Merge pull request #711 from whoisj/more-bitbucket

J Wyman · web-flow · commit 71f76428dc1e · 2018-08-08T16:33:08.000-04:00
bitbucket: fix data loss from token misuse
diff --git a/Bitbucket.Authentication/Src/OAuth/OAuthAuthenticator.cs b/Bitbucket.Authentication/Src/OAuth/OAuthAuthenticator.cs
@@ -323,7 +323,7 @@ private Token FindAccessToken(string responseText)
                 && tokenMatch.Groups.Count > 1)
             {
                 string tokenText = tokenMatch.Groups[1].Value;
-                return new Token(tokenText, TokenType.Personal);
+                return new Token(tokenText, TokenType.BitbucketAccess);
             }
 
             return null;
diff --git a/Microsoft.Alm.Authentication/Src/Network.cs b/Microsoft.Alm.Authentication/Src/Network.cs
@@ -566,6 +566,17 @@ private HttpClient GetHttpClient(TargetUri targetUri, HttpMessageHandler handler
                                 }
                                 break;
 
+                                case TokenType.Personal:
+                                {
+                                    // Personal access tokens are designed to treated like credentials,
+                                    // so treat them like credentials.
+                                    var credentials = (Credential)token;
+
+                                    // Credentials are packed into the 'Authorization' header as a base64 encoded pair.
+                                    httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", credentials.ToBase64String());
+                                }
+                                break;
+
                                 default:
                                 Trace.WriteLine("! unsupported token type, not appending an authentication header to the request.");
                                 break;
@@ -602,7 +613,7 @@ private static IWebProxy GetHttpWebProxy(TargetUri targetUri)
 
             if (proxyUri != null)
             {
-                WebProxy proxy = new WebProxy(proxyUri) { UseDefaultCredentials = true };
+                var proxy = new WebProxy(proxyUri) { UseDefaultCredentials = true };
 
                 // check if the user has specified authentications (comes as UserInfo)
                 if (!string.IsNullOrWhiteSpace(proxyUri.UserInfo) && proxyUri.UserInfo.Length > 1)
@@ -615,7 +626,7 @@ private static IWebProxy GetHttpWebProxy(TargetUri targetUri)
                         string userName = proxyUri.UserInfo.Substring(0, tokenIndex);
                         string password = proxyUri.UserInfo.Substring(tokenIndex + 1);
 
-                        NetworkCredential proxyCreds = new NetworkCredential(userName, password);
+                        var proxyCreds = new NetworkCredential(userName, password);
 
                         proxy.UseDefaultCredentials = false;
                         proxy.Credentials = proxyCreds;
diff --git a/Microsoft.Alm.Authentication/Src/Token.cs b/Microsoft.Alm.Authentication/Src/Token.cs
@@ -306,7 +306,7 @@ public static explicit operator Credential(Token token)
             if (token is null)
                 return null;
 
-            if (token.Type != TokenType.Personal)
+            if (token.Type != TokenType.Personal && token.Type != TokenType.BitbucketAccess)
                 throw new InvalidCastException($"Cannot cast `{nameof(Token)}` of type '{token.Type}' to `{nameof(Credential)}`");
 
             return new Credential("PersonalAccessToken", token._value);

Original file line number	Diff line number	Diff line change
`@@ -323,7 +323,7 @@ private Token FindAccessToken(string responseText)`
`323`	`323`	`&& tokenMatch.Groups.Count > 1)`
`324`	`324`	`{`
`325`	`325`	`string tokenText = tokenMatch.Groups[1].Value;`
`326`		`- return new Token(tokenText, TokenType.Personal);`
	`326`	`+ return new Token(tokenText, TokenType.BitbucketAccess);`
`327`	`327`	`}`
`328`	`328`
`329`	`329`	`return null;`