Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Deactivate jira user with powershell's Invoke-WebRequest

Rick van Twillert _TMC_
Rick van Twillert _TMC_
Contributor
September 26, 2018

Hi,

Since Atlassian is pretty ignorant in providing a REST endpoint to (de)activate a jira user  in Jira Software Server, removing all groups from the user isn't sufficient enough and Bob Swift's CLI is way to slow, I'm trying to deactivate a user by making a webrequest in powershell. Except I keep hitting the XSRF Security Token Missing error.

Does anyone know what I'm doing wrong? Here's the script:

$username = "currentUsername"
$fullname = "User Name"
$email = "username@domain.com"
$active = "false"
$editName = "newUsername"

$adminUsername = "admin"
$adminPassword = "password"
$jiraUrl = "https://jira.domain.com"

$loginUrl="$jiraUrl/login.jsp"
$authUrl="$jiraUrl/secure/admin/WebSudoAuthenticate.jspa"
$deactivateUrl="$jiraUrl/secure/admin/user/EditUser.jspa"


$postParams = @{os_username='$adminUsername';os_password='$adminPassword';os_destination=''}
$temp = Invoke-WebRequest -Uri $loginUrl -SessionVariable session -Method POST -Body $postParams -ContentType "application/x-www-form-urlencoded"

Write-Host $xsrfToken
Write-Host $xsrfToken.GetType().FullName

$postParams = @{atl_token=$xsrfToken;decorator='dialog';username=$username;fullName=$fullname;email=$email;active=$active;editName=$editName;returnUrl='UserBrowser.jspa'}
Invoke-WebRequest -Uri $deactivateUrl -WebSession $session -Method POST -Body $postParams -ContentType "application/x-www-form-urlencoded" | Out-String

The Write-Host output looks correct:

YADA-YADA-YADA-YADA_13d2ad076a732acced5b8da9f3d21abab6eea7cc_lout
System.String

Thanks in advance!

Answer
Watch
Like Be the first to like this
1657 views

1 answer

1 accepted

2 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 28, 2018

Hi Rick,

While the Jira REST API can't directly be used to deactivate users, you could use the embedded Crowd's API built into Jira Server in order to manage user deactivations.  Check out the workaround listed in the feature request https://jira.atlassian.com/browse/JRASERVER-37294

 

From that page:

Workaround

Use Crowd REST API following these steps:

  1. Go to User Management -> JIRA User Server
  2. Create a new one with the below details (you can use your own values):
    • Application Name: app_name
    • Password: app_pwd
    • IP Addresses: Insert the IP/s (each on a separate line) of the server where the REST call is to be run (to whitelist it so that the REST call is allowed to run)
  3. Test with this command:
    • If Linux: 
      curl -D- -u app_name:app_pwd -X PUT --data '{"name":"andy", "active":"false"}' http://10.60.1.252:8080/rest/usermanagement/1/user?username=andy -H 'Content-Type: application/json' -H 'Accept: application/json'
    • If Windows: 
      curl -D- -u app_name:app_pwd -X PUT --data "{\"name\":\"andy\", \"active\":\"false\"}" http://10.60.1.252:8080/rest/usermanagement/1/user?username=andy -H "Content-Type: application/json" -H "Accept: application/json"

      Use the right username (andy - 2 occurences) and JIRA URL (http://10.60.1.252:8080)

View More Comments
Rick van Twillert _TMC_
Rick van Twillert _TMC_
Contributor
September 30, 2018

That's one hell of a tip Andrew, thank you very much! This workaround works flawlessly. I was watching JRASERVER-44801 where everyone is bitching about the missing deactivate REST endpoint and it is even linked to the issue you mentioned, but never bothered to look further, like many others. I copied the workaround to this issue as well. Though I suggest Atlassian updates the description of this issue with this workaround as well.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events