Bitbucket server rest api requests not returning cookie

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: None
    • 16
    • 2

      Summary

      In the REST API documentation regarding Authentication ( https://docs.atlassian.com/bitbucket-server/rest/5.13.0/bitbucket-rest.html) there is a statement: "Other supported methods include: HTTP Cookies"

      However, the server does not respond with a cookie information. For example:

      Bitbucket: curl -v --user admin:admin http://localhost:7990/bitbucket/rest/api/latest/projects | python -m json.tool

      * TCP_NODELAY set
* Connected to localhost (::1) port 7990 (#0)
* Server auth using Basic with user 'admin'
> GET /bitbucket/rest/api/latest/projects HTTP/1.1
> Host: localhost:7990
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 
< X-AREQUESTID: @DERBTOx1201x75x0
< X-AUSERID: 1
< X-AUSERNAME: admin
< Cache-Control: no-cache, no-transform
< Vary: X-AUSERNAME,Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: application/json;charset=UTF-8
< X-Content-Type-Options: nosniff
< Date: Thu, 16 Aug 2018 12:01:38 GMT
< 
{ [418 bytes data]
100   411    0   411    0     0  11378      0 --:--:-- --:--:-- --:--:-- 11416
* Connection #0 to host localhost left intact
{
    "isLastPage": true,
    "limit": 25,
    "size": 2,
    "start": 0,
    "values": [
        {
            "id": 22,
            "key": "ANNE",
            "links": {
                "self": [
                    {
                        "href": "http://localhost:7990/bitbucket/projects/ANNE"
                    }
                ]
            },
            "name": "ANNE",
            "public": false,
            "type": "NORMAL"
        },
        {
            "description": "Default configuration project #1",
            "id": 1,
            "key": "PROJECT_1",
            "links": {
                "self": [
                    {
                        "href": "http://localhost:7990/bitbucket/projects/PROJECT_1"
                    }
                ]
            },
            "name": "Project 1",
            "public": false,
            "type": "NORMAL"
        }
    ]
}

      Unlike request to confluence or jira servers return the session cookie that can be used on subsequent requests.
      Jira: curl -v --user admin:admin http://localhost:2990/jira/rest/api/latest/project | python -m json.tool

      * TCP_NODELAY set
* Connected to localhost (::1) port 2990 (#0)
* Server auth using Basic with user 'admin'
> GET /jira/rest/api/latest/project HTTP/1.1
> Host: localhost:2990
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.54.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-AREQUESTID: 1199x3063x1
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: frame-ancestors 'self'
< X-ASEN: SEN-500
< Set-Cookie: JSESSIONID=90E7DD49D4FA6024414DA46B5ACD1133; Path=/jira/; HttpOnly
< X-Seraph-LoginReason: OK
< Set-Cookie: atlassian.xsrf.token=BWP3-NZB2-6EDY-6C7K|280b1dea24ae9efbc27877b7d4d8ac9b45dc7623|lin; Path=/jira
< X-ASESSIONID: 1e0jlbc
< X-AUSERNAME: admin
< Cache-Control: no-cache, no-store, no-transform
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 16 Aug 2018 11:59:18 GMT
< 
{ [5 bytes data]
100  1561    0  1561    0     0  51086      0 --:--:-- --:--:-- --:--:-- 52033
* Connection #0 to host localhost left intact
[
    {
        "avatarUrls": {
            "16x16": "http://localhost:2990/jira/secure/projectavatar?size=xsmall&avatarId=10324",
            "24x24": "http://localhost:2990/jira/secure/projectavatar?size=small&avatarId=10324",
            "32x32": "http://localhost:2990/jira/secure/projectavatar?size=medium&avatarId=10324",
            "48x48": "http://localhost:2990/jira/secure/projectavatar?avatarId=10324"
        },
        "expand": "description,lead,url,projectKeys",
        "id": "10000",
        "key": "PROJ",
        "name": "PROJ",
        "projectTypeKey": "business",
        "self": "http://localhost:2990/jira/rest/api/2/project/10000"
    },
    {
        "avatarUrls": {
            "16x16": "http://localhost:2990/jira/secure/projectavatar?size=xsmall&avatarId=10324",
            "24x24": "http://localhost:2990/jira/secure/projectavatar?size=small&avatarId=10324",
            "32x32": "http://localhost:2990/jira/secure/projectavatar?size=medium&avatarId=10324",
            "48x48": "http://localhost:2990/jira/secure/projectavatar?avatarId=10324"
        },
        "expand": "description,lead,url,projectKeys",
        "id": "10001",
        "key": "SCRUM",
        "name": "SCRUM",
        "projectTypeKey": "software",
        "self": "http://localhost:2990/jira/rest/api/2/project/10001"
    },
    {
        "avatarUrls": {
            "16x16": "http://localhost:2990/jira/secure/projectavatar?size=xsmall&avatarId=10324",
            "24x24": "http://localhost:2990/jira/secure/projectavatar?size=small&avatarId=10324",
            "32x32": "http://localhost:2990/jira/secure/projectavatar?size=medium&avatarId=10324",
            "48x48": "http://localhost:2990/jira/secure/projectavatar?avatarId=10324"
        },
        "expand": "description,lead,url,projectKeys",
        "id": "10100",
        "key": "SCRUMBU",
        "name": "SCRUM-BU",
        "projectTypeKey": "software",
        "self": "http://localhost:2990/jira/rest/api/2/project/10100"
    }
]

      Where Jira's has Set-Cookie

      Note: Issue can be replicated across different versions of Bitbucket with the same result

            Assignee:
            Unassigned
            Reporter:
            Anne Calantog
            Votes:
            10 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated: