You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
feat: enhance BitbucketServerProvider authentication with username and password fallback
PR Type
Enhancement
Description
Add username/password authentication fallback for BitbucketServerProvider
Maintain bearer token as primary authentication method
Improve authentication flexibility for different deployment scenarios
Diagram Walkthrough
flowchart LR
A["BitbucketServerProvider"] --> B["Check Bearer Token"]
B --> C["Bearer Token Available?"]
C -->|Yes| D["Use Token Authentication"]
C -->|No| E["Use Username/Password Authentication"]
D --> F["Initialize Bitbucket Client"]
E --> F
Loading
File Walkthrough
Relevant files
Enhancement
bitbucket_server_provider.py
Enhanced authentication with username/password fallback
No validation for username/password authentication scenario. If bearer token is None but username or password are also None, the Bitbucket client initialization will fail silently or with unclear error messages.
Bitbucket client initialization is duplicated in both authentication branches. Consider extracting common initialization logic to reduce code duplication.
Guard against missing credentials when falling back to username/password. If neither a bearer token nor both username and password are provided, raise a clear error early to avoid confusing authentication failures later.
#get username and password from settings
self.username = get_settings().get("BITBUCKET_SERVER.USERNAME", None)
self.password = get_settings().get("BITBUCKET_SERVER.PASSWORD", None)
self.bitbucket_server_url = self._parse_bitbucket_server(url=pr_url)
#if bearer token is provided, use it to authenticate, otherwise use username and password
if self.bearer_token:
self.bitbucket_client = bitbucket_client or Bitbucket(
url=self.bitbucket_server_url,
token=self.bearer_token
)
else:
+ if not self.username or not self.password:+ raise ValueError("Bitbucket authentication requires either 'BITBUCKET_SERVER.BEARER_TOKEN' or both 'BITBUCKET_SERVER.USERNAME' and 'BITBUCKET_SERVER.PASSWORD'.")
self.bitbucket_client = bitbucket_client or Bitbucket(
url=self.bitbucket_server_url,
username=self.username,
password=self.password
)
Apply / Chat
Suggestion importance[1-10]: 7
__
Why: Adding an early check for missing self.username/self.password when no self.bearer_token is provided improves robustness and gives a clear error instead of failing later during Bitbucket auth.
Medium
Validate server URL before auth
Add a check that self.bitbucket_server_url is not None before constructing the client. If URL parsing fails, raising a clear error prevents subsequent authentication calls from failing unexpectedly.
#if bearer token is provided, use it to authenticate, otherwise use username and password
+if not self.bitbucket_server_url:+ raise ValueError("Invalid or missing Bitbucket Server URL parsed from PR URL.")
if self.bearer_token:
self.bitbucket_client = bitbucket_client or Bitbucket(
url=self.bitbucket_server_url,
token=self.bearer_token
)
else:
self.bitbucket_client = bitbucket_client or Bitbucket(
url=self.bitbucket_server_url,
username=self.username,
password=self.password
)
try:
self.bitbucket_api_version = parse_version(self.bitbucket_client.get("rest/api/1.0/application-properties").get('version'))
except Exception:
self.bitbucket_api_version = None
Apply / Chat
Suggestion importance[1-10]: 6
__
Why: Verifying self.bitbucket_server_url before constructing the client prevents hard-to-diagnose failures and surfaces configuration issues earlier with a clear message.
Low
Learned best practice
Add error handling for client init
Wrap Bitbucket client initialization in a try-except block to handle authentication or connection failures gracefully. Log a clear error message and re-raise to aid troubleshooting.
-if self.bearer_token:- self.bitbucket_client = bitbucket_client or Bitbucket(- url=self.bitbucket_server_url,- token=self.bearer_token- )-else:- self.bitbucket_client = bitbucket_client or Bitbucket(- url=self.bitbucket_server_url,- username=self.username,- password=self.password- )+try:+ if self.bearer_token:+ self.bitbucket_client = bitbucket_client or Bitbucket(+ url=self.bitbucket_server_url,+ token=self.bearer_token+ )+ else:+ self.bitbucket_client = bitbucket_client or Bitbucket(+ url=self.bitbucket_server_url,+ username=self.username,+ password=self.password+ )+except Exception as e:+ get_logger().error(f"Failed to initialize Bitbucket client for {self.bitbucket_server_url}: {e}")+ raise
Apply / Chat
Suggestion importance[1-10]: 6
__
Why:
Relevant best practice - Add proper error handling with try-catch blocks for operations that can fail (e.g., API calls) to prevent crashes and provide meaningful error messages.
Low
More
Author self-review: I have reviewed the PR code suggestions, and addressed the relevant ones.
Add validation to ensure that when falling back to username/password authentication, both credentials are provided. Without this check, the Bitbucket client may fail silently or throw unclear errors if only one credential is missing.
#get username and password from settings
self.username = get_settings().get("BITBUCKET_SERVER.USERNAME", None)
self.password = get_settings().get("BITBUCKET_SERVER.PASSWORD", None)
self.bitbucket_server_url = self._parse_bitbucket_server(url=pr_url)
#if bearer token is provided, use it to authenticate, otherwise use username and password
if self.bearer_token:
self.bitbucket_client = bitbucket_client or Bitbucket(
url=self.bitbucket_server_url,
token=self.bearer_token
)
-else:+elif self.username and self.password:
self.bitbucket_client = bitbucket_client or Bitbucket(
url=self.bitbucket_server_url,
username=self.username,
password=self.password
)
+else:+ raise ValueError("Authentication failed: Either BEARER_TOKEN or both USERNAME and PASSWORD must be provided")
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly identifies that the code doesn't handle cases where no bearer token is provided and username/password are also missing, which would lead to an authentication failure. Raising a ValueError is a robust way to handle this, making the configuration error explicit.
Medium
Learned best practice
Fix comment capitalization and punctuation
The comment lacks proper capitalization and punctuation. Comments should follow standard grammar rules for professional code quality.
-#get username and password from settings+# Get username and password from settings
self.username = get_settings().get("BITBUCKET_SERVER.USERNAME", None)
self.password = get_settings().get("BITBUCKET_SERVER.PASSWORD", None)
Suggestion importance[1-10]: 6
__
Why:
Relevant best practice - Fix typos and grammatical errors in documentation, comments, and user-facing text to maintain professional quality and clarity
Low
Fix comment capitalization and punctuation
The comment lacks proper capitalization and punctuation. Comments should start with a capital letter and end with proper punctuation for consistency.
-#if bearer token is provided, use it to authenticate, otherwise use username and password+# If bearer token is provided, use it to authenticate, otherwise use username and password
if self.bearer_token:
Suggestion importance[1-10]: 5
__
Why:
Relevant best practice - Fix typos and grammatical errors in documentation, comments, and user-facing text to maintain professional quality and clarity
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
feat: enhance BitbucketServerProvider authentication with username and password fallback
PR Type
Enhancement
Description
Add username/password authentication fallback for BitbucketServerProvider
Maintain bearer token as primary authentication method
Improve authentication flexibility for different deployment scenarios
Diagram Walkthrough
File Walkthrough
bitbucket_server_provider.py
Enhanced authentication with username/password fallbackpr_agent/git_providers/bitbucket_server_provider.py