From 64e1b4ec937354bf04ab0640c8d0768be045335f Mon Sep 17 00:00:00 2001 From: octo-patch Date: Sun, 19 Apr 2026 12:30:52 +0800 Subject: [PATCH 1/2] fix: update Bitbucket clone auth to use API token scheme Bitbucket is deprecating app passwords (EOL June 2026) and new users can no longer create them. The current code uses the `x-token-auth` scheme, which only works for app passwords. Bitbucket HTTP access tokens require the `x-bitbucket-api-token-auth` scheme. Update the clone URL format for Bitbucket repositories to use `x-bitbucket-api-token-auth`, which is compatible with the current Bitbucket API token authentication method. Fixes #444 --- api/data_pipeline.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/api/data_pipeline.py b/api/data_pipeline.py index 5e1f5fa47..980a00c64 100644 --- a/api/data_pipeline.py +++ b/api/data_pipeline.py @@ -116,8 +116,11 @@ def download_repo(repo_url: str, local_path: str, repo_type: str = None, access_ # Format: https://oauth2:{token}@gitlab.com/owner/repo.git clone_url = urlunparse((parsed.scheme, f"oauth2:{encoded_token}@{parsed.netloc}", parsed.path, '', '', '')) elif repo_type == "bitbucket": - # Format: https://x-token-auth:{token}@bitbucket.org/owner/repo.git - clone_url = urlunparse((parsed.scheme, f"x-token-auth:{encoded_token}@{parsed.netloc}", parsed.path, '', '', '')) + # Format: https://x-bitbucket-api-token-auth:{token}@bitbucket.org/owner/repo.git + # Bitbucket HTTP access tokens require the x-bitbucket-api-token-auth scheme. + # The older x-token-auth scheme was used for app passwords, which are being + # deprecated by Atlassian (EOL June 2026). + clone_url = urlunparse((parsed.scheme, f"x-bitbucket-api-token-auth:{encoded_token}@{parsed.netloc}", parsed.path, '', '', '')) logger.info("Using access token for authentication") From ae9d45c364fd4a0e8aad90777a97aedce6859660 Mon Sep 17 00:00:00 2001 From: octo-patch Date: Sun, 19 Apr 2026 13:31:28 +0800 Subject: [PATCH 2/2] fix(bitbucket): keep x-token-auth for app passwords, switch on prefix Bitbucket app passwords are still supported until June 2026 and use the x-token-auth scheme. The earlier patch hard-coded x-bitbucket-api-token-auth which broke existing app-password users. Detect the new HTTP access token format by its 'ATCTT' prefix and pick the matching scheme; fall back to x-token-auth for everything else. --- api/data_pipeline.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/api/data_pipeline.py b/api/data_pipeline.py index 980a00c64..f98068651 100644 --- a/api/data_pipeline.py +++ b/api/data_pipeline.py @@ -116,11 +116,16 @@ def download_repo(repo_url: str, local_path: str, repo_type: str = None, access_ # Format: https://oauth2:{token}@gitlab.com/owner/repo.git clone_url = urlunparse((parsed.scheme, f"oauth2:{encoded_token}@{parsed.netloc}", parsed.path, '', '', '')) elif repo_type == "bitbucket": - # Format: https://x-bitbucket-api-token-auth:{token}@bitbucket.org/owner/repo.git - # Bitbucket HTTP access tokens require the x-bitbucket-api-token-auth scheme. - # The older x-token-auth scheme was used for app passwords, which are being - # deprecated by Atlassian (EOL June 2026). - clone_url = urlunparse((parsed.scheme, f"x-bitbucket-api-token-auth:{encoded_token}@{parsed.netloc}", parsed.path, '', '', '')) + # Bitbucket has two token formats with different auth schemes: + # - HTTP access tokens (prefix "ATCTT") use x-bitbucket-api-token-auth + # - App passwords (deprecated, EOL June 2026) use x-token-auth + # Detect by token prefix so existing app password users keep working. + if access_token.startswith("ATCTT"): + auth_scheme = "x-bitbucket-api-token-auth" + else: + auth_scheme = "x-token-auth" + # Format: https://{auth_scheme}:{token}@bitbucket.org/owner/repo.git + clone_url = urlunparse((parsed.scheme, f"{auth_scheme}:{encoded_token}@{parsed.netloc}", parsed.path, '', '', '')) logger.info("Using access token for authentication")