Merge pull request #2525 from divaltor/bitbucket-api-token

feat(bitbucket): Deprecate App password and replace it with API token

Author: Siumauricio

apps/dokploy/components/dashboard/settings/git/bitbucket/add-bitbucket-provider.tsx

@@ -1,7 +1,6 @@
 import { zodResolver } from "@hookform/resolvers/zod";
 import { ExternalLink } from "lucide-react";
 import Link from "next/link";
-import { useRouter } from "next/router";
 import { useEffect, useState } from "react";
 import { useForm } from "react-hook-form";
 import { toast } from "sonner";
@@ -27,18 +26,12 @@ import {
 } from "@/components/ui/form";
 import { Input } from "@/components/ui/input";
 import { api } from "@/utils/api";
-import { useUrl } from "@/utils/hooks/use-url";
 
 const Schema = z.object({
-	name: z.string().min(1, {
-		message: "Name is required",
-	}),
-	username: z.string().min(1, {
-		message: "Username is required",
-	}),
-	password: z.string().min(1, {
-		message: "App Password is required",
-	}),
+	name: z.string().min(1, { message: "Name is required" }),
+	username: z.string().min(1, { message: "Username is required" }),
+	email: z.string().email().optional(),
+	apiToken: z.string().min(1, { message: "API Token is required" }),
 	workspaceName: z.string().optional(),
 });
 
@@ -47,14 +40,12 @@ type Schema = z.infer<typeof Schema>;
 export const AddBitbucketProvider = () => {
 	const utils = api.useUtils();
 	const [isOpen, setIsOpen] = useState(false);
-	const _url = useUrl();
 	const { mutateAsync, error, isError } = api.bitbucket.create.useMutation();
 	const { data: auth } = api.user.get.useQuery();
-	const _router = useRouter();
 	const form = useForm<Schema>({
 		defaultValues: {
 			username: "",
-			password: "",
+			apiToken: "",
 			workspaceName: "",
 		},
 		resolver: zodResolver(Schema),
@@ -63,18 +54,20 @@ export const AddBitbucketProvider = () => {
 	useEffect(() => {
 		form.reset({
 			username: "",
-			password: "",
+			email: "",
+			apiToken: "",
 			workspaceName: "",
 		});
 	}, [form, isOpen]);
 
 	const onSubmit = async (data: Schema) => {
 		await mutateAsync({
 			bitbucketUsername: data.username,
-			appPassword: data.password,
+			apiToken: data.apiToken,
 			bitbucketWorkspaceName: data.workspaceName || "",
 			authId: auth?.id || "",
 			name: data.name || "",
+			bitbucketEmail: data.email || "",
 		})
 			.then(async () => {
 				await utils.gitProvider.getAll.invalidate();
@@ -113,37 +106,46 @@ export const AddBitbucketProvider = () => {
 					>
 						<CardContent className="p-0">
 							<div className="flex flex-col gap-4">
-								<p className="text-muted-foreground text-sm">
-									To integrate your Bitbucket account, you need to create a new
-									App Password in your Bitbucket settings. Follow these steps:
-								</p>
-								<ol className="list-decimal list-inside text-sm text-muted-foreground">
-									<li className="flex flex-row gap-2 items-center">
-										Create new App Password{" "}
-										<Link
-											href="https://bitbucket.org/account/settings/app-passwords/new"
-											target="_blank"
-										>
-											<ExternalLink className="w-fit text-primary size-4" />
-										</Link>
+								<AlertBlock type="warning">
+									Bitbucket App Passwords are deprecated for new providers. Use
+									an API Token instead. Existing providers with App Passwords
+									will continue to work until 9th June 2026.
+								</AlertBlock>
+
+								<div className="mt-1 text-sm">
+									Manage tokens in
+									<Link
+										href="https://id.atlassian.com/manage-profile/security/api-tokens"
+										target="_blank"
+										className="inline-flex items-center gap-1 ml-1"
+									>
+										<span>Bitbucket settings</span>
+										<ExternalLink className="w-fit text-primary size-4" />
+									</Link>
+								</div>
+								<ul className="list-disc list-inside ml-4 text-sm text-muted-foreground">
+									<li className="text-muted-foreground text-sm">
+										Click on Create API token with scopes
 									</li>
-									<li>
-										When creating the App Password, ensure you grant the
-										following permissions:
-										<ul className="list-disc list-inside ml-4">
-											<li>Account: Read</li>
-											<li>Workspace membership: Read</li>
-											<li>Projects: Read</li>
-											<li>Repositories: Read</li>
-											<li>Pull requests: Read</li>
-											<li>Webhooks: Read and write</li>
-										</ul>
+									<li className="text-muted-foreground text-sm">
+										Select the expiration date (Max 1 year)
 									</li>
-									<li>
-										After creating, you'll receive an App Password. Copy it and
-										paste it below along with your Bitbucket username.
+									<li className="text-muted-foreground text-sm">
+										Select Bitbucket product.
 									</li>
-								</ol>
+								</ul>
+								<p className="text-muted-foreground text-sm">
+									Select the following scopes:
+								</p>
+
+								<ul className="list-disc list-inside ml-4 text-sm text-muted-foreground">
+									<li>read:repository:bitbucket</li>
+									<li>read:pullrequest:bitbucket</li>
+									<li>read:webhook:bitbucket</li>
+									<li>read:workspace:bitbucket</li>
+									<li>write:webhook:bitbucket</li>
+								</ul>
+
 								<FormField
 									control={form.control}
 									name="name"
@@ -152,7 +154,7 @@ export const AddBitbucketProvider = () => {
 											<FormLabel>Name</FormLabel>
 											<FormControl>
 												<Input
-													placeholder="Random Name eg(my-personal-account)"
+													placeholder="Your Bitbucket Provider, eg: my-personal-account"
 													{...field}
 												/>
 											</FormControl>
@@ -179,14 +181,27 @@ export const AddBitbucketProvider = () => {
 
