fixed lesstif#394 support personal access token based auth

Author: lesstif

.env.example

@@ -6,3 +6,7 @@ JIRA_LOG_FILE="jira-rest-client.log"
 JIRA_LOG_LEVEL="WARNING"
 
 JIRA_REST_API_V3=false
+
+## if TOKEN_BASED_AUTH set to true, ignore JIRA_USER and JIRA_PASS.
+TOKEN_BASED_AUTH=true
+PERSONAL_ACCESS_TOKEN="your-access-token-here"

.gitignore

@@ -35,3 +35,5 @@ public/
 storage/
 
 .phpunit.result.cache
+.env*
+.php_cs.cache

README.md

@@ -65,6 +65,9 @@ copy .env.example file to .env on your project root.
 JIRA_HOST="https://your-jira.host.com"
 JIRA_USER="jira-username"
 JIRA_PASS="jira-password-OR-api-token"
+# if TOKEN_BASED_AUTH set to true, ignore JIRA_USER and JIRA_PASS.
+TOKEN_BASED_AUTH=true
+PERSONAL_ACCESS_TOKEN="your-access-token-here"
 # to enable session cookie authorization
 # COOKIE_AUTH_ENABLED=true
 # COOKIE_FILE=storage/jira-cookie.txt

src/Configuration/AbstractConfiguration.php

@@ -148,6 +148,12 @@ abstract class AbstractConfiguration implements ConfigurationInterface
     /** @var int */
     protected $timeout;
 
+    /** @var boolean */
+    protected $useTokenBasedAuth;
+
+    /** @var string */
+    protected $personalAccessToken;
+
     /**
      * @return string
      */
@@ -345,4 +351,20 @@ public function getTimeout()
     {
         return $this->timeout;
     }
+
+    /**
+     * @return bool
+     */
+    public function isTokenBasedAuth()
+    {
+        return $this->useTokenBasedAuth;
+    }
+
+    /**
+     * @return string
+     */
+    public function getPeronalAccessToken()
+    {
+        return $this->personalAccessToken;
+    }
 }

src/Configuration/ArrayConfiguration.php

@@ -34,6 +34,9 @@ public function __construct(array $configuration)
 
         $this->useV3RestApi = false;
 
+        $this->useTokenBasedAuth = false;
+        $this->personalAccessToken = '';
+
         foreach ($configuration as $key => $value) {
             if (property_exists($this, $key)) {
                 $this->$key = $value;

src/Configuration/ConfigurationInterface.php

@@ -165,4 +165,20 @@ public function getUseV3RestApi();
      * @return int
      */
     public function getTimeout();
+
+    /**
+     * check whether token based auth.
+     *
+     * @see https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html
+     *
+     * @return bool
+     */
+    public function isTokenBasedAuth();
+
+    /**
+     * Personal Access Token
+     *
+     * @return string
+     */
+    public function getPeronalAccessToken();
 }

src/Configuration/DotEnvConfiguration.php

@@ -43,6 +43,9 @@ public function __construct($path = '.')
         $this->useV3RestApi = $this->env('JIRA_REST_API_V3', false);
 
         $this->timeout = $this->env('JIRA_TIMEOUT', 30);
+
+        $this->useTokenBasedAuth = $this->env('TOKEN_BASED_AUTH', false);
+        $this->personalAccessToken = $this->env('PERSONAL_ACCESS_TOKEN', false);
     }
 
     /**
@@ -134,7 +137,7 @@ public function endsWith($haystack, $needles)
     private function loadDotEnv(string $path)
     {
         $requireParam = [
-            'JIRA_HOST', 'JIRA_USER', 'JIRA_PASS',
+            'JIRA_HOST', 'TOKEN_BASED_AUTH',
         ];
 
         // support for dotenv 1.x and 2.x. see also https://github.com/lesstif/php-jira-rest-client/issues/102

src/JiraClient.php

@@ -235,7 +235,14 @@ public function exec($context, $post_data = null, $custom_request = null, $cooki
             }
         }
 
-        $this->authorization($ch, $cookieFile);
+        // save HTTP Headers
+        $curl_http_headers = [
+            'Accept: */*',
+            'Content-Type: application/json',
+            'X-Atlassian-Token: no-check'
+        ];
+
+        $this->authorization($ch, $curl_http_headers, $cookieFile);
 
