Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-11070

Bitbucket server rest api requests not returning cookie

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • UIS:
      54
    • Feedback Policy:
      We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      Summary

      In the REST API documentation regarding Authentication ( https://docs.atlassian.com/bitbucket-server/rest/5.13.0/bitbucket-rest.html) there is a statement: "Other supported methods include: HTTP Cookies"

      However, the server does not respond with a cookie information. For example:

      Bitbucket: curl -v --user admin:admin http://localhost:7990/bitbucket/rest/api/latest/projects | python -m json.tool

      * TCP_NODELAY set
      * Connected to localhost (::1) port 7990 (#0)
      * Server auth using Basic with user 'admin'
      > GET /bitbucket/rest/api/latest/projects HTTP/1.1
      > Host: localhost:7990
      > Authorization: Basic YWRtaW46YWRtaW4=
      > User-Agent: curl/7.54.0
      > Accept: */*
      > 
      < HTTP/1.1 200 
      < X-AREQUESTID: @DERBTOx1201x75x0
      < X-AUSERID: 1
      < X-AUSERNAME: admin
      < Cache-Control: no-cache, no-transform
      < Vary: X-AUSERNAME,Accept-Encoding
      < Transfer-Encoding: chunked
      < Content-Type: application/json;charset=UTF-8
      < X-Content-Type-Options: nosniff
      < Date: Thu, 16 Aug 2018 12:01:38 GMT
      < 
      { [418 bytes data]
      100   411    0   411    0     0  11378      0 --:--:-- --:--:-- --:--:-- 11416
      * Connection #0 to host localhost left intact
      {
          "isLastPage": true,
          "limit": 25,
          "size": 2,
          "start": 0,
          "values": [
              {
                  "id": 22,
                  "key": "ANNE",
                  "links": {
                      "self": [
                          {
                              "href": "http://localhost:7990/bitbucket/projects/ANNE"
                          }
                      ]
                  },
                  "name": "ANNE",
                  "public": false,
                  "type": "NORMAL"
              },
              {
                  "description": "Default configuration project #1",
                  "id": 1,
                  "key": "PROJECT_1",
                  "links": {
                      "self": [
                          {
                              "href": "http://localhost:7990/bitbucket/projects/PROJECT_1"
                          }
                      ]
                  },
                  "name": "Project 1",
                  "public": false,
                  "type": "NORMAL"
              }
          ]
      }
      

      Unlike request to confluence or jira servers return the session cookie that can be used on subsequent requests.
      Jira: curl -v --user admin:admin http://localhost:2990/jira/rest/api/latest/project | python -m json.tool

      * TCP_NODELAY set
      * Connected to localhost (::1) port 2990 (#0)
      * Server auth using Basic with user 'admin'
      > GET /jira/rest/api/latest/project HTTP/1.1
      > Host: localhost:2990
      > Authorization: Basic YWRtaW46YWRtaW4=
      > User-Agent: curl/7.54.0
      > Accept: */*
      > 
      < HTTP/1.1 200 OK
      < Server: Apache-Coyote/1.1
      < X-AREQUESTID: 1199x3063x1
      < X-XSS-Protection: 1; mode=block
      < X-Content-Type-Options: nosniff
      < X-Frame-Options: SAMEORIGIN
      < Content-Security-Policy: frame-ancestors 'self'
      < X-ASEN: SEN-500
      < Set-Cookie: JSESSIONID=90E7DD49D4FA6024414DA46B5ACD1133; Path=/jira/; HttpOnly
      < X-Seraph-LoginReason: OK
      < Set-Cookie: atlassian.xsrf.token=BWP3-NZB2-6EDY-6C7K|280b1dea24ae9efbc27877b7d4d8ac9b45dc7623|lin; Path=/jira
      < X-ASESSIONID: 1e0jlbc
      < X-AUSERNAME: admin
      < Cache-Control: no-cache, no-store, no-transform
      < Content-Type: application/json;charset=UTF-8
      < Transfer-Encoding: chunked
      < Date: Thu, 16 Aug 2018 11:59:18 GMT
      < 
      { [5 bytes data]
      100  1561    0  1561    0     0  51086      0 --:--:-- --:--:-- --:--:-- 52033
      * Connection #0 to host localhost left intact
      [
          {
              "avatarUrls": {
                  "16x16": "http://localhost:2990/jira/secure/projectavatar?size=xsmall&avatarId=10324",
                  "24x24": "http://localhost:2990/jira/secure/projectavatar?size=small&avatarId=10324",
                  "32x32": "http://localhost:2990/jira/secure/projectavatar?size=medium&avatarId=10324",
                  "48x48": "http://localhost:2990/jira/secure/projectavatar?avatarId=10324"
              },
              "expand": "description,lead,url,projectKeys",
              "id": "10000",
              "key": "PROJ",
              "name": "PROJ",
              "projectTypeKey": "business",
              "self": "http://localhost:2990/jira/rest/api/2/project/10000"
          },
          {
              "avatarUrls": {
                  "16x16": "http://localhost:2990/jira/secure/projectavatar?size=xsmall&avatarId=10324",
                  "24x24": "http://localhost:2990/jira/secure/projectavatar?size=small&avatarId=10324",
                  "32x32": "http://localhost:2990/jira/secure/projectavatar?size=medium&avatarId=10324",
                  "48x48": "http://localhost:2990/jira/secure/projectavatar?avatarId=10324"
              },
              "expand": "description,lead,url,projectKeys",
              "id": "10001",
              "key": "SCRUM",
              "name": "SCRUM",
              "projectTypeKey": "software",
              "self": "http://localhost:2990/jira/rest/api/2/project/10001"
          },
          {
              "avatarUrls": {
                  "16x16": "http://localhost:2990/jira/secure/projectavatar?size=xsmall&avatarId=10324",
                  "24x24": "http://localhost:2990/jira/secure/projectavatar?size=small&avatarId=10324",
                  "32x32": "http://localhost:2990/jira/secure/projectavatar?size=medium&avatarId=10324",
                  "48x48": "http://localhost:2990/jira/secure/projectavatar?avatarId=10324"
              },
              "expand": "description,lead,url,projectKeys",
              "id": "10100",
              "key": "SCRUMBU",
              "name": "SCRUM-BU",
              "projectTypeKey": "software",
              "self": "http://localhost:2990/jira/rest/api/2/project/10100"
          }
      ]
      

      Where Jira's has Set-Cookie

      Note: Issue can be replicated across different versions of Bitbucket with the same result

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              acalantog Anne Calantog
              Votes:
              7 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated: