Raise On Behalf of flag + x-force-account-id completely broken (GDPR)

tobias.viehweger · April 29, 2019, 11:32am

Hey everyone,

the /rest/servicedeskapi/request API behaves super weird with the GDPR changes, we just recently noticed that. Following behavior:

When called (as of now) without x-atlassian-force-account-id:

It accepts accountIds for the raiseOnBehalfOf field
It accepts email addresses for the raiseOnBehalfOf field (existing + new ones, which will lead to a customer creation)

When called (as of now) with x-atlassian-force-account-id = true it completely breaks:

It does not accept accountIds (sd.validation.request.creation.failure.required.field, accountId is not a valid email address)
It does not accept email addresses (sd.request.create.error.unknown.account.id, email is not a valid accountId)

Here are the full requests for reference:
With email:

POST https://yasoon.atlassian.net/rest/servicedeskapi/request HTTP/1.1
Authorization: OAuth oauth_token=
Accept: application/json
Content-Type: application/json
X-ExperimentalApi: true
x-atlassian-force-account-id: true
X-Atlassian-Token: no-check

{
    "serviceDeskId": 1,
    "requestTypeId": "1",
    "requestFieldValues": {
        "summary": "[Atlassian Marketplace] Thanks for submitting yasoon Connect for Jira for approval"
    },
    "raiseOnBehalfOf": "tobi11@yasoon.com"
}

<========== RESPONSE ===========>

HTTP/1.1 400
Server: AtlassianProxy/1.13.6.2
Content-Type: application/json;charset=UTF-8
ATL-TraceId: 1b1264a17fe18723
X-AACCOUNTID: 557058%3Afee2c14d-2d17-45ab-af91-a46e792ececd
X-AREQUESTID: 56fbebfa-a8a5-42f1-9ccb-4e8361453848

{
    "errorMessage": "The Account ID does not refer to a valid user.",
    "i18nErrorMessage": {
        "i18nKey": "sd.request.create.error.unknown.account.id",
        "parameters": []
    }
}

With accountId (same request, just switch email for accountId):



POST https://yasoon.atlassian.net/rest/servicedeskapi/request HTTP/1.1
Authorization: OAuth oauth_token=
Accept: application/json
Content-Type: application/json
X-ExperimentalApi: true
x-atlassian-force-account-id: true
X-Atlassian-Token: no-check

{
    "serviceDeskId": 1,
    "requestTypeId": "1",
    "requestFieldValues": {
        "summary": "[Atlassian Marketplace] Thanks for submitting yasoon Connect for Jira for approval"
    },
    "raiseOnBehalfOf": "qm:0dcc645b-1a6d-4fc8-b8c1-776ee98ed787:19bbc405-6a95-4a1c-8ef2-2bed166c9bef"
}

<========== RESPONSE ===========>

HTTP/1.1 400
Server: AtlassianProxy/1.13.6.2
Content-Type: application/json;charset=UTF-8
Date: Mon, 29 Apr 2019 10:57:48 GMT
ATL-TraceId: d14f6fdbcc95a464
X-AACCOUNTID: 557058%3Afee2c14d-2d17-45ab-af91-a46e792ececd
X-AREQUESTID: 48eb6862-bc41-470f-a193-e589f8493362

{
    "errorMessage": "Your request could not be created. Please check the fields have been correctly filled in. qm:0dcc645b-1a6d-4fc8-b8c1-776ee98ed787:19bbc405-6a95-4a1c-8ef2-2bed166c9bef is not a valid email address",
    "i18nErrorMessage": {
        "i18nKey": "sd.validation.request.creation.failure.required.field",
        "parameters": ["qm:0dcc645b-1a6d-4fc8-b8c1-776ee98ed787:19bbc405-6a95-4a1c-8ef2-2bed166c9bef is not a valid email address"]
    }
}

iragudo · April 29, 2019, 4:08pm

Hello @tobias.viehweger,

I saw your question in DEVHELP and replied to it accordingly. So far, the usage of accountId on my end works - both with and without x-atlassian-force-account-id. However, I am getting the same error you are when inputting an invalid accountId. Kindly check if the accountId being used is correct.

Cheers,
Ian

tobias.viehweger · April 29, 2019, 4:32pm

Hi @iragudo,

thanks for getting back! It’s indeed odd, I’ve just created the customer just before using POST “/rest/servicedeskapi/customer”.

Does the accountID only become valid after a certain amount of time? That would be unfortunate…

iragudo · April 29, 2019, 4:43pm

None that I know of. I was able to hit your error; the customer creation before is the key. To replicate the issue:

Create a customer via POST /rest/servicedeskapi/customer,
Call POST /rest/servicedeskapi/request with x-atlassian-force-account-id=true.

Do note (and this is the interesting part) that once POST /rest/servicedeskapi/request is called without x-atlassian-force-account-id, the request is successful and succeeding calls with x-atlassian-force-account-id=true will also be successful. This seems like a bug (to me at least) but I’ll dig deeper and create a public-facing issue should it be so.

Cheers,
Ian

iragudo · April 30, 2019, 4:28am

Hello @tobias.viehweger,

I created the public-facing issue JSDECO-127 on your behalf so we can track the issue. Please use that issue to consolidate all communication regarding the accountId issue when raising a request on behalf a customer.

Cheers,
Ian