Skip to content

fix(iswf): Adds KID validation to Bitbucket Connect installation webhook#112833

Open
GabeVillalobos wants to merge 5 commits intomasterfrom
gv/update_bitbucket_jwt_validation
Open

fix(iswf): Adds KID validation to Bitbucket Connect installation webhook#112833
GabeVillalobos wants to merge 5 commits intomasterfrom
gv/update_bitbucket_jwt_validation

Conversation

@GabeVillalobos
Copy link
Copy Markdown
Member

@GabeVillalobos GabeVillalobos commented Apr 13, 2026

Resolves ISWF-2359

@linear-code
Copy link
Copy Markdown

linear-code bot commented Apr 13, 2026

ISWF-2359 Bitbucket Cloud Integration Unauthenticated Creation/Overwrite

@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Apr 13, 2026
sentry-warden[bot]
sentry-warden bot reviewed Apr 13, 2026
View reviewed changes
Comment thread src/sentry/integrations/utils/atlassian_connect.py
GabeVillalobos
GabeVillalobos commented Apr 13, 2026
View reviewed changes
Comment thread src/sentry/integrations/jira/webhooks/installed.py
Comment on lines -64 to -67
if not key_id:
lifecycle.record_halt(halt_reason="Missing key_id (kid)")
return self.respond(
{"detail": "Missing key id"}, status=status.HTTP_400_BAD_REQUEST
Copy link
Copy Markdown
Member Author

@GabeVillalobos GabeVillalobos Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactored this all into a common class. I simplified some of the response logic to be a bit more intentionally vague but also more consistent across failure modes.

@GabeVillalobos GabeVillalobos marked this pull request as ready for review April 13, 2026 21:16
@GabeVillalobos GabeVillalobos requested review from a team as code owners April 13, 2026 21:16
sentry[bot]
sentry bot reviewed Apr 13, 2026
View reviewed changes
Comment thread src/sentry/integrations/bitbucket/installed.py Outdated
saponifi3d
saponifi3d approved these changes Apr 14, 2026
View reviewed changes
Comment thread tests/sentry/integrations/bitbucket/test_installed.py Outdated
assert_count_of_metric(mock_record_event, EventLifecycleOutcome.STARTED, 3)
assert_count_of_metric(mock_record_event, EventLifecycleOutcome.HALTED, 1)
assert_count_of_metric(mock_record_event, EventLifecycleOutcome.SUCCESS, 2)
assert_halt_metric(mock_record_event, "Expired signature")
Copy link
Copy Markdown
Contributor

@saponifi3d saponifi3d Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

super nit: might be nice to have Expired Signature as a EventLifecycleOutcome or something along those lines?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@sentry-warden sentry-warden[bot] sentry-warden[bot] left review comments

@saponifi3d saponifi3d saponifi3d approved these changes

@geoffg-sentry geoffg-sentry Awaiting requested review from geoffg-sentry

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GabeVillalobos @saponifi3d