API access through curl

Create issue
Issue #4 resolved
Former user created an issue

It would be neat if we could curl the archive URL and get archives without hardcoding the user/pass in the URL.

I'm not too familiar with how plugins are structured but if you can return a proper challenge (401) when the user doesn't have auth (instead of what stash does with the redirect) then it would work nicely.

This would really help as I'd like to use these archive URLs in requirements listings for python and I'd rather not hardcode passwords in the repository.

Comments (1)

  1. Bryan Turner

    This is really a Bitbucket Server issue, not something specific to this plugin. I'd encourage you to vote for BSERV-2722 and/or BSERV-4989 to get something like token or access key-based access.

    As for a "proper challenge", I can't speak for what the plugin did before, but my changes in version 2.1 add a REST endpoint (to replace the servlet, though that does still exist for backward compatibility). If you use the REST endpoint, I think it does exactly what you're looking for:

    Aphrael:archive bturner$ curl -v http://localhost:7990/bitbucket/rest/archive/latest/projects/PROJECT_1/repos/rep_1/archive?format=zip
    *   Trying ::1...
    * Connected to localhost (::1) port 7990 (#0)
    > GET /bitbucket/rest/archive/latest/projects/PROJECT_1/repos/rep_1/archive?format=zip HTTP/1.1
    > Host: localhost:7990
    > User-Agent: curl/7.43.0
    > Accept: */*
    > 
    < HTTP/1.1 401 Unauthorized
    < Server: Apache-Coyote/1.1
    < X-AREQUESTID: @1IMQJNKx757x39x0
    < Cache-Control: no-cache, no-transform
    < Vary: X-AUSERNAME
    < Vary: X-AUSERID
    < Vary: Cookie
    < X-Content-Type-Options: nosniff
    < WWW-Authenticate: OAuth realm="http%3A%2F%2Flocalhost%3A7990%2Fbitbucket"
    < Content-Type: application/json;charset=UTF-8
    < Transfer-Encoding: chunked
    < Date: Sat, 28 May 2016 19:37:35 GMT
    < 
    * Connection #0 to host localhost left intact
    {"errors":[{"context":null,"message":"You are not permitted to access this resource","exceptionName":"com.atlassian.bitbucket.AuthorisationException"}]}
    

    I've reimplemented the servlet to internally forward (no redirect; it's handled in the same server request) to REST, so using that produces the same 401:

    Aphrael:archive bturner$ curl -v http://localhost:7990/bitbucket/plugins/servlet/archive/projects/PROJECT_1/repos/rep_1?format=zip
    *   Trying ::1...
    * Connected to localhost (::1) port 7990 (#0)
    > GET /bitbucket/plugins/servlet/archive/projects/PROJECT_1/repos/rep_1?format=zip HTTP/1.1
    > Host: localhost:7990
    > User-Agent: curl/7.43.0
    > Accept: */*
    > 
    < HTTP/1.1 401 Unauthorized
    < Server: Apache-Coyote/1.1
    < X-AREQUESTID: @1IMQJNKx762x40x0
    < X-XSS-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    < Cache-Control: no-cache, no-transform
    < Vary: X-AUSERNAME
    < Vary: X-AUSERID
    < Vary: Cookie
    < X-Content-Type-Options: nosniff
    < WWW-Authenticate: OAuth realm="http%3A%2F%2Flocalhost%3A7990%2Fbitbucket"
    < WWW-Authenticate: OAuth realm="http%3A%2F%2Flocalhost%3A7990%2Fbitbucket"
    < Content-Type: application/json;charset=UTF-8
    < Transfer-Encoding: chunked
    < Date: Sat, 28 May 2016 19:42:05 GMT
    < 
    * Connection #0 to host localhost left intact
    {"errors":[{"context":null,"message":"You are not permitted to access this resource","exceptionName":"com.atlassian.bitbucket.AuthorisationException"}]}
    
  2. Log in to comment