Bitbucket Cloud integration REST endpoint ignores security settings for anonymous users

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 9.6.1, 9.5.3
    • Affects Version/s: 9.0.0, 9.1.0, 9.3.0, 9.2.1, 9.4.0, 9.5.0, 9.6.0
    • Component/s: REST API
    • None
    • Severity 3 - Minor

      Issue Summary

      This is reproducible on Data Center: (yes) / (no)

      Steps to Reproduce

      1. Remove Anonymous user VIEW global permission
      2. Uncheck "Allow anonymous users to trigger remote repository change detection and Bamboo Specs detection" checkbox at Security settings
      3. Call POST /rest/bitbucket-cloud/latest/webhooks REST endpoint as anonymous user

      Expected Results

      Http response 401 should be returned as admin doesn't allow anonymous user to trigger change detection or specs scanning

      Actual Results

      204 Http response is returned for a valid payload

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Unassigned
            Reporter:
            Alexey Chystoprudov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: