search

Wanchai / FTPbucket

FTPbucket is a PHP script that enables you to sync your BitBucket or GitHub repository with any web-server
102 stars 22 forks source link

401 Unauthorized error returned when retrieving files or directory contents using Bitbucket's app password. #30

Closed steven7mwesigwa closed 2 years ago

steven7mwesigwa commented 2 years ago

Description:

Notes:

  1. This only happens when using Bitbucket's app password with Basic authentication even when you've granted it all OAuth scopes/permissions.

  2. On the contrary, no issues are experienced if you use your main Bitbucket login account password. Keep in mind that using the main Atlassian account password has been deprecated in favor of "app passwords".

Solution:

I managed to resolve this issue by removing the "!" sign from the endpoint routes. https://bitbucket.org/!api/2.0/repositories/test7_wanchai/test-indent/src/2e39c147293f02648190ad62f64cb6e443f6bd6a/dummy-1000.txt

Steps to reproduce the issue:

  1. Create an app password and give it the relevant "OAuth scopes/permissions". I granted mine to have ("pipeline", "webhook" & "repository"). On save, copy the auto-generated app password.

  2. Try accessing the endpoint to retrieve a file on your remote Bitbucket repository using Basic authentication with the "app password" and your "username".

  3. Here is a script to list all recently committed files in my test repo. List of updated committed files wanchai-ftpbucket.

  4. Here is a script that tries accessing one of my file contents. It will throw a "401 Unauthorized error". 401 Unauthorized wanchai-ftpbucket.

  5. To resolve the error, remove the "!" sign from Line 6 (CURL URL) and run the script again. https://gist.github.com/steven7mwesigwa/c0bd9a5624349ac7d25d22c866ab3ace#file-401-unauthorized-wanchai-ftpbucket-L6