Privacy: Changelogs and username

fboucquez · February 3, 2019, 4:19pm

Hi team,

I’m giving another go to try to remove all the username and userkey lookups from our addon. We are still facing the changelog problem where the changed field data refers to username instead of account ids.

The from and to values on changelogs are usernames instead of accountIds. This is for rest issue responses and webhooks.

This issue has been discussed several times but I could not find the active issue/bug/discussion.

https://ecosystem.atlassian.net/browse/ACJIRA-1501
https://ecosystem.atlassian.net/browse/ACJIRA-1510

What’s the plan on this issue? Are you adding some kind of fromAccountId/fromAccountIds and toAccountId/toAccountIds values to the changelog? Please keep in mind multiple user pickers.

At the moment we are patching the events replacing the usernames for account id in order to not store personal data. This workaround requires username lookups.

Could you point me to the current discussion about this issue?

Cheers
Fernando

david2 · February 3, 2019, 4:47pm

Hi @fboucquez,
if you add ‘x-atlassian-force-account-id’:true to your REST call header, you’ll receive accountIds instead of usernames in the changelog.

fboucquez · February 4, 2019, 12:42pm

HI @david2,

Thank you for the x-atlassian-force-account-id=true header hint. I thought that was just for fixing the watchers set rest calls. The header did fix the responses in issue requests.

I’m still facing the webhook problem. Changelogs in issue webhooks are still referencing usernames instead of account ids. I’m using the apiMigration flag

Our addon mostly relies on incoming webhook to perform a task.

It seems like the API migration flag doesn’t change the webhook body content. Just the JWT arguments, query parameters and it does some descriptor validation.

Do you know how to turn on account id on in incoming webhooks?

Cheers
Fernando

david2 · February 4, 2019, 12:56pm

I think that deserves a nice new ACJIRA bug report
In the meantime, you might have to call the rest API while processing the webhook to grab the correct issue history.

fboucquez · February 4, 2019, 1:13pm

Thanks, @david2!

I have raised https://ecosystem.atlassian.net/browse/ACJIRA-1692

Grabbing the issue history could work but I would need to filter out all the histories keeping the “last one” the given current user has done with some kind of timeframe.

I would like to keep the changelog in the incoming webhook as the source of truth. I would still patch the from/to usernames for now until the issue is fixed.

Cheers!