Merge pull request #743 from mminns/issue/722

bitbucket: remove 2FA test

Author: mjcheetham

src/shared/Atlassian.Bitbucket.Tests/BitbucketHostProviderTest.cs

@@ -219,7 +219,7 @@ public void BitbucketHostProvider_GetCredentialAsync_Succeeds_ForFreshValidBasic
 
             var credential = provider.GetCredentialAsync(input);
 
-            VerifyBasicAuthFlowRan(password, true, input, credential, null);
+            VerifyBasicAuthFlowRan(password, true, input, credential);
 
             VerifyOAuthFlowDidNotRun(password, true, input, credential);
         }
@@ -327,7 +327,7 @@ public void BitbucketHostProvider_GetCredentialAsync_AlwaysRefreshCredentials_Is
 
             if (alwaysRefreshCredentialsBool)
             {
-                VerifyBasicAuthFlowRan(password, true, input, credential, null);
+                VerifyBasicAuthFlowRan(password, true, input, credential);
             }
             else
             {
@@ -450,21 +450,13 @@ private static InputArguments MockInput(string protocol, string host, string use
             });
         }
 
-        private void VerifyBasicAuthFlowRan(string password, bool expected, InputArguments input, Task<ICredential> credential,
-            string preconfiguredAuthModes)
+        private void VerifyBasicAuthFlowRan(string password, bool expected, InputArguments input, Task<ICredential> credential)
         {
             Assert.Equal(expected, credential != null);
 
             var remoteUri = input.GetRemoteUri();
 
             bitbucketAuthentication.Verify(m => m.GetCredentialsAsync(remoteUri, input.UserName, It.IsAny<AuthenticationModes>()), Times.Once);
-
-            // check username/password for Bitbucket.org
-            if ((preconfiguredAuthModes == null && BITBUCKET_DOT_ORG_HOST == remoteUri.Host)
-                || (preconfiguredAuthModes != null && preconfiguredAuthModes.Contains("oauth")))
-            {
-                bitbucketApi.Verify(m => m.GetUserInformationAsync(input.UserName, password, false), Times.Once);
-            }
         }
 
         private void VerifyInteractiveBasicAuthFlowRan(string password, InputArguments input, Task<ICredential> credential)
@@ -473,12 +465,6 @@ private void VerifyInteractiveBasicAuthFlowRan(string password, InputArguments i
 
             // verify users was prompted for username/password credentials
             bitbucketAuthentication.Verify(m => m.GetCredentialsAsync(remoteUri, input.UserName, It.IsAny<AuthenticationModes>()), Times.Once);
-
-            // check username/password for Bitbucket.org
-            if (BITBUCKET_DOT_ORG_HOST == remoteUri.Host)
-            {
-                bitbucketApi.Verify(m => m.GetUserInformationAsync(input.UserName, password, false), Times.Once);
-            }
         }
 
         private void VerifyBasicAuthFlowNeverRan(string password, InputArguments input, bool storedAccount,
@@ -527,13 +513,7 @@ private void VerifyOAuthFlowRan(string password, bool storedAccount, bool expect
                 {
                     // prompt user for basic auth, if basic auth is not excluded
                     bitbucketAuthentication.Verify(m => m.GetCredentialsAsync(remoteUri, input.UserName, It.IsAny<AuthenticationModes>()), Times.Once);
-
-                    // check if entered Basic Auth credentials work, if basic auth is not excluded
-                    bitbucketApi.Verify(m => m.GetUserInformationAsync(input.UserName, password, false), Times.Once);
                 }
-
-                // Basic Auth 403-ed so push user through OAuth flow
-                bitbucketAuthentication.Verify(m => m.ShowOAuthRequiredPromptAsync(), Times.Once);
             }
         }
 

src/shared/Atlassian.Bitbucket/BitbucketHostProvider.cs

@@ -156,28 +156,16 @@ private async Task<ICredential> GetRefreshedCredentials(Uri remoteUri, string us
 
                     switch (result.AuthenticationMode)
                     {
+                        case AuthenticationModes.Basic:
+                            // Return the valid credential
+                            return result.Credential;
+
                         case AuthenticationModes.OAuth:
                             // If the user wants to use OAuth fall through to interactive auth
                             // and avoid the OAuth "continue" confirmation prompt
                             skipOAuthPrompt = true;
                             break;
 
-                        case AuthenticationModes.Basic:
-                            // We need to check if these user/pass credentials require 2FA
-                            _context.Trace.WriteLine("Checking if two-factor requirements for credentials...");
-
-                            bool requires2Fa = await RequiresTwoFactorAuthenticationAsync(result.Credential);
-                            if (!requires2Fa)
-                            {
-                                _context.Trace.WriteLine("Two-factor authentication not required");
-
-                                // Return the valid credential
-                                return result.Credential;
-                            }
-
-                            // 2FA is required; fall through to interactive OAuth flow
-                            break;
-
                         default:
                             throw new ArgumentOutOfRangeException(
                                 $"Unexpected {nameof(AuthenticationModes)} returned from prompt");
@@ -371,31 +359,6 @@ private async Task<string> ResolveBasicAuthUserNameAsync(string username, string
             throw new Exception($"Failed to resolve username. HTTP: {result.StatusCode}");
         }
 
-        private async Task<bool> RequiresTwoFactorAuthenticationAsync(ICredential credentials)
-        {
-            _context.Trace.WriteLineSecrets($"Check if 2FA is required for credentials ({credentials.Account}/{{0}})...", new object[] { credentials.Password });
-
-            RestApiResult<UserInfo> result = await _bitbucketApi.GetUserInformationAsync(
-                credentials.Account, credentials.Password, isBearerToken: false);
-            switch (result.StatusCode)
-            {
-                // 2FA may not be required
-                case HttpStatusCode.OK:
-                    return result.Response.IsTwoFactorAuthenticationEnabled;
-
-                // 2FA is required
-                case HttpStatusCode.Forbidden:
-                    return true;
-
-                // Incorrect credentials
-                case HttpStatusCode.Unauthorized:
-                    throw new Exception("Invalid credentials");
-
-                default:
-                    throw new Exception($"Unknown server response: {result.StatusCode}");
-            }
-        }
-
         private async Task<bool> ValidateCredentialsWork(Uri remoteUri, ICredential credentials, AuthenticationModes authModes)
         {
             if (credentials is null)