Honor token field in BitbucketServerRepositoryProvider

jorgee · jorgee · commit b36b47eec890 · 2026-05-08T10:55:33.000+02:00
Signed-off-by: jorgee &lt;jorge.ejarque@seqera.io&gt;
diff --git a/modules/nextflow/src/main/groovy/nextflow/scm/BitbucketServerRepositoryProvider.groovy b/modules/nextflow/src/main/groovy/nextflow/scm/BitbucketServerRepositoryProvider.groovy
@@ -21,6 +21,8 @@ import groovy.json.JsonSlurper
 import groovy.transform.Memoized
 import groovy.util.logging.Slf4j
 import nextflow.exception.AbortOperationException
+import org.eclipse.jgit.transport.CredentialsProvider
+import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider
 
 import java.nio.charset.StandardCharsets
 
@@ -64,6 +66,29 @@ final class BitbucketServerRepositoryProvider extends RepositoryProvider {
     @Override
     String getName() { "BitBucketServer" }
 
+    @Override
+    boolean hasCredentials() {
+        return getToken() || (getUser() && getPassword())
+    }
+
+    @Override
+    protected String[] getAuth() {
+        if( getToken() )
+            return new String[] { "Authorization", "Bearer " + getToken() }
+        if( getUser() && getPassword() ) {
+            final authString = "${getUser()}:${getPassword()}".bytes.encodeBase64().toString()
+            return new String[] { "Authorization", "Basic " + authString }
+        }
+        return null
+    }
+
+    @Override
+    CredentialsProvider getGitCredentials() {
+        if( getToken() )
+            return new UsernamePasswordCredentialsProvider(getUser() ?: '', getToken())
+        return new UsernamePasswordCredentialsProvider(getUser(), getPassword())
+    }
+
     @Override
     String getEndpointUrl() {
         return "${config.endpoint}/rest/api/1.0/projects/${project}/repos/${repository}"
diff --git a/modules/nextflow/src/test/groovy/nextflow/scm/BitbucketServerRepositoryProviderTest.groovy b/modules/nextflow/src/test/groovy/nextflow/scm/BitbucketServerRepositoryProviderTest.groovy
@@ -16,6 +16,8 @@
 
 package nextflow.scm
 
+import org.eclipse.jgit.transport.CredentialItem
+import org.eclipse.jgit.transport.URIish
 import spock.lang.Ignore
 import spock.lang.Requires
 import spock.lang.Specification
@@ -106,7 +108,11 @@ class BitbucketServerRepositoryProviderTest extends Specification {
     def 'should list branches' () {
         given:
         def token = System.getenv('NXF_BITBUCKET_SERVER_ACCESS_TOKEN')
-        def config = new ProviderConfig('bbs', [server:'http://slurm.seqera.io:7990', platform:'bitbucketsever']).setAuth(token)
+        def items = token.tokenize(':')
+
+        def config = items > 1
+            ? new ProviderConfig('bbs', [server:'http://slurm.seqera.io:7990', platform:'bitbucketsever']).setUser(items[0]).setToken(items[1])
+            : new ProviderConfig('bbs', [server:'http://slurm.seqera.io:7990', platform:'bitbucketsever']).setToken(token)
         and:
         def repo = new BitbucketServerRepositoryProvider('scm/hello/hello', config)
 
@@ -131,6 +137,95 @@ class BitbucketServerRepositoryProviderTest extends Specification {
         result.contains( new RepositoryProvider.TagInfo('v1.0', 'c62df3d9c2464adcaa0fb6c978c8e32e2672b191') )
     }
 
