Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12062

Pushing over SSH with LFS to a personal repository with numbers in the username fails

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 6.0.0, 6.7.1
    • Fix Version/s: 6.10.0
    • Component/s: Git LFS
    • Labels:

      Description

      Issue Summary

      Pushing LFS tracked files over SSH (LFS will still use HTTPs) fails.
      Git LFS 2.7.2
      Git 2.20.1 client
      Though the versions don't seem to be relevant.

      Steps to Reproduce

      1. Create a username with numbers (12test12)
      2. Create a personal repository
      3. Clone over SSH
      4. Add a file and track it with "git lfs track <filename>
      5. Attempt to push

      Expected Results

      The push occurs without issue

      Actual Results

      The push fails with:

      WARNING: Authentication error: Authentication required: Authorization error: https://<BITBUCKET URL>/scm/~12test12/pushtest.git/info/lfs/locks/verify
      Check that you have proper access to the repository
      batch response: Authentication required: Authorization error: https:/<BITBUCKET URL>/scm/~12test12/pushtest.git/info/lfs/objects/batch
      Check that you have proper access to the repository
      Uploading LFS objects:   0% (0/1), 0 B | 0 B/s, done
      error: failed to push some refs to 'ssh://git@<SSH BACKEND URL>:7999/~12test12/pushtest.git'
      

      The below exception is thrown in the atlassian-bitbucket.log file:

      2019-11-25 10:44:13,924 WARN  [http-nio-7990-exec-9] @LOGPX1x644x162143x1 98.156.239.57,192.168.2.155 "POST /scm/~12test12/pushtest.git/info/lfs/objects/batch HTTP/1.0" c.a.j.i.s.DefaultAuthenticationResultHandler Failure during JWT authentication
      com.atlassian.jwt.exception.JwtInvalidClaimException: Invalid Git LFS path: /scm/~12test12/pushtest.git/info/lfs/objects/batch
      	at com.atlassian.bitbucket.internal.scm.git.lfs.jwt.GitLfsApiClaimVerifiersBuilder$GitLfsActionClaimVerifier.verify(GitLfsApiClaimVerifiersBuilder.java:71)
      	at com.atlassian.jwt.core.reader.NimbusJwtReader.read(NimbusJwtReader.java:151)
      	at com.atlassian.jwt.core.reader.NimbusJwtReader.readAndVerify(NimbusJwtReader.java:57)
      	at com.atlassian.jwt.internal.DefaultJwtService.verifyJwt(DefaultJwtService.java:49)
      	at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.verifyJwt(JwtAuthenticatorImpl.java:62)
      	at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.verifyJwt(AbstractJwtAuthenticator.java:118)
      	at com.atlassian.jwt.core.http.auth.AbstractJwtAuthenticator.authenticate(AbstractJwtAuthenticator.java:71)
      	at com.atlassian.jwt.internal.sal.JwtAuthenticatorImpl.authenticate(JwtAuthenticatorImpl.java:30)
      	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.mayProceed(JwtAuthFilter.java:79)
      	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:35)
      	at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)
      	at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:87)
      	at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.lang.Thread.run(Thread.java:748)
      	... 72 frames trimmed
      

      Workaround

      1. Create a copy repository in a non-personal project that only your user has access to.
      2. User HTTPS instead of SSH

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              akaria@atlassian.com Aditya Karia
              Reporter:
              alevinson Aaron
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: