Skip to content

Better app password support for bitbucket #12103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Oct 2, 2024
Merged

Better app password support for bitbucket #12103

merged 10 commits into from
Oct 2, 2024

Conversation

eiriksm
Copy link
Contributor

@eiriksm eiriksm commented Sep 8, 2024

This fixes #12102

It also fixes what is kind of a bad UX if you have stored actual credentials for bitbucket (for example an app password) and composer will then try to first request an access token for you using them, and in the process show some errors:

./composer/bin/composer update
Composer is operating slower than normal because you have Xdebug enabled. See https://getcomposer.org/xdebug
Composer could not detect the root package (my-vendor/my-package) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
Loading composer repositories with package information
Invalid OAuth consumer provided.
This can have three reasons:
1. You are authenticating with a bitbucket username/password combination
2. You are using an OAuth consumer, but didn't configure a (dummy) callback url
3. You are using an OAuth consumer, but didn't configure it as private consumer
Invalid OAuth consumer provided.
This can have three reasons:
1. You are authenticating with a bitbucket username/password combination
2. You are using an OAuth consumer, but didn't configure a (dummy) callback url
3. You are using an OAuth consumer, but didn't configure it as private consumer
Updating dependencies                                                          
Nothing to modify in lock file
Installing dependencies from lock file (including require-dev)
Package operations: 2 installs, 0 updates, 0 removals
  - Syncing eiriksm/test-dep-bitbucket (dev-main 9cf2753) into cache
  - Downloading eiriksm/test-dep-github (dev-main bd6bc34)
  - Installing eiriksm/test-dep-bitbucket (dev-main 9cf2753): Cloning 9cf275369a from cache
  - Installing eiriksm/test-dep-github (dev-main bd6bc34): Extracting archive
Generating autoload files
No security vulnerability advisories found.

There are actually colors and everything. Looks super scary and wrong. And 2 times even. But it's actually just warnings, and the code path that works, is executed later. Attached also an image of this scary warning

Screenshot from 2024-09-08 21-04-45

So yeah this PR fixes both of those issues. I only created an actual issue for the first of them. I could go ahead and create one for the other one if appropriate and needed for bookkeeping?

stof
stof reviewed Sep 8, 2024
View reviewed changes
@Seldaek Seldaek added this to the 2.8 milestone Sep 16, 2024
Seldaek
Seldaek reviewed Sep 17, 2024
View reviewed changes
@eiriksm
Copy link
Contributor Author

eiriksm commented Sep 27, 2024

Updated PR, I see there is a failing phpstan run on PHP 8.3 but seems unrelated to this PR

@Seldaek Seldaek merged commit a01ab9b into composer:main Oct 2, 2024
19 of 20 checks passed
@Seldaek
Copy link
Member

Seldaek commented Oct 2, 2024

Thanks, I just hope this won't cause regressions for some edge cases.

@eiriksm
Copy link
Contributor Author

eiriksm commented Oct 2, 2024

I hope so too 😬

At least now we have the test coverage in place and it would be much more trivial to refactor and add more tests

@Seldaek Seldaek mentioned this pull request Jun 17, 2025
Closed
@Seldaek
Copy link
Member

Seldaek commented Jun 17, 2025

@eiriksm could you please take a look at #12441 see if it makes sense to you?

@ConnorLock ConnorLock mentioned this pull request Jun 27, 2025
Merged
@eiriksm
Copy link
Contributor Author

eiriksm commented Jun 27, 2025

Hey there. Just wanted to say I saw the message and I hope I will be able to. Just has not been possible yet 😅

@Seldaek
Copy link
Member

Seldaek commented Jul 8, 2025

No worries, it's fixed by #12462

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Seldaek Seldaek Seldaek left review comments

+1 more reviewer

@stof stof stof left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
2.8
Development

Successfully merging this pull request may close these issues.

If a bitbucket repo is listed in repositories with ssh url, authentication will require ssh key
3 participants
@eiriksm @Seldaek @stof