From 045665dad893ea8ff2ca4926f13b7d1c26244778 Mon Sep 17 00:00:00 2001 From: Yoriyasu Yano <430092+yorinasub17@users.noreply.github.com> Date: Mon, 30 Oct 2023 13:01:42 -0500 Subject: [PATCH] fix: Body parameters need to be included in jwt token hash Signed-off-by: Yoriyasu Yano <430092+yorinasub17@users.noreply.github.com> --- src/bbstd/client.ts | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/bbstd/client.ts b/src/bbstd/client.ts index 96f782f..a2f6d38 100644 --- a/src/bbstd/client.ts +++ b/src/bbstd/client.ts @@ -74,15 +74,14 @@ export class BitBucket { async apiCall( path: string, - method: "GET" | "POST" | "DELETE" = "GET", - // eslint-disable-next-line @typescript-eslint/no-explicit-any - data: any = {}, + method: "GET" | "POST" | "PUT" | "DELETE" = "GET", + data?: atlassianjwt.Params, ): Promise { // ensure there's a slash prior to path const url = `${this.#baseURL.replace(/\/$/, "")}/${path}`; // eslint-disable-next-line @typescript-eslint/no-explicit-any let body: any = undefined; - if (method === "POST") { + if (method === "POST" || method === "PUT") { body = JSON.stringify(data); } @@ -94,6 +93,7 @@ export class BitBucket { this.#securityContext, method, url, + data, ); headers.Authorization = `JWT ${token}`; } @@ -116,13 +116,18 @@ export class BitBucket { */ async function generateSessionToken( sctx: BitBucketSecurityContext, - method: "GET" | "POST" | "DELETE", + method: "GET" | "POST" | "PUT" | "DELETE", urlRaw: string, + body?: atlassianjwt.Params, ): Promise { - const req: atlassianjwt.Request = atlassianjwt.fromMethodAndUrl( - method, - urlRaw, - ); + let req: atlassianjwt.Request; + if (body && method === "POST") { + req = atlassianjwt.fromMethodAndPathAndBody("post", urlRaw, body); + } else if (body && method === "PUT") { + req = atlassianjwt.fromMethodAndPathAndBody("put", urlRaw, body); + } else { + req = atlassianjwt.fromMethodAndUrl(method, urlRaw); + } const qsh = atlassianjwt.createQueryStringHash(req); const customClaims = { qsh };