ValidateJiraToken: malformed URL silently reports valid connection #1079
Description
Summary
When http.NewRequestWithContext fails for all Jira API URL candidates inside ValidateJiraToken (e.g. because the provided URL is malformed), the loop silently swallows every error via continue. Because sawHTTPResponse and lastNetErr are never set, the function falls through to return true, nil, falsely reporting a broken Jira URL as a valid connection.
This is a pre-existing issue, separate from the client.Do() / *url.Error fix landed in #1062.
Relevant code path in components/backend/handlers/integration_validation.go:
req, err := http.NewRequestWithContext(ctx, "GET", apiURL, nil)
if err != nil {
continue // error is lost; client.Do() never runs
}Steps to reproduce
- Call
ValidateJiraTokenwith a malformed URL (e.g."://bad"), a non-empty email, and a non-empty API token:valid, err := ValidateJiraToken(ctx, "://bad", "user@example.com", "token")
- Observe the return values.
Expected results
valid is false and err is non-nil, describing why the request could not be constructed (e.g. "failed to create request: ...").
Actual results
valid is true and err is nil — a demonstrably broken Jira URL is incorrectly reported as a valid connection.
Suggested fix
Capture the request-construction error and return it when no HTTP response was ever received:
var lastReqErr error
for _, apiURL := range apiURLs {
req, err := http.NewRequestWithContext(ctx, "GET", apiURL, nil)
if err != nil {
lastReqErr = err
continue
}
// ...
}
if lastNetErr != nil && !sawHTTPResponse {
return false, fmt.Errorf("request failed: %w", lastNetErr)
}
if lastReqErr != nil && !sawHTTPResponse {
return false, fmt.Errorf("failed to create request: %w", lastReqErr)
}A regression test should pass an obviously malformed URL and assert valid == false and err != nil.
References
- PR surface network errors from integration token validation #1062 (where this was identified)
- Requested by @ktdreyer