fix(jira): always return HTTP 200 from jira-test + strip trailing slash

- jira-test now returns {status: "ok"|"error", message: ...} with HTTP 200 so Cloudflare never intercepts the response - jira_service strips trailing slash from URL before creating Jira client (avoids double-slash in REST paths) - Frontend reads data.status field instead of HTTP status code Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-26 17:42:12 +02:00
parent 48a936d426
commit a04d5308ab
4 changed files with 38 additions and 15 deletions
--- a/backend/app/routers/system.py
+++ b/backend/app/routers/system.py
@@ -295,8 +295,11 @@ def test_jira_connection(

    try:
        jira = get_user_jira_client(current_user, db)
-        # Lightweight call: get current user info (10 s hard timeout)
-        jira._session.timeout = 10  # type: ignore[attr-defined]
+        # 10-second timeout so we never block Cloudflare into a 524
+        try:
+            jira._session.timeout = 10  # type: ignore[attr-defined]
+        except Exception:
+            pass
        myself = jira.myself()
        return {
            "status": "ok",
@@ -305,21 +308,26 @@ def test_jira_connection(
        }
    except Exception as exc:
        err = str(exc)
-        # Translate common Atlassian-library errors into human-readable messages
+        # Always return HTTP 200 with status="error" so Cloudflare never
+        # intercepts the response and the frontend always sees our message.
        if "Expecting value" in err or "line 1 column 1" in err:
-            detail = (
-                "Jira returned an unexpected response — check that the URL is correct "
-                "and that the account email + API token are valid."
+            msg = (
+                "Jira returned a non-JSON response. "
+                "Verify the URL (e.g. https://company.atlassian.net), "
+                "email and API token."
            )
        elif "401" in err or "Unauthorized" in err:
-            detail = "Authentication failed (401). Verify your Atlassian email and API token."
+            msg = "Authentication failed (401). Check your Atlassian email and API token."
        elif "403" in err or "Forbidden" in err:
-            detail = "Access denied (403). The token may not have permission to access this Jira instance."
+            msg = "Access denied (403). The token may not have permission for this Jira project."
        elif "timed out" in err.lower() or "timeout" in err.lower():
-            detail = "Connection timed out. Check the Jira URL is reachable from the server."
+            msg = "Connection timed out. Check that the Jira URL is reachable from the server."
+        elif "not configured" in err.lower():
+            msg = err
        else:
-            detail = f"Jira connection failed: {err}"
-        raise HTTPException(status_code=502, detail=detail)
+            msg = f"Jira connection failed: {err}"
+        logger.warning("Jira test connection failed: %s", err)
+        return {"status": "error", "message": msg, "jira_url": jira_url}


 # ---------------------------------------------------------------------------
--- a/backend/app/services/jira_service.py
+++ b/backend/app/services/jira_service.py
@@ -142,8 +142,12 @@ def get_user_jira_client(user: User, db: Session):

    from atlassian import Jira

+    # Strip trailing slash — the Atlassian library appends paths like
+    # /rest/api/2/myself and a trailing slash causes double-slash URLs.
+    clean_url = jira_url.rstrip("/")
+
    return Jira(
-        url=jira_url,
+        url=clean_url,
        username=auth_email,
        password=user.jira_api_token,
        cloud=True,