che-server

History

Igor Vinokur 128e7e4204 Do not return secret token in the Oauth API (#538 ) Remove the personalAccessTokenManager.get() call from the OAuth API getToken() method. The OAuth API must not know anything about PAT secrets. It should get tokens only by requesting an SCM provider OAuth API. Fix validating the Bitbucket-Server PAT method by requesting user instead of requesting. This prevents the code execution going to a recursive loop: bitbucketServerApiClient.getPersonalAccessToken() calls oauthApi.getToken() which referred to personalAccessTokenManager.getToken() which validated the token by calling scmPersonalAccessTokenFetcher.getScmUsername() -> bitbucketServerApiClient.getPersonalAccessToken().	2023-08-17 16:31:52 +03:00
..
src	Do not return secret token in the Oauth API (#538 )	2023-08-17 16:31:52 +03:00
pom.xml	chore: Bump to 7.72.1-SNAPSHOT in 7.72.x	2023-07-27 15:03:37 +00:00

Igor Vinokur 128e7e4204 Do not return secret token in the Oauth API (#538 )

Remove the personalAccessTokenManager.get() call from the OAuth API getToken() method. The OAuth API must not know anything about PAT secrets. It should get tokens only by requesting an SCM provider OAuth API.
Fix validating the Bitbucket-Server PAT method by requesting user instead of requesting.
This prevents the code execution going to a recursive loop: bitbucketServerApiClient.getPersonalAccessToken() calls oauthApi.getToken() which referred to personalAccessTokenManager.getToken() which validated the token by calling scmPersonalAccessTokenFetcher.getScmUsername() -> bitbucketServerApiClient.getPersonalAccessToken().

2023-08-17 16:31:52 +03:00

src

Do not return secret token in the Oauth API (#538 )

2023-08-17 16:31:52 +03:00

pom.xml

chore: Bump to 7.72.1-SNAPSHOT in 7.72.x

2023-07-27 15:03:37 +00:00