You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
• Make the auth header scheme configurable for Bitbucket integration
• Support Basic Auth headers instead of hardcoded Bearer tokens
• Allow users to modify authentication from "Bearer {bearer}" to "Basic {bearer}"
The error handling in the initialization could be improved. If authentication fails, the code still sets self.headers and initializes the bitbucket_client, which might lead to unexpected behavior later.
exceptExceptionase:
get_logger().exception(f"Failed to initialize Bitbucket authentication: {e}")
raise
elif self.auth_type == "bearer":
self.bearer_token = context.get("bitbucket_bearer_token", None) or get_settings().get("BITBUCKET.BEARER_TOKEN", None)
if not self.bearer_token:
raise ValueError("Bearer token is required for bearer auth")
s.headers["Authorization"] = f"Bearer {self.bearer_token}"
else:
- raise ValueError(f"Unsupported auth_type: {self.auth_type}")+ raise ValueError(f"Unsupported auth_type: {self.auth_type}")
[To ensure code accuracy, apply this suggestion manually]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies an indentation inconsistency in the else clause (line 48) which has an extra space compared to the rest of the code. This is a valid style issue that could potentially cause confusion or maintenance problems in Python, where indentation is syntactically significant.
The clone URL format for basic authentication is incorrect. For basic auth, you should use the username:password format in the URL, not the x-token-auth approach which is for bearer tokens.
Why: The suggestion correctly identifies that the URL format for basic authentication should be different from bearer token authentication. Using the proper authentication format is critical for the clone operation to work correctly with basic auth, making this a high-impact fix.
Medium
Learned best practice
✅ Extract repeated token retrieval logic into a helper function to reduce code duplicationSuggestion Impact:The commit implemented the suggestion by creating a helper function 'get_token' that extracts the repeated token retrieval logic, reducing code duplication. The implementation is very similar to the suggestion with minor differences in variable naming (auth_type vs self.auth_type) and additional error handling for unsupported auth types.
code diff:
+ self.auth_type = context.get("bitbucket_auth_type", None) or get_settings().get("BITBUCKET.AUTH_TYPE", "bearer")++ def get_token(token_name, auth_type_name):+ token = context.get(f"bitbucket_{token_name}", None) or get_settings().get(f"BITBUCKET.{token_name.upper()}", None)+ if not token:+ raise ValueError(f"{auth_type_name} auth requires a token")+ return token++ if self.auth_type == "basic":+ self.basic_token = get_token("basic_token", "Basic")
s.headers["Authorization"] = f"Basic {self.basic_token}"
- else: # default to bearer- self.bearer_token = context.get("bitbucket_bearer_token", None) or get_settings().get("BITBUCKET.BEARER_TOKEN", None)- if not self.bearer_token:- raise ValueError("Bearer token is required for bearer auth")+ elif self.auth_type == "bearer":+ self.bearer_token = get_token("bearer_token", "Bearer")
s.headers["Authorization"] = f"Bearer {self.bearer_token}"
+ else:+ raise ValueError(f"Unsupported auth_type: {self.auth_type}")
The authentication code has repeated patterns for retrieving tokens from context or settings and setting headers. Extract this logic into a helper method to reduce duplication and make the code more maintainable.
✅ Add null safety checks before using authentication tokens to prevent potential runtime errorsSuggestion Impact:The commit changed the approach to authentication validation by checking auth_type instead of using hasattr(), which is a different implementation but achieves the same goal of preventing runtime errors when accessing tokens. The code now checks if auth_type is 'basic' or 'bearer' before using the respective tokens.
code diff:
- if hasattr(self, 'basic_token'):+ if self.auth_type == "basic":
# Basic auth with token
clone_url = f"{scheme}x-token-auth:{self.basic_token}@bitbucket.org{base_url}"
- elif hasattr(self, 'bearer_token'):+ elif self.auth_type == "bearer":
# Bearer token
clone_url = f"{scheme}x-token-auth:{self.bearer_token}@bitbucket.org{base_url}"
else:
- get_logger().error("No valid authentication method provided. Returning None")+ # This case should ideally not be reached if __init__ validates auth_type+ get_logger().error(f"Unsupported or uninitialized auth_type: {getattr(self, 'auth_type', 'N/A')}. Returning None")
return None
The code directly uses self.basic_token and self.bearer_token without checking if they're valid (not None or empty). Even though there are checks in the init method, it's better to add defensive checks here as well to prevent potential runtime errors if the attributes are somehow not set or are empty.
The authentication mechanism in the clone URL is incorrect. For Bitbucket, both basic and bearer tokens should use the same URL format with "x-token-auth" as the username. However, the authentication type should be reflected in how the token is used during API calls, not in the clone URL construction.
-if hasattr(self, 'basic_token'):- # Basic auth with token- clone_url = f"{scheme}x-token-auth:{self.basic_token}@bitbucket.org{base_url}"-elif hasattr(self, 'bearer_token'):- # Bearer token- clone_url = f"{scheme}x-token-auth:{self.bearer_token}@bitbucket.org{base_url}"+# Both auth types use the same clone URL format+token = getattr(self, 'basic_token', None) or getattr(self, 'bearer_token', None)+clone_url = f"{scheme}x-token-auth:{token}@bitbucket.org{base_url}"
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly identifies that both authentication types should use the same URL format for cloning. The improved code simplifies the logic by using getattr() to retrieve whichever token is available, eliminating redundant code and making the implementation more maintainable.
Extract repeated token retrieval logic into a helper function to reduce code duplication
The authentication code has repeated patterns for retrieving tokens from context or settings and setting headers. Extract this logic into a helper method to reduce duplication and make the code more maintainable.
@mrT23
I've modified the way the bearer token is obtained to be compatible with past code and verified that both bearer and basic work fine as follows.
2025-04-11 09:42:10.595 | INFO | pr_agent.agent.pr_agent:handle_request:81 - User has set the response language to: zh-TW
2025-04-11 09:42:24.826 | INFO | pr_agent.tools.pr_reviewer:run:131 - Reviewing PR: https://bitbucket.org/xxx/xxx/123 ...
2025-04-11 09:42:24.840 | INFO | pr_agent.algo.pr_processing:get_pr_diff:63 - PR main language: Other
2025-04-11 09:42:24.851 | INFO | pr_agent.algo.pr_processing:get_pr_diff:74 - Tokens: 2613, total tokens under limit: 32000, returning full diff.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
#1681
Enhance Bitbucket provider functionality and update secret configuration template.
PR Type
Enhancement
Description
Added support for configurable authentication header in Bitbucket provider.
Introduced
auth_typeto switch between "bearer" and "basic" auth.Updated
_prepare_clone_url_with_tokento handle both auth methods.Enhanced
.secrets_template.tomlto include new auth configuration options.Changes walkthrough 📝
bitbucket_provider.py
Add support for configurable Bitbucket authenticationpr_agent/git_providers/bitbucket_provider.py
_prepare_clone_url_with_tokento handle both auth methods..secrets_template.toml
Update secrets template for Bitbucket auth configurationpr_agent/settings/.secrets_template.toml
auth_typeconfiguration for Bitbucket authentication.basic_tokenfor "basic" authentication.