public AuthenticationResult(AuthenticationResultType type, IExtendedCredential token, string username)
{
Type = type;
Token = token;
RefreshToken = null;
RemoteUsername = username;
}
private async Task <AuthenticationResult> ParseSuccessResponseAsync(Uri targetUri, HttpResponseMessage response)
{
IExtendedCredential token = null;
string responseText = await response.Content.ReadAsStringAsync();
Match tokenMatch;
// TODO use compiled regex, switch regex based on Uri Bbc vs BbS
if ((tokenMatch = Regex.Match(responseText, BitbucketServerConstants.PersonalAccessTokenRegexCommand
,
RegexOptions.CultureInvariant | RegexOptions.IgnoreCase)).Success &&
tokenMatch.Groups.Count > 2)
{
var userName = tokenMatch.Groups[1].Value;
string tokenText = tokenMatch.Groups[2].Value;
token = new BearerCredential(userName, tokenText);
}
if (token == null)
{
_trace.WriteLine($"Authentication for '{targetUri}' failed.");
return(new AuthenticationResult(AuthenticationResultType.Failure));
}
else
{
_trace.WriteLine($"Authentication success: new personal access token for '{targetUri}' created.");
return(new AuthenticationResult(AuthenticationResultType.Success, token));
}
}
public AuthenticationResult(AuthenticationResultType type, IExtendedCredential accessToken,
IExtendedCredential refreshToken, string remoteUsername)
{
Type = type;
Token = accessToken;
RefreshToken = refreshToken;
RemoteUsername = remoteUsername;
}
public async Task <AuthenticationResult> AcquireTokenAsync(Uri targetUri, IExtendedCredential credentials, IEnumerable <string> scopes)
{
Uri requestUri = GetAuthenticationRequestUri(targetUri, credentials.UserName);
_trace.WriteLine($"HTTP: POST {requestUri}");
using (HttpContent content = GetTokenJsonContent(targetUri, scopes))
using (var request = new HttpRequestMessage(HttpMethod.Put, requestUri))
{
// set content
request.Content = content;
// Set the auth header
request.Headers.Authorization = new AuthenticationHeaderValue(credentials.Scheme, credentials.Token);
request.Headers.Add("Accept", "*/*");
using (var response = await HttpClient.SendAsync(request))
{
// TODO logging Trace.WriteLine($"server responded with {response.StatusCode}.");
switch (response.StatusCode)
{
case HttpStatusCode.OK:
case HttpStatusCode.Created:
return(await ParseSuccessResponseAsync(targetUri, response));
case HttpStatusCode.Forbidden:
{
// Bitbucket Cloud
// A 403/Forbidden response indicates the username/password are
// recognized and good but 2FA is on in which case we want to
// indicate that with the TwoFactor result
// TODO logging Trace.WriteLine("two-factor app authentication code required");
return(new AuthenticationResult(AuthenticationResultType.TwoFactor));
}
case HttpStatusCode.Unauthorized:
{
// username or password are wrong.
// TODO logging Trace.WriteLine("authentication unauthorized");
return(new AuthenticationResult(AuthenticationResultType.Failure));
}
default:
// any unexpected result can be treated as a failure.
// TODO logging Trace.WriteLine("authentication failed");
string responseText = await response.Content.ReadAsStringAsync();
return(new AuthenticationResult(AuthenticationResultType.Failure));
}
}
}
}
private AuthenticationResult GetAuthenticationResult(IExtendedCredential token, IExtendedCredential refreshToken)
{
// Bitbucket should always return both.
if (token == null || refreshToken == null)
{
_trace.WriteLine("authentication failure");
return(new AuthenticationResult(AuthenticationResultType.Failure));
}
else
{
_trace.WriteLine("authentication success: new personal access token created.");
return(new AuthenticationResult(AuthenticationResultType.Success, token, refreshToken));
}
}
private async Task <AuthenticationResult> ParseAquireTokenSuccessResponseAsync(Uri targetUri, HttpResponseMessage response, IExtendedCredential sourceCredentials)
{
IExtendedCredential token = null;
string responseText = await response.Content.ReadAsStringAsync();
Match tokenMatch;
// TODO use compiled regex, switch regex based on Uri Bbc vs BbS
if ((tokenMatch = Regex.Match(responseText, BitbucketServerConstants.PersonalAccessTokenRegexCommand
,
RegexOptions.CultureInvariant | RegexOptions.IgnoreCase)).Success &&
tokenMatch.Groups.Count > 2)
{
var userName = tokenMatch.Groups[1].Value;
string tokenText = tokenMatch.Groups[2].Value;
token = new BearerCredential(userName, tokenText);
}
// Cloud Basic Auth nominal data check from the JSON response to 2.0/user
if (Constants.Http.WwwAuthenticateBasicScheme.Equals(sourceCredentials.Scheme) &&
(tokenMatch = Regex.Match(responseText, BitbucketConstants.UserNameFromJsonRegexCommand,
RegexOptions.CultureInvariant | RegexOptions.IgnoreCase)).Success &&
tokenMatch.Groups.Count > 1)
{
var userName = tokenMatch.Groups[1].Value;
token = new BaseAuthCredential(userName, sourceCredentials.Password);
}
if (token == null)
{
_trace.WriteLine($"Authentication for '{targetUri}' failed.");
return(new AuthenticationResult(AuthenticationResultType.Failure));
}
else
{
_trace.WriteLine($"Authentication success: new personal access token for '{targetUri}' created.");
return(new AuthenticationResult(AuthenticationResultType.Success, token));
}
}
public async Task <AuthenticationResult> AcquireTokenAsync(Uri targetUri, IEnumerable <string> scopes, IExtendedCredential credentials)
{
var oauth = GetAuthenticator();
try
{
return(await oauth.AcquireTokenAsync(targetUri, scopes, credentials));
}
catch (Exception ex)
{
_trace.WriteLine($"oauth authentication failed [{ex.Message}]");
return(new AuthenticationResult(AuthenticationResultType.Failure));
}
}
public Task <AuthenticationResult> AcquireTokenAsync(Uri targetUri, IEnumerable <string> scopes, IExtendedCredential credentials)
{
throw new Exception();
}
public async Task <AuthenticationResult> GetCloudAuthAsync(Uri targetUri, IEnumerable <string> scopes, IExtendedCredential credentials)
{
return(await _bitbucketApi.AcquireTokenAsync(
targetUri, credentials.UserName, credentials.Password, "", BitbucketCredentialScopes));
}
private async Task <AuthenticationResult> GetServerAuthAsync(Uri targetUri, IEnumerable <string> scopes, IExtendedCredential credentials)
{
// Use the provided username and password and attempt a basic authentication request to a known REST API resource.
//var result = await (new Rest.Server.RestClient(Context)).TryGetUser(targetUri, requestTimeout, restRootUrl, credentials);
return(await _bitbucketServerApi.AcquireTokenAsync(
targetUri, credentials, BitbucketServerCredentialScopes));
}
public async Task <AuthenticationResult> AcquireTokenAsync(Uri targetUri, IEnumerable <string> scopes, IExtendedCredential credentials)
{
if (targetUri.AbsoluteUri.Contains("bitbucket.org") /* TODO Rest.Cloud.RestClient.IsAcceptableUri(targetUri)*/)
{
return(await GetCloudAuthAsync(targetUri, scopes, credentials));
}
else
{
return(await GetServerAuthAsync(targetUri, scopes, credentials));
}
}
public async Task <AuthenticationResult> AcquireTokenAsync(Uri targetUri, IEnumerable <string> scopes, IExtendedCredential credentials)
{
return(await GetAuthAsync(targetUri, scopes, CancellationToken.None));
}