search

tcplugins / tcWebHookTrigger

Trigger a TeamCity build from a WebHook
11 stars 0 forks source link

Bitbucket authorization #10

Open manfe513 opened 1 year ago

manfe513 commented 1 year ago

Hi, thank you for plugin!

I've tried to setup it with bitbucket webhooks, but encountered a situation:

  1. Bitbucket webhook sends a request with body signed by auth token via HMAC i.e. it doesn't add the Authorization header to request Can you somehow help me to solve this situation? I'm not familiar with plugin creating process

  2. You've mentioned this plugin uses personal token, can you somehow help me to make it use non-personal Teamcity token?

netwolfuk commented 1 year ago

Hi @manfe513.

For TeamCity plugins the TeamCity server provides authentication before any of the plugin code is executed.

The easiest authentication method provided by TeamCity is to create a bearer token. TeamCity uses the name "personal token" because the token maps to a user's account in TeamCity.

I'm not sure what you mean by "non-personal token". After you referring to hmac as per your first question?

netwolfuk commented 1 year ago

It looks like it is possible to use basic authentication instead of a bearer token to authenticate with teamcity.

There is a style of constructing a URL that includes the username and password. I have just tested it with curl, and it worked against my TeamCity dev server.

curl -X POST  \
http://username:password@teamcity-dev-test.local.docker/app/rest/webhook-trigger/Utils_TcDummyDeb \
-d @trigger.json

You might be able to configure a similar URL in bitbucket that includes the username and password. The username and password are the credentials of a teamcity user. You might choose to create a new user just for this, and provide as few permissions as possible for that user.

manfe513 commented 1 year ago

@netwolfuk Thank you for your response!

Didn't know there's a possibility to provide credentials via URL that way - cool! By saying non-personal - I mean, may I use newly created personal access token (expiration in 5 years for example) in URL via username:access_token instead of password?

netwolfuk commented 1 year ago

You could try using the token as the password, but I don't think it works.

manfe513 commented 1 year ago

Thanks for your response! I'll try