Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-14021

Webhooks UI does not support adding both basic auth credentials and a secret

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 8.8.4, 8.9.1, 8.10.0
    • 8.8.3, 8.9.0
    • Webhooks
    • None

      Issue Summary

      When creating a webhook, a user should be able to secure the webhook by adding both basic authentication credentials (if the webhook URL is authenticated) and a secret. This is because the secret is not used to authenticate the request itself, but rather to authenticate the webhook payload and ensure the request transmitted is the one that Bitbucket intended to send. Hence, because each field has a different purpose, they are sent via a different header in the request. Credentials are sent via the Authorization header, whilst the secret is sent via the X-Hub-Signature header. If a user wants to send a request that contains both headers, they'll need to provide both fields. Currently, the UI does not support this.

      The secret has been grouped under the "Authentication" heading in the webhook form, however, it should not be. These fields should be separated, which will then allow a user to add both, if desired. 

      Workaround

      A user can create a webhook via REST API with a secret and credentials. The request body should contain the following:

      {
      ...
        "configuration" : { "secret": "XXX" },
        "credentials": { "username" : "YYY", "password" : "ZZZ" },
      ...
      }

      Both headers will then be added to the request respectively. 

              5b83d565b5b1 Josh Wang
              8f36004e07e8 Milly Wilson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: