Delete user from app

laszlo.cseko · February 15, 2018, 9:23am

Hi,

I am trying to remove a user in jira cloud using rest api https://developer.atlassian.com/cloud/jira/platform/rest/#api-api-2-user-delete from an app.
From rest client like postman it works just fine but from java test case it is not working,
Here is the test case:

    @Test
    public void deleteCustomer()
    {
        FakeApplication fakeApplication = Helpers.fakeApplication(inMemoryDatabase("test"));
        Helpers.start(fakeApplication);

        AcHost acHost = AC.getAcHost("hostKeyFromInstalledAppDb");

        WSResponse deleteUserResponse = AC.urlAsUser("/rest/api/2/user", acHost, Option.option("admin")).setQueryParameter("username", "customer@test").delete().get(MAX_TIMEOUT);
        assertThat("Could not delete existing test user",  deleteUserResponse.getStatus(), is(204));
    }

The user I am trying to delete is actually a customer in JSD. (I dont think it matters, because using rest client it works)
When I execute this test, I always get 401(Unauthorized), from postman (using basic authentication with admin user credentials) it succeeds, I get 204.
I am using achost key from the db of an installed app to simulate the app. The app has scope ACT_AS_USER and I would like to delete it with admin user.

A found that documentation says, Apps cannot access this REST resource.
Am I getting 401 because I am calling it from an app even if acting on behalf of admin user?

Or should I authenticate admin user somehow? If so then how?

Thanks,
László

rmassaioli · February 15, 2018, 11:40am

That is correct. The documentation is accurate: an app can’t use that rest API, even if it is impersonating another user.

If you want to make that rest API call on behalf of another user then you can request that they provide you with one of their identity tokens: Atlassian account

But that’s nearly as good as asking them to give you their password: so make them aware of that and be secure with that data.

Can I ask why you want to be able to manipulate users? Have you read my comment here: Create JIRA user from Connect add-on via REST API - #3 by rmassaioli

laszlo.cseko · February 20, 2018, 10:03am

Thanks for the reply.

We are developing an addon which creates SD customers.
I was trying out cloud rest interfaces in test cases, how can I create customers and in the tear down I wanted to clean up the created customer. Since there was no api for removing customer, I tried removing them as user as a workaround.