+    @Unroll
+    def 'should validate hasCredentials' () {
+        given:
+        def provider = new BitbucketServerRepositoryProvider('proj/repo', PROVIDER)
+
+        expect:
+        provider.hasCredentials() == EXPECTED
+
+        where:
+        EXPECTED | PROVIDER
+        false    | new ProviderConfig('bbs', [platform:'bitbucketserver'])
+        false    | new ProviderConfig('bbs', [platform:'bitbucketserver']).setUser('foo')
+        false    | new ProviderConfig('bbs', [platform:'bitbucketserver']).setPassword('bar')
+        true     | new ProviderConfig('bbs', [platform:'bitbucketserver']).setToken('xyz')
+        true     | new ProviderConfig('bbs', [platform:'bitbucketserver']).setUser('foo').setPassword('bar')
+        true     | new ProviderConfig('bbs', [platform:'bitbucketserver']).setUser('foo').setToken('xyz')
+        true     | new ProviderConfig('bbs', [platform:'bitbucketserver']).setUser('foo').setPassword('bar').setToken('xyz')
+    }
+
+    @Unroll
+    def 'should validate getAuth' () {
+        given:
+        def provider = new BitbucketServerRepositoryProvider('proj/repo', PROVIDER)
+
+        expect:
+        provider.getAuth() == EXPECTED as String[]
+
+        where:
+        EXPECTED                                                       | PROVIDER
+        null                                                           | new ProviderConfig('bbs', [platform:'bitbucketserver'])
+        ["Authorization", "Bearer xyz"]                                | new ProviderConfig('bbs', [platform:'bitbucketserver']).setToken('xyz')
+        ["Authorization", "Basic ${"foo:bar".bytes.encodeBase64()}"]   | new ProviderConfig('bbs', [platform:'bitbucketserver']).setUser('foo').setPassword('bar')
+        ["Authorization", "Bearer xyz"]                                | new ProviderConfig('bbs', [platform:'bitbucketserver']).setUser('foo').setToken('xyz')
+        ["Authorization", "Bearer xyz"]                                | new ProviderConfig('bbs', [platform:'bitbucketserver']).setUser('foo').setPassword('bar').setToken('xyz')
+    }
+
+    def 'should pass token as password in getGitCredentials' () {
+        given:
+        def config = new ProviderConfig('bbs', [platform:'bitbucketserver'])
+                .setUser('foo')
+                .setToken('xyz')
+        def provider = new BitbucketServerRepositoryProvider('proj/repo', config)
+        def user = new CredentialItem.Username()
+        def pass = new CredentialItem.Password()
+
+        when:
+        def creds = provider.getGitCredentials()
+        creds.get(new URIish('https://bitbucket.server.com/scm/proj/repo.git'), user, pass)
+
+        then:
+        user.value == 'foo'
+        new String(pass.value) == 'xyz'
+    }
+
+    def 'should use token-only in getGitCredentials when no user is set' () {
+        given:
+        def config = new ProviderConfig('bbs', [platform:'bitbucketserver'])
+                .setAuth('xyz')
+        def provider = new BitbucketServerRepositoryProvider('proj/repo', config)
+        def user = new CredentialItem.Username()
+        def pass = new CredentialItem.Password()
+
+        when:
+        def creds = provider.getGitCredentials()
+        creds.get(new URIish('https://bitbucket.server.com/scm/proj/repo.git'), user, pass)
+
+        then:
+        user.value == ''
+        new String(pass.value) == 'xyz'
+    }
+
+    def 'should fall back to password in getGitCredentials when token absent' () {
+        given:
+        def config = new ProviderConfig('bbs', [platform:'bitbucketserver'])
+                .setUser('foo')
+                .setPassword('bar')
+        def provider = new BitbucketServerRepositoryProvider('proj/repo', config)
+        def user = new CredentialItem.Username()
+        def pass = new CredentialItem.Password()
+
+        when:
+        def creds = provider.getGitCredentials()
+        creds.get(new URIish('https://bitbucket.server.com/scm/proj/repo.git'), user, pass)
+
+        then:
+        user.value == 'foo'
+        new String(pass.value) == 'bar'
+    }
+
     @Requires( { System.getenv('NXF_BITBUCKET_SERVER_ACCESS_TOKEN') } )
     def 'should list root directory contents'() {
         given:
