Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend the Bitbucket Provider to support Bitbucket Server instances #140

Closed
mminns opened this issue Jun 26, 2020 · 8 comments
Closed

Extend the Bitbucket Provider to support Bitbucket Server instances #140

mminns opened this issue Jun 26, 2020 · 8 comments
Labels
enhancement New feature or request

Comments

@mminns
Copy link
Contributor

mminns commented Jun 26, 2020

Feature description

The GitHub Provider supports cloud github.com URLs but can also be configured to support GitHub Enterprise instances with their random URLs via the GCM_PROVIDER/credential.provider configurations.

e.g.

git config --global credential.ghe.contoso.com.authority github

Although it isn't documented it is already possible to do the following for Bitbucket Server URLs:

git config --global credential.bbs.contoso.com.authority bitbucket

This does actually work-ish.
The URL is correctly identified and the Bitbucket Provider is used but unfortunately everything then falls apart because:

  • Bitbucket Server does not support OAuth 2.0
  • Bitbucket Server does not share a common REST API with bitbucket.org
  • Bitbucket Server does not include the username in HTTP Git URLs
  • Bitbucket Server does not support 2FA out of the box

Additionally, but not blocking

  • Bitbucket Server does not support 2FA
  • Bitbucket Server does not include usernames in the HTTP Git URLs

So to support Bitbucket Server in the simplest way the existing Bitbucket Provider would need to be extended to support the following:

  • Identify URL hosts other than bitbucket.org as Bitbucket Server hosts
  • Assume the Bitbucket Server does not support 2FA, therefore bypass any OAuth 2.0 requests and only support Basic Auth
  • Store Bitbucket Server credentials with a key like git:https://bbs.contoso.com as well as git:https://username@bbs.contoso.com

By storing credentials under git:https://bbs.contoso.com it has the potential for a user of multiple accounts to keep overwriting the credentials but I think that can be safely ignored as

  • that is already an issue with the GitHub Provider AFAICS
  • very few users will actually have multiple user accounts on a given server.

I have a proof of concept here: master...itofinity:issue/support-bbs-basicauth

@mminns mminns added the enhancement New feature or request label Jun 26, 2020
@dscho
Copy link
Collaborator

dscho commented Jun 26, 2020

@mminns I opened a PR with your changes here: #141. From my point of view, the changes are good to go. @mjcheetham what do you think?

@mjcheetham mjcheetham linked a pull request Jun 26, 2020 that will close this issue
@mjcheetham
Copy link
Collaborator

Awesome @mminns! Thanks for this. Your POC looks good to me.
Thanks @dscho for opening the PR for the commit. I did submit some small requests to change things.

@mminns
Copy link
Contributor Author

mminns commented Jun 26, 2020

@mminns I opened a PR with your changes here: #141. From my point of view, the changes are good to go. @mjcheetham what do you think?

Wow, thanks. there was me thinking it probably needed some tests :)

I'll follow up the PR comments. 👍

@dscho
Copy link
Collaborator

dscho commented Jul 1, 2020

Can this ticket be closed now?

@mjcheetham
Copy link
Collaborator

Yes, but the changes that fix this issue have not been released yet. Might be worth doing that.

@agusmba
Copy link

agusmba commented Jul 17, 2020

Maybe a bit off-topic, but Bitbucket Server Datacenter supports SAML authentication against an external IDP.
This functionality can also be provided to regular Bitbucket Server by several marketplace plugins.
It would be great if GCMC could include support for this, in order to avoid the need to create user tokens.

@mjcheetham
Copy link
Collaborator

Maybe a bit off-topic, but Bitbucket Server Datacenter supports SAML authentication against an external IDP.
This functionality can also be provided to regular Bitbucket Server by several marketplace plugins.
It would be great if GCMC could include support for this, in order to avoid the need to create user tokens.

Hey @agusmba! Although we cannot commit to implementing this, would you mind creating an issue (feature request) for supporting SAML with Bitbucket Server Datacenter? We'd also be happy to review and PRs implementing this 😁

Thanks!

@agusmba
Copy link

agusmba commented Jul 20, 2020

#151 created for tracking that. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants