How to use a Personal Access Token?

[ghost]

See also: #24

It is now possible to authenticate against the Bitbucket API with a Personal Access Token.

How to do that using this plugin?

[scaytrase]

I think personal access tokens are not supported yet. PR is always welcome

[ghost]

@scaytrase I don't have experience creating/updating Jenkins plugins.
And also I couldn't find a CONTRIBUTING.md or something similar in the repo?
So not sure where to start?

[scaytrase]

Actually we need to take care of the following code

Filling credentials select box:

stashnotifier-plugin/src/main/java/org/jenkinsci/plugins/stashNotifier/StashNotifier.java

Lines 604 to 630 in 323b477

	public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item project) {
	Jenkins jenkins = Jenkins.getInstance();
	if (project != null && project.hasPermission(Item.CONFIGURE)) {
	return new StandardListBoxModel()
	.withEmptySelection()
	.withMatching(
	new StashCredentialMatcher(),
	CredentialsProvider.lookupCredentials(
	StandardCredentials.class,
	project,
	ACL.SYSTEM,
	new ArrayList<DomainRequirement>()));
	} else if (jenkins != null && jenkins.hasPermission(Item.CONFIGURE)) {
	return new StandardListBoxModel()
	.withEmptySelection()
	.withMatching(
	new StashCredentialMatcher(),
	CredentialsProvider.lookupCredentials(
	StandardCredentials.class,
	jenkins,
	ACL.SYSTEM,
	new ArrayList<DomainRequirement>()));
	}
	return new StandardListBoxModel();
	}

Accessing credentials (basic auth is currently on the list)

stashnotifier-plugin/src/main/java/org/jenkinsci/plugins/stashNotifier/StashNotifier.java

Lines 853 to 892 in 323b477

	/**
	* Returns the HTTP POST request ready to be sent to the Stash build API for
	* the given run and change set.
	*
	* @param stashBuildNotificationEntity a entity containing the parameters
	* for Stash
	* @param commitSha1 the SHA1 of the commit that was built
	* @param url
	* @return the HTTP POST request to the Stash build API
	*/
	protected HttpPost createRequest(
	final HttpEntity stashBuildNotificationEntity,
	final Item project,
	final String commitSha1,
	final String url) throws AuthenticationException {
	HttpPost req = new HttpPost(
	url
	+ "/rest/build-status/1.0/commits/"
	+ commitSha1);
	// If we have a credential defined then we need to determine if it
	// is a basic auth
	UsernamePasswordCredentials usernamePasswordCredentials
	= getCredentials(UsernamePasswordCredentials.class, project);
	if (usernamePasswordCredentials != null) {
	req.addHeader(new BasicScheme().authenticate(
	new org.apache.http.auth.UsernamePasswordCredentials(
	usernamePasswordCredentials.getUsername(),
	usernamePasswordCredentials.getPassword().getPlainText()),
	req,
	null));
	}
	req.addHeader("Content-type", "application/json");
	req.setEntity(stashBuildNotificationEntity);
	return req;
	}

There is bunch of code to utilize certificates as SSL auth, but it's declared non-working on #154 so I think it's not really relevant here

[ghost]

@scaytrase are you able to share any environment configuration setup guidelines? I'm on Windows.

Doesn't seem too complicated to make the changes. Just trying to find out how to test the changes.

[scaytrase]

@rolandoldengarm
I can't remebmer any specials in configuring local build env, I think all I use is IDEA, gradle and oracle jdk8

At last you can just open PR and HPI would be built for you automagickally (and even would be distributed with incrementals repo)

[artizirk]

Personal Access Tokens seem to work fine out of the box when testing with curl.

echo '{"state":"SUCCESSFUL", "description":"Test description", "key":"1234asdf", "url":"http://jenkins:8081/"}' | curl -X POST -H "Authorization: Bearer <token>" -H "Content-Type: application/json"  'https://<stash_server>/rest/build-status/1.0/commits/<commit_hash>' -d @- -v

[scaytrase]

Sure, it's just not supported for know here. So tell the labels

[darxriggs]

The documentation states the following:

For git operations, you can use your personal access tokens with your REST API.

In addition to basic auth over REST API, you can use it as a bearer token, by setting the personal access token as a header value, instead of providing user name and password.

Therefore a personal access token can be used in the same way as a password in this plugin.
Create a username/password credential with the password field containing the personal access token.

@rolandoldengarm I suggest to try this and afterwards file a pull request with an updated readme.md that states that and how to use username/password credentials for passwords and personal access tokens.

[scaytrase]

Implemented in #276 released as 1.24