Reputation: 3615
Jira API getting attachment
I've written some code that displays a list of attachments. The problem is, though, that I want the user to be able to view the attachment without being logged in. Is there a way to authenticate for the user? Here is my code:
//to get cases. this returns a list of attachments, with the url in Jira
$attachments = $jira_case->issues[0]->fields->attachment;
//iterates over the lists and creates links
foreach ($attachments as $i=> $attachment) {
$html .="
<tr>
<td style='padding-left: 10px; width:0px; padding-top: 20px;' colspan='3'>
". ($i+1) .") <a target = '_blank' href ='". $attachment->content ."'>". nl2br($attachment->filename) ."</a>
</td>
</tr>";
}
The problem is that when the user clicks the link, if they are not logged in, they will be requested to log in. I don't want this, as it is my app the authenticates so that the user does not need a jira account. Is this possible? Maybe by passing some sort of token?
Upvotes: 0
Views: 2087
Answers (3)
Reputation: 336
//Import
use Unirest\Request as UnirestRequest;
//Laravel Code //Controller
$url = "https://your-domain.atlassian.net/rest/api/3/attachment/content/{id}";
$headers = array('Accept' => 'application/json');
UnirestRequest::auth(env('JIRA_PROJECT_USER'), env('JIRA_PROJECT_KEY'));
$response = UnirestRequest::get($url, $headers);
return $response->body;
Upvotes: 0
Reputation: 3615
In case anyone else wonders how to do this:
$url = "https://mySite.atlassian.net/secure/attachment/". $attachment_id ."/". $attachment_name ."?os_username=". $this->jira_user_name ."&os_password=" . $this->jira_password;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$file = curl_exec($ch);
curl_close($ch);
if($file){
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.$attachment_name);
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
echo ($file);
exit;
}else{
throw new Exception("Error: file now found.");
}
Upvotes: 1
Reputation: 1757
Well from JIRA point of view the request that comes from a user browser does not contain any authentication header. JIRA uses the same set of permissions for attachments as for issues, so whenever user is able to view particular JIRA issue he is also able to see (and download) the attachments. So unless you make your project{s} and issue{s} accessible for anonymous user, someone with appropriate permissions have to authenticate. If you would like that users are able to download attachments only through your application, as your application user then you need to proxy it somehow through your application. Instead of rendering on page links pointing directly to JIRA you need to generate links pointing to your server, then your server should contact JIRA for the attachment and authenticate himself as your application user (with permissions to view the issue which contains attachments) and transfer a response from JIRA to the end user.
Upvotes: 2
Related Questions
- How to download attachments from JIRA v6.3.15 in java
- How retrieve a list of attachments JIRA rest api via java?
- Add Attachment to Jira via REST API
- How to get the attachment ID in JIRA
- Adding attachment to Jira via API
- Jira attach file to issue with PHP and CURL
- Adding attachment to Jira's api
- File attachment with Jira REST API returns empty array
- JIRA REST API Upload Attachment
- List of attachments - JIRA REST API