Join 34,000+ subscribers and receive articles from our
blog about software quality, testing, QA and security.

Using JIRA to authenticate Testrail users


#1

I am sharing a bit of code that I built for using JIRA as your authentication server.
The way it works is as follows:

  • I am using the custom integration capabilities of TestRail with an external authentication system. See here
  • All our team users are in JIRA and we need to give them access to Testrail.
  • Instead of creating yet another login, we have the users using their JIRA login.
  • They use their JIRA email and password in testrail, the custom authentication kicks in and checks JIRA for their user information with their id and pw.
  • If JIRA authenticates and the user is already present in Testrail, it let’s them in.
  • If JIRA authenticates and the user is not present, then it will automatically create that user and let them in
  • If the JIRA authentication fails, the user will get a testrail error message

I hope you find this a useful idea, however from here on forward you take the risk and you are on your own.
Enjoy!

<?php
// JIRA Rest basic authentication, only to be used with SSL. Works with JIRA Cloud and Server.
// Copy into your testrail/custom/auth directory as auth.php
//
// This allows us to use JIRA as the user authentication mechanism.
// It does assume that your user name in JIRA is identical to the name portion in your email address. 
// So if you have the following email address: first.name@mail.com, your user name in JIRA should be first.name
//

function authenticate_user($name, $password)
{
        // First check JIRA
		// We'll collect the JIRA user information and we need to authenticate
		
		list($username, $domain) = explode("@", $name); //Break up the login email name so that we can serach for the JIRA username
        // Adapt the URL below to point to your JIRA instance, if you have a public facing JIRA install, please use SSL!
		$URL="https://<your JIRA server>/rest/api/2/user?username=".$username; // Build the REST url to query JIRA

        // Open CURL and set options
		$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL,$URL);
        curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
        $out = curl_exec($ch); //Execute the REST command
        $info = curl_getinfo($ch); //Get the HTTP Status (200 is good, 401 is failed authentication
        
		$json = json_decode($out,true); //Parse out the JSON return string
        $fullname = $json['displayName']; //Get the user's fullname in case we need to create the user.
        
		curl_close ($ch);

// If the user exists in JIRA and was authenticated, then check if the user already exists in Testrail
if ($info['http_code']==200){
        $info = '';
		// Adapt the URL below for your own purposes. This one would work in most situations.
        $URL="http://localhost/testrail/index.php?/api/v2/get_user_by_email&email=".$name; //Now using the email address that the user enters when logging into testrail
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL,$URL);
        curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        $out = curl_exec($ch);  //Execute the REST command
        $info = curl_getinfo($ch); //Get the HTTP Status (200 is good, 400 means: the user is present in testrail
        curl_close ($ch);

		//If the user is in testrail, return success and testrail will let the user in.
        if ($info['http_code']==200){
                return new AuthResultSuccess($name);
        }
        else
        {
				// if the user is not present yet, create user. We are now using the fullname we acquired from JIRA
                $result = new AuthResultSuccess($name);
                $result->create_account = true;   // Create an account, if needed
                $result->name = $fullname;
				//$result->role_id = 3;             // Optional: ID of the user's role
				//$result->group_ids = array(1, 2); // Optional: IDs of the user's groups    
				//$result->is_admin = true;         // Optional: Admin privileges
                return $result; //Return, now user is let in and new user is created. 
				//The testrail admin needs to make sure now that the user is assigned to the right role and group. Or automatically set those by the optional calls above
        }
}
// If JIRA returns HTTP status 401, the user was not authenticated (or a user in JIRA)
if ($info['http_code']==401){
        return new AuthResultDenied(); //Testrail will notify user that authenication did not succeed
        }
else
        {
                // Any other status is a bigger problem and an exception needs to be thrown
				throw new AuthException('Connecting to JIRA for authorization failed');
        }
}

#2

Hello Roland,

Thanks for sharing this! You should be able to omit the second HTTP request (the one to TestRail) and the create_account option would handle this automatically. You just need to make sure to return the create_account and name options in every case then.

Cheers,
Tobias


#3

Can this work when both are cloud systems, i.e., TestRail(cloud) <–> Jira (cloud)?

Thanks,
Chris


#4

Hi Chris,

Thanks for your posting! This example was for TestRail Server but it’s also planned to look into SSO support for TestRail Cloud as well and we already have this on our feature request list (happy to add another vote, thanks for your feedback!).

Cheers,
Tobias


#5

Hi Tobias,

any news/updates on this feature request? We set up TestRail/Jira integration just today, and would prefer to use the Jira directory for authentication (as opposed to having two maintain separate accounts). Both (Jira and TestRail) are cloud-based.

Thanks,

  • Stephan

#6

Hi Stephan,

Thanks for your posting. We don’t have an update regarding this feature request at this point but it’s still planned to look into it. Happy to add another vote, thanks for your feedback!

Cheers,
Tobias