Bitbucket Server: Send password as Bearer instead of Basic Auth

runatlantis.io/docs/access-credentials.md

@@ -89,6 +89,8 @@ Since v0.19.7, a new permission for `Administration` has been added. If you have
 - Give the token **Read** Project permissions and **Write** Pull request permissions
 - Click **Create** and record the access token
 
+  NOTE: Atlantis will send the token as a [Bearer Auth to the Bitbucket API](https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html#HTTPaccesstokens-UsingHTTPaccesstokens) instead of using Basic Auth.
+
 ### Azure DevOps
 - Create a Personal access token by following [https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops)
 - Label the password "atlantis"

server/events/vcs/bitbucketserver/client.go

@@ -300,7 +300,11 @@ func (b *Client) prepRequest(method string, path string, body io.Reader) (*http.
 	if err != nil {
 		return nil, err
 	}
-	req.SetBasicAuth(b.Username, b.Password)
+
+	// Personal access tokens can be sent as basic auth or bearer
+	bearer := "Bearer " + b.Password
+	req.Header.Add("Authorization", bearer)
+
 	if body != nil {
 		req.Header.Add("Content-Type", "application/json")
 	}