Merge pull request #1770 from atlassian/websudo-jira-locust-app-specific

SergeyMoroz0703 · web-flow · commit bb1ed3f5e547 · 2025-06-04T13:31:38.000+03:00
added websudo for jira locust
diff --git a/app/extension/jira/extension_locust.py b/app/extension/jira/extension_locust.py
@@ -5,7 +5,10 @@
 
 
 @jira_measure("locust_app_specific_action")
-# @run_as_specific_user(username='admin', password='admin')  # run as specific user
+# WebSudo is a feature that enhances security by requiring administrators to re-authenticate before
+# accessing administrative functions within Atlassian applications.
+# do_websudo=True requires user administrative rights, otherwise requests fail.
+#@run_as_specific_user(username='admin', password='admin', do_websudo=False)  # run as specific user
 def app_specific_action(locust):
     r = locust.get('/app/get_endpoint', catch_response=True)  # call app-specific GET endpoint
     content = r.content.decode('utf-8')   # decode response content
diff --git a/app/locustio/common_utils.py b/app/locustio/common_utils.py
@@ -419,12 +419,9 @@ def do_confluence_login(locust, usr, pwd, do_websudo=False):
         }
         system_info_html = locust.post(url='/doauthenticate.action', data=auth_body,
                                        headers={'X-Atlassian-Token': 'no-check'}, catch_response=True)
-        print(system_info_html.content.decode('utf-8'))
 
 
-
-
-def do_login_jira(locust, usr, pwd):
+def do_login_jira(locust, usr, pwd, do_websudo=False):
     locust.client.cookies.clear()
     body = LOGIN_BODY
     body['os_username'] = usr
@@ -468,6 +465,16 @@ def do_login_jira(locust, usr, pwd):
             token = fetch_by_re(locust.session_data_storage['token_pattern'], content)
             locust.session_data_storage["token"] = token
 
+        if do_websudo:
+            auth_body = {
+                'webSudoDestination': '/secure/admin/ViewSystemInfo.jspa',
+                'webSudoIsPost': False,
+                'webSudoPassword': pwd,
+                'atl_token': locust.session_data_storage["token"]
+            }
+            system_info_html = locust.post(url='/secure/admin/WebSudoAuthenticate.jspa', data=auth_body,
+                                           headers={'X-Atlassian-Token': 'no-check'}, catch_response=True)
+
 
 def run_as_specific_user(username=None, password=None, do_websudo=False):
     if not (username and password):
@@ -500,7 +507,7 @@ def wrapper(*args, **kwargs):
 
                 # send requests by the specific user
                 if app == JIRA or (app == JSM and app_type == TYPE_AGENT):
-                    do_login_jira(locust, username, password)
+                    do_login_jira(locust, username, password, do_websudo)
                     func(*args, **kwargs)
                     do_login_jira(locust, session_user_name, session_user_password)
 
