Git push on Bitbucket (applink to Jira) fails on user not associated with the token
Platform Notice: Server, Data Center, and Cloud By Request - This article was written for the Atlassian server and data center platforms but may also be useful for Atlassian Cloud customers. If completing instructions in this article would help you, please contact Atlassian Support and mention it.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
Jira is linked with Bitbucket, but push request fails for a specific user on pre-receive hook. This happens if Bitbucket cannot authenticate the user in Jira. This will cause the features of the Application Link to fail. The Bitbucket push gets the error that the "pre-receive hook declined", We can see the error in Bitbucket logs:
2022-06-20 09:56:21,510 ERROR [hook-callback:thread-2] <username> *H16ONUx596x4063936x13 6aanep 10.126.248.16 SSH - git-receive-pack '/om/omnihub-baseline.git' c.i.s.plugin.jira.JiraServiceImpl response
com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 500
at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:16)
at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:13)
at com.atlassian.applinks.oauth.auth.OAuthApplinksReturningResponseHandler.handle(OAuthApplinksReturningResponseHandler.java:50)
at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:102)
...We can see this is because of an error status 500 from Jira, and the following error appears in the atlassian-jira.log:
2022-06-21 17:03:22,818+0200 http-nio-8080-exec-1 ERROR anonymous 1023x1204342x11 - 62.128.7.33 /rest/api/2/search [c.a.o.serviceprovider.internal.AuthenticatorImpl] Failed to validate OAuth message
com.atlassian.cache.CacheException: com.atlassian.oauth.serviceprovider.InvalidTokenException: Token 'XIUnPN1Qc982jufnQypngok5IBWqoIWu' is an access token, but has no user associated with it
at com.atlassian.cache.ehcache.DelegatingCache.get(DelegatingCache.java:113)
at com.atlassian.jira.cache.DeferredReplicationCache.get(DeferredReplicationCache.java:48)
at com.atlassian.jira.oauth.serviceprovider.CachingServiceProviderTokenStore.get(CachingServiceProviderTokenStore.java:81)
...診断
Diagnostic Steps
Run the following query and look for a row containing the consumer_key from the Jira error. This row should be deleted as the token fails to authenticate,
select * from oauthconsumertoken where token='XIUnPN1Qc982jufnQypngok5IBWqoIWu';
id | created | token_key | token | token_secret | token_type | consumer_key
-------+----------------------------+--------------------------------------------------+----------------------------------+----------------------------------+------------+-------------------------------------------
10309 | 2015-07-01 19:35:59.842+00 | a5f05bf0-3feb-3479-b101-d5ac9e8ea56d:user1 | XIUnPN1Qc982jufnQypngok5IBWqoIWu | FM2lRWLrOHhXLdYwJtwwFI4SO3aftiQV | ACCESS | jira:2225f1ed-e21b-4ada-a40e-3ad49c79d7b4
(1 row)Additionally there is a row for the user in the oauthsptoken table which should be deleted as well.
原因
This is caused by a stale consumer key being used and can occur after a user migration.
ソリューション
- Jira を停止します。
- Create a backup of the JIRA database
Using the
consumer_keyfrom above and the user key, run the following queries:delete from oauthconsumertoken where consumer_key = 'jira:2225f1ed-e21b-4ada-a40e-3ad49c79d7b4'; delete from oauthsptoken where consumer_key like 'Bitbucket%' and username=<user_key>;- Jira を起動します。
データベースの変更を行う場合は必ず事前にバックアップを取得してください。可能な場合は、まずステージング サーバーで SQL コマンドの変更、挿入、更新、または削除を行うようにします。