From 394a109136ef0ea373c3aab69674b9fff7a75066 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Sat, 25 Apr 2020 13:58:08 -0700
Subject: [PATCH] (stable) Use "rest/api/3/myself" to retrieve JIRA profile
 details, not "rest/auth/1/session"

Summary:
Ref T13493. At time of writing, the old API method no longer functions: `1/session` does not return an `accountId` but all calls now require one.

Use the modern `3/myself` API instead. The datastructure returned by `2/user` (older appraoch) and `3/myself` (newer approach) is more or less the same, as far as I can tell.

Test Plan: Linked an account against modern-at-time-of-writing Atlassian-hosted JIRA.

Maniphest Tasks: T13493

Differential Revision: https://secure.phabricator.com/D21170
---
 .../auth/adapter/PhutilJIRAAuthAdapter.php    | 38 ++++++++++++-------
 1 file changed, 25 insertions(+), 13 deletions(-)

diff --git a/src/applications/auth/adapter/PhutilJIRAAuthAdapter.php b/src/applications/auth/adapter/PhutilJIRAAuthAdapter.php
index 2796577148..a18b39690b 100644
--- a/src/applications/auth/adapter/PhutilJIRAAuthAdapter.php
+++ b/src/applications/auth/adapter/PhutilJIRAAuthAdapter.php
@@ -10,7 +10,6 @@ final class PhutilJIRAAuthAdapter extends PhutilOAuth1AuthAdapter {
 
   private $jiraBaseURI;
   private $adapterDomain;
-  private $currentSession;
   private $userInfo;
 
   public function setJIRABaseURI($jira_base_uri) {
@@ -106,23 +105,36 @@ final class PhutilJIRAAuthAdapter extends PhutilOAuth1AuthAdapter {
 
   private function getUserInfo() {
     if ($this->userInfo === null) {
-      $this->currentSession = $this->newJIRAFuture('rest/auth/1/session', 'GET')
-        ->resolveJSON();
-
-      // The session call gives us the username, but not the user key or other
-      // information. Make a second call to get additional information.
-
-      $params = array(
-        'username' => $this->currentSession['name'],
-      );
-
-      $this->userInfo = $this->newJIRAFuture('rest/api/2/user', 'GET', $params)
-        ->resolveJSON();
+      $this->userInfo = $this->newUserInfo();
     }
 
     return $this->userInfo;
   }
 
+  private function newUserInfo() {
+    // See T13493. Try a relatively modern (circa early 2020) API call first.
+    try {
+      return $this->newJIRAFuture('rest/api/3/myself', 'GET')
+        ->resolveJSON();
+    } catch (Exception $ex) {
+      // If we failed the v3 call, assume the server version is too old
+      // to support this API and fall back to trying the older method.
+    }
+
+    $session = $this->newJIRAFuture('rest/auth/1/session', 'GET')
+      ->resolveJSON();
+
+    // The session call gives us the username, but not the user key or other
+    // information. Make a second call to get additional information.
+
+    $params = array(
+      'username' => $session['name'],
+    );
+
+    return $this->newJIRAFuture('rest/api/2/user', 'GET', $params)
+      ->resolveJSON();
+  }
+
   public static function newJIRAKeypair() {
     $config = array(
       'digest_alg' => 'sha512',