Description
Issue Summary
Environment
- SAML enabled Bitbucket Server instance
Steps to Reproduce
- Enable SAML
- Open URL like "/login?next=/plugins/servlet/create-branch?issueSummary%3Dtest%20test"
Expected Results
Redirected to SAML authentication provider, authenticated and redirected back to Bitbucket Server and to "Create Branch" page.
Actual Results
Present with Tomcat 400 (BAD_REQUEST) page.
Notes
This is a bug in Atlassian Authentication Plugin.
What it does is that it reads next parameter from HttpServletRequest in BitbucketAuthenticationFilter. The problem here is that HttpServletRequest#getParameter returns decoded string. So all of the + and %-encoded values are turned into actual values at that moment.
Then, the plugin proceeds to feed the value it received form HttpServletRequest to URI class which throws an exception because there are illegal characters - spaces.
What the plugin is should be doing is to encode the string again, before feeding it to URI class.
Workaround
Workaround would be to use "/login?next=/plugins/servlet/create-branch?issueSummary%3Dtest%2520test" instead of "/bitbucket/login?next=/plugins/servlet/create-branch?issueSummary%3Dtest%20test".