Summary

Sandbox authentication errors in the Bitbucket WebHook support.

Review Request #10982 — Created March 30, 2020 and submitted April 2, 2020, 5:42 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-3.0.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

If the credentials have changed for the Bitbucket account, but they
haven't been updated in Review Board, the WebHook handler will just
crash, which isn't helpful on either end of that WebHook.

This change sandboxes authentication errors, returning a HTTP 403
Forbidden error with details to Bitbucket. This should help provide
better information to the owners of the repository.

Note that 403 Forbidden was chosen because it conveys an inability to
handle the content without claiming that Bitbucket has provided
something invalid, unlike error codes like 500 Internal Server Error
(which typically indicates a crash or something that went unexpectedly
wrong), 400 Bad Request (which indicates bad information in the
request), or 401 Unauthorized (which indicates bad credentials in the
request).

Some tweaks to the Hosting Service unit testing support had to be made
to allow for intercepting requests using the Django HTTP Test Client.
These don't break any other unit tests.

Testing Done

Unit tests pass.

Commits

Summary	ID
Sandbox authentication errors in the Bitbucket WebHook support. When handling an incoming Bitbucket WebHook in order to close review requests, we sometimes have to perform API requests to Bitbucket. This will be the case any time we have a "truncated" payload (the payload is valid but marks its commit metadata as truncated, requiring additional API calls). If the credentials have changed for the Bitbucket account, but they haven't been updated in Review Board, the WebHook handler will just crash, which isn't helpful on either end of that WebHook. This change sandboxes authentication errors, returning a HTTP 403 Forbidden error with details to Bitbucket. This should help provide better information to the owners of the repository. Note that 403 Forbidden was chosen because it conveys an inability to handle the content without claiming that Bitbucket has provided something invalid, unlike error codes like 500 Internal Server Error (which typically indicates a crash or something that went unexpectedly wrong), 400 Bad Request (which indicates bad information in the request), or 401 Unauthorized (which indicates bad credentials in the request).	d61ea0728dfefd5309983f55e0af839e770bf68c

Summary

Sandbox authentication errors in the Bitbucket WebHook support.

When handling an incoming Bitbucket WebHook in order to close review requests, we sometimes have to perform API requests to Bitbucket. This will be the case any time we have a "truncated" payload (the payload is valid but marks its commit metadata as truncated, requiring additional API calls). If the credentials have changed for the Bitbucket account, but they haven't been updated in Review Board, the WebHook handler will just crash, which isn't helpful on either end of that WebHook. This change sandboxes authentication errors, returning a HTTP 403 Forbidden error with details to Bitbucket. This should help provide better information to the owners of the repository. Note that 403 Forbidden was chosen because it conveys an inability to handle the content without claiming that Bitbucket has provided something invalid, unlike error codes like 500 Internal Server Error (which typically indicates a crash or something that went unexpectedly wrong), 400 Bad Request (which indicates bad information in the request), or 401 Unauthorized (which indicates bad credentials in the request).

d61ea0728dfefd5309983f55e0af839e770bf68c

Issues

Description	From	Last Updated
F841 local variable 'ctx' is assigned to but never used	reviewbot	March 30, 2020, 6:41 p.m.

flake8 failed.

JSHint passed.

flake8

reviewboard/hostingsvcs/tests/test_bitbucket.py (Diff revision 1)
The issue has been resolved. Show all issues
```
F841 local variable 'ctx' is assigned to but never used
```

Change Summary:

Removed an unused variable.

Commits:

	Summary	ID
	Sandbox authentication errors in the Bitbucket WebHook support. When handling an incoming Bitbucket WebHook in order to close review requests, we sometimes have to perform API requests to Bitbucket. This will be the case any time we have a "truncated" payload (the payload is valid but marks its commit metadata as truncated, requiring additional API calls). If the credentials have changed for the Bitbucket account, but they haven't been updated in Review Board, the WebHook handler will just crash, which isn't helpful on either end of that WebHook. This change sandboxes authentication errors, returning a HTTP 403 Forbidden error with details to Bitbucket. This should help provide better information to the owners of the repository. Note that 403 Forbidden was chosen because it conveys an inability to handle the content without claiming that Bitbucket has provided something invalid, unlike error codes like 500 Internal Server Error (which typically indicates a crash or something that went unexpectedly wrong), 400 Bad Request (which indicates bad information in the request), or 401 Unauthorized (which indicates bad credentials in the request).	c92f3883605eba5af13e321b3823181a54a23129
	Sandbox authentication errors in the Bitbucket WebHook support. When handling an incoming Bitbucket WebHook in order to close review requests, we sometimes have to perform API requests to Bitbucket. This will be the case any time we have a "truncated" payload (the payload is valid but marks its commit metadata as truncated, requiring additional API calls). If the credentials have changed for the Bitbucket account, but they haven't been updated in Review Board, the WebHook handler will just crash, which isn't helpful on either end of that WebHook. This change sandboxes authentication errors, returning a HTTP 403 Forbidden error with details to Bitbucket. This should help provide better information to the owners of the repository. Note that 403 Forbidden was chosen because it conveys an inability to handle the content without claiming that Bitbucket has provided something invalid, unlike error codes like 500 Internal Server Error (which typically indicates a crash or something that went unexpectedly wrong), 400 Bad Request (which indicates bad information in the request), or 401 Unauthorized (which indicates bad credentials in the request).	d61ea0728dfefd5309983f55e0af839e770bf68c

Diff:

Revision 2 (+158 -18)

Show changes

	reviewboard/hostingsvcs/bitbucket.py
	reviewboard/hostingsvcs/testing/testcases.py
	reviewboard/hostingsvcs/tests/test_bitbucket.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-3.0.x (73fb346)