Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-70314

Calling unimplemented methods in Embedded Crowd endpoints exposed by Jira shall return an error instead of success codes




      Issue Summary

      Jira exposes embedded Crowd REST resources (i.e. /rest/usermanagement/1) along with Jira REST resources. However, some of these resources are not implemented in Jira, see NoopForgottenLoginManager.

      With the current implementation of this class, the REST requests return various codes indicating successful processing (i.e. methods with void return types (see below for an example) return HTTP 204 that indicated success because NoopForgottenLoginManager does not throw exceptions.

      However, according to REST conventions, these methods shall return HTTP 405 Method Not Allowed response status code, which indicates that the request method is known by the server but is not supported by the target resource (see discussion of response codes 405 and 501.

      Steps to Reproduce

      1. On a vanilla Jira installation, go gg > User directories page, click Jira User Server on the left-hand side menu and create an application definition. Define a username and password (username/passw0rd) at this step which will be used on next step
      2. send a REST request using username/password above to Jira like below for an existing user (i.e. admin) like below
        curl -i -u username:passw0rd -X POST <JIRA_BASE_URL>/rest/usermanagement/1/user/mail/password?username=admin --header 'Content-Type: application/json' --header 'Accept: application/json'

      Expected Results

      We receive an HTTP 405 response

      Actual Results

      We receive an HTTP 204 response, indicating a password reset mail has been sent to this user, however, no such mail is sent


      Use similar REST API that's provided by JIRA User REST endpoint




            Unassigned Unassigned
            keroglu Kurtcebe Eroglu
            3 Vote for this issue
            13 Start watching this issue