '&' . $query $qsh = hash('sha256', $queryString );
But so far neither this or other alternatives have been giving the expected value.
Any suggestions on what am I missing?
EDIT:
The expected hash is:
cb83abdcc4200b537fbce4ea7552f70884484c87ab9d2568a87cf90a63578675
Community moderators have prevented the ability to post new answers.
Do not you need to "percent encode" _ from user_key?
Not that I'm aware of, Wikipedia does not classifies it has reserved character and JIRA's documentation does not considers it a special case. (Tested either way still didn't work)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.