Following the documentation, to authenticate a JIRA message we need to check if the query was not tempered by creating a hash of it and comparing it with the one in JWT Token.
Unfortunately I'm unable to create said hash, even after following the instructions.
My addon-descriptor has the following structure:
{
"name": "JiraMantisInSync",
"description": "JiraMantisInSync",
"key": "xx.xxxxxxx.jira",
"baseUrl": "http://localhost/mantisbt-1.2.19/",
"vendor": {
"name": "xxxx",
"url": "-xxx"
},
"authentication": {
"type": "jwt"
},
"lifecycle": {
"installed": "plugin.php?page=JiraMantisInSync/install",
"uninstalled": "plugin.php?page=JiraMantisInSync/uninstall",
"enabled": "plugin.php?page=JiraMantisInSync/enable"
},
"apiVersion": 1
}
If I understood correctly the hash of the query when we're uninstalling the addon should be:
$method = 'POST';
$url = '/plugin.php';
//$_SERVER['QUERY_STRING'] = "page=JiraMantisInSync/uninstall?user_key=admin"
$query = 'page=JiraMantisInSync%2Funinstall&user_key=admin';
$queryString = $method . '&' . $url . '&' . $query
$qsh = hash('sha256', $queryString );
But so far neither this or other alternatives have been giving the expected value.
Any suggestions on what am I missing?
EDIT:
The expected hash is:
cb83abdcc4200b537fbce4ea7552f70884484c87ab9d2568a87cf90a63578675
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.