-
-
Notifications
You must be signed in to change notification settings - Fork 877
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signature_method_rejected returned with 3.5.1 but not 3.5.0 #1677
Comments
I rolled back to 3.5.0 and the server no longer returned an error so the problem appears to be specific to 3.5.1 |
@merickso thank you for reporting. It seems to be related to #1643 provided by @traylenator |
See you added #1663 to make a configuration. Was tested against a random jira server - issues.puppetlabs.com but guess older ones have problems. |
@traylenator , could you confirm whether we would get an import error if we tried to import the legacy sha? I merged a PR regarding a config option, but I want to try and make the default behaviour more seamless for users, eg perhaps we can catch the |
Hi @adehad During package of python-jira an attempt is made to import all modules which is guarenteed to work only against packaged dependencies. Error with 3.5.0 is:
|
In case of confusion 3.5.0-2 is 3.5.0 + patch that was added to 3.5.1. Above error though is without that patch so pure 3.5.0. (will release a new EPEL9 package once this settles down.) |
Excellent, thanks for this. @traylenator and @merickso (and anyone else!) could I request you give |
I am experiencing the same problem, authenticating against an old Jira 7.11.0.
@adehad thanks, your patch does work for me, but only after I upgraded my The reason is that
and then by
Would you consider tweaking your patch to use the earlier |
Of course, no problem at all. I have updated the patch, if you have the chance to give it a try that would be great, I'll then include it in a patch release |
Thanks, I updated to the latest patch (gfc6ffd7) and it successfully falls back even with oauthlib-1.1.0. The code does now generate an error stacktrace on first auth attempt, which is ugly and alarming (leaves me thinking: did something silently fail??). What do you think about A diff against your patched code: --- /tmp/clean-client.py 2023-06-27 13:50:46.828564162 +1000
+++ ./venv/lib/python3.10/site-packages/jira/client.py 2023-06-27 14:10:34.468003736 +1000
@@ -3716,6 +3716,8 @@
_logging.exception(f"Failed to create OAuth session with {sha_type}")
if sha_type is FALLBACK_SHA:
raise # We have exhausted our options, bubble up exception
+ else:
+ _logging.warning(f"Trying fallback {FALLBACK_SHA}. Note: if fallback succeeds, consider adding 'signature_method': '{FALLBACK_SHA}' to oauth options to avoid the previous error.")
def _create_kerberos_session(
self, and in full: for sha_type in (oauth.get("signature_method"), DEFAULT_SHA, FALLBACK_SHA):
if sha_type is None:
continue
oauth_instance = OAuth1(
oauth["consumer_key"],
rsa_key=oauth["key_cert"],
signature_method=sha_type,
resource_owner_key=oauth["access_token"],
resource_owner_secret=oauth["access_token_secret"],
)
self._session.auth = oauth_instance
try:
self.myself()
return # successful response, return with happy session
except JIRAError:
_logging.exception(f"Failed to create OAuth session with {sha_type}")
if sha_type is FALLBACK_SHA:
raise # We have exhausted our options, bubble up exception
else:
_logging.warning(f"Trying fallback {FALLBACK_SHA}. Note: if fallback succeeds, consider adding 's
|
Thanks for this feedback, I want to avoid too much conditional logic so I've made the debug logs a bit chatty so someone can temporarily use a more verbose log level to pick up what signature_method succeeded and then go from there. I also aimed to address the issue about a silent failure by highlighting in the log that we are retrying. |
Works nicely, thanks. |
Bug summary
I just upgraded to 3.5.1 and am now seeing a 400 response with signature_method_rejected in the body. I can see the following change was added to this latest result.
#1643
Does this have dependencies on the server configuration?
Is there an existing issue for this?
Jira Instance type
Jira Server or Data Center (Self-hosted)
Jira instance version
8.20.10
jira-python version
3.5.1
Python Interpreter version
3.8.13
Which operating systems have you used?
Reproduction steps
Stack trace
Expected behaviour
response 200
Additional Context
No response
The text was updated successfully, but these errors were encountered: