Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
None
-
None
-
- SourceTree versions 2.5.3 and 2.6.3 are affected, but. 2.4.1 is not affected.
- BitBucket Server 4.12
-
Severity 2 - Major
Description
SourceTree versions 2.5.3 and 2.6.3 throw an error when trying to browse Bitbucket Server repos. The error is: operation couldn’t be completed. (SDNetDomain error 7.)
I confirmed this with two separate BitBucket Servers (both running ver. 4.12).
I captured authentication requests and noticed that some SourceTree requests doesn't contain my password in Basic auth header (as seen it sends only base64-encoded username and colon character):
{noformat}
GET /rest/api/1.0/users/ypetrov/repos?limit=%32%35 HTTP/1.1
Host: devbitbucket.netsertive.local:7990
Connection: keep-alive
Accept: /
User-Agent: Sourcetree/134 CFNetwork/760.2.6 Darwin/15.3.0 (x86_64)
Accept-Language: en-us
Authorization: Basic eXBldHJvdjo=
Accept-Encoding: gzip, deflate
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
X-AREQUESTID: @X1HX1Kx121x3405x0
X-ASEN: SEN-4920128
WWW-Authenticate: Basic realm="Atlassian Bitbucket"
Content-Type: application/json;charset=UTF-8
Content-Length: 197
Date: Wed, 20 Sep 2017 06:01:12 GMT
{"errors":[\{"context":null,"message":"Authentication failed. Please check your credentials and try again.","exceptionName":"com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException"}]}
{noformat}