-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
Severity 3 - Minor
-
Issue Summary
In Bitbucket Cloud, the logic for displaying the list of workspace repositories that a user has access to is incorrect in the following scenario:
- Public workspace with private repo(s)
- 2SV enabled for the workspace
- User without 2SV enabled accesses the workspace
This is NOT reproducible on Data Center.
Steps to Reproduce
- User A creates a public Bitbucket Cloud workspace
- User A creates a private repository in the new workspace
- User A updates the workspace access controls to require two-step verification
- User A grants User B access to the workspace
- User B disables 2SV on their Bitbucket Cloud account
- User B accepts the workspace invitation
- User B visits the workspace repositories list (`https://bitbucket.org/<workspace>/workspace/repositories`)
Expected Results
User B should not be able to see the private repository in the list of repositories, because their workspace requires 2SV but they have not enabled it for their user account.
Actual Results
User B is able to see the private repository in the workspace repositories list, even though they don't have 2SV enabled.
If the user clicks on the repository name, they are navigated to the repository with only the top and side navigation visible (the content area of the page shows a spinner).
Workaround
If the user hard refreshes the repository page (the one with the spinner), they are taken to the expected error page indicating that they need to enable 2SV.
- relates to
-
BCLOUD-23467 Improve error message when "Require two-step verification" feature is turned on
- Gathering Interest
Inaccurate repositories list for 2SV-enabled public workspaces
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
Severity 3 - Minor
-
Issue Summary
In Bitbucket Cloud, the logic for displaying the list of workspace repositories that a user has access to is incorrect in the following scenario:
- Public workspace with private repo(s)
- 2SV enabled for the workspace
- User without 2SV enabled accesses the workspace
This is NOT reproducible on Data Center.
Steps to Reproduce
- User A creates a public Bitbucket Cloud workspace
- User A creates a private repository in the new workspace
- User A updates the workspace access controls to require two-step verification
- User A grants User B access to the workspace
- User B disables 2SV on their Bitbucket Cloud account
- User B accepts the workspace invitation
- User B visits the workspace repositories list (`https://bitbucket.org/<workspace>/workspace/repositories`)
Expected Results
User B should not be able to see the private repository in the list of repositories, because their workspace requires 2SV but they have not enabled it for their user account.
Actual Results
User B is able to see the private repository in the workspace repositories list, even though they don't have 2SV enabled.
If the user clicks on the repository name, they are navigated to the repository with only the top and side navigation visible (the content area of the page shows a spinner).
Workaround
If the user hard refreshes the repository page (the one with the spinner), they are taken to the expected error page indicating that they need to enable 2SV.
- relates to
-
BCLOUD-23467 Improve error message when "Require two-step verification" feature is turned on
- Gathering Interest