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->getConfiguration()->isCurlOptSslVerifyHost());
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->getConfiguration()->isCurlOptSslVerifyPeer());
@@ -263,10 +270,11 @@ public function exec($context, $post_data = null, $custom_request = null, $cooki
         }
 
         curl_setopt($ch, CURLOPT_ENCODING, '');
+
         curl_setopt(
             $ch,
             CURLOPT_HTTPHEADER,
-            ['Accept: */*', 'Content-Type: application/json', 'X-Atlassian-Token: no-check']
+            $curl_http_headers
         );
 
         curl_setopt($ch, CURLOPT_VERBOSE, $this->getConfiguration()->isCurlOptVerbose());
@@ -316,11 +324,18 @@ public function exec($context, $post_data = null, $custom_request = null, $cooki
      *
      * @param string $url         Request URL
      * @param string $upload_file Filename
+     * @param resource $ch CUrl handler
      *
      * @return resource
      */
     private function createUploadHandle($url, $upload_file, $ch)
     {
+        $curl_http_headers = [
+            'Accept: */*',
+            'Content-Type: multipart/form-data',
+            'X-Atlassian-Token: no-check'
+        ];
+
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
         curl_setopt($ch, CURLOPT_URL, $url);
 
@@ -352,7 +367,7 @@ private function createUploadHandle($url, $upload_file, $ch)
             $this->log->debug('using CURLFile='.var_export($attachments, true));
         }
 
-        $this->authorization($ch);
+        $this->authorization($ch, $curl_http_headers);
 
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->getConfiguration()->isCurlOptSslVerifyHost());
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->getConfiguration()->isCurlOptSslVerifyPeer());
@@ -379,11 +394,8 @@ private function createUploadHandle($url, $upload_file, $ch)
         if (!function_exists('ini_get') || !ini_get('open_basedir')) {
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
         }
-        curl_setopt($ch, CURLOPT_HTTPHEADER, [
-            'Accept: */*',
-            'Content-Type: multipart/form-data',
-            'X-Atlassian-Token: nocheck',
-        ]);
+
+        curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_http_headers);
 
         curl_setopt($ch, CURLOPT_VERBOSE, $this->getConfiguration()->isCurlOptVerbose());
 
@@ -482,8 +494,10 @@ protected function createUrlByContext($context)
      * Add authorize to curl request.
      *
      * @param resource $ch
+     * @param $curl_http_headers
+     * @param null $cookieFile
      */
-    protected function authorization($ch, $cookieFile = null)
+    protected function authorization($ch, &$curl_http_headers, $cookieFile = null)
     {
         // use cookie
         if ($this->getConfiguration()->isCookieAuthorizationEnabled()) {
@@ -499,9 +513,13 @@ protected function authorization($ch, $cookieFile = null)
 
         // if cookie file not exist, using id/pwd login
         if (!file_exists($cookieFile)) {
-            $username = $this->getConfiguration()->getJiraUser();
-            $password = $this->getConfiguration()->getJiraPassword();
-            curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
+            if ($this->getConfiguration()->isTokenBasedAuth() === true ){
+                $curl_http_headers[] = 'Authorization: Bearer ' . $this->getConfiguration()->getPeronalAccessToken();
+            } else {
+                $username = $this->getConfiguration()->getJiraUser();
+                $password = $this->getConfiguration()->getJiraPassword();
+                curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
+            }
         }
     }
 
@@ -566,6 +584,12 @@ public function toHttpQueryParameter(array $paramArray)
      */
     public function download(string $url, string $outDir, string $file, string $cookieFile = null)
     {
+        $curl_http_header = [
+            'Accept: */*',
+            'Content-Type: application/json',
+            'X-Atlassian-Token: no-check'
+        ];
+
         $file = fopen($outDir.DIRECTORY_SEPARATOR.urldecode($file), 'w');
 
         curl_reset($this->curl);
@@ -576,7 +600,7 @@ public function download(string $url, string $outDir, string $file, string $cook
         // output to file handle
         curl_setopt($ch, CURLOPT_FILE, $file);
 
-        $this->authorization($ch, $cookieFile);
+        $this->authorization($ch, $curl_http_header, $cookieFile);
 
         curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->getConfiguration()->isCurlOptSslVerifyHost());
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->getConfiguration()->isCurlOptSslVerifyPeer());
@@ -604,18 +628,18 @@ public function download(string $url, string $outDir, string $file, string $cook
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
         }
 
+        if ($this->isRestApiV3()) {
+            $curl_http_header[] = 'x-atlassian-force-account-id: true';
+        }
+
         curl_setopt(
             $ch,
             CURLOPT_HTTPHEADER,
-            ['Accept: */*', 'Content-Type: application/json', 'X-Atlassian-Token: no-check']
+            $curl_http_header
         );
 
         curl_setopt($ch, CURLOPT_VERBOSE, $this->getConfiguration()->isCurlOptVerbose());
 
-        if ($this->isRestApiV3()) {
-            curl_setopt($ch, CURLOPT_HTTPHEADER, ['x-atlassian-force-account-id: true']);
-        }
-
         $this->log->debug('Curl exec='.$url);
         $response = curl_exec($ch);