 								<FormField
 									control={form.control}
-									name="password"
+									name="email"
+									render={({ field }) => (
+										<FormItem>
+											<FormLabel>Bitbucket Email</FormLabel>
+											<FormControl>
+												<Input placeholder="Your Bitbucket email" {...field} />
+											</FormControl>
+											<FormMessage />
+										</FormItem>
+									)}
+								/>
+
+								<FormField
+									control={form.control}
+									name="apiToken"
 									render={({ field }) => (
 										<FormItem>
-											<FormLabel>App Password</FormLabel>
+											<FormLabel>API Token</FormLabel>
 											<FormControl>
 												<Input
-													type="password"
-													placeholder="ATBBPDYUC94nR96Nj7Cqpp4pfwKk03573DD2"
+													placeholder="Paste your Bitbucket API token"
 													{...field}
 												/>
 											</FormControl>
@@ -200,7 +215,7 @@ export const AddBitbucketProvider = () => {
 									name="workspaceName"
 									render={({ field }) => (
 										<FormItem>
-											<FormLabel>Workspace Name (Optional)</FormLabel>
+											<FormLabel>Workspace Name (optional)</FormLabel>
 											<FormControl>
 												<Input
 													placeholder="For organization accounts"

apps/dokploy/components/dashboard/settings/git/bitbucket/edit-bitbucket-provider.tsx

@@ -33,7 +33,10 @@ const Schema = z.object({
 	username: z.string().min(1, {
 		message: "Username is required",
 	}),
+	email: z.string().email().optional(),
 	workspaceName: z.string().optional(),
+	apiToken: z.string().optional(),
+	appPassword: z.string().optional(),
 });
 
 type Schema = z.infer<typeof Schema>;
@@ -60,19 +63,28 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 	const form = useForm<Schema>({
 		defaultValues: {
 			username: "",
+			email: "",
 			workspaceName: "",
+			apiToken: "",
+			appPassword: "",
 		},
 		resolver: zodResolver(Schema),
 	});
 
 	const username = form.watch("username");
+	const email = form.watch("email");
 	const workspaceName = form.watch("workspaceName");
+	const apiToken = form.watch("apiToken");
+	const appPassword = form.watch("appPassword");
 
 	useEffect(() => {
 		form.reset({
 			username: bitbucket?.bitbucketUsername || "",
+			email: bitbucket?.bitbucketEmail || "",
 			workspaceName: bitbucket?.bitbucketWorkspaceName || "",
 			name: bitbucket?.gitProvider.name || "",
+			apiToken: bitbucket?.apiToken || "",
+			appPassword: bitbucket?.appPassword || "",
 		});
 	}, [form, isOpen, bitbucket]);
 
@@ -81,8 +93,11 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 			bitbucketId,
 			gitProviderId: bitbucket?.gitProviderId || "",
 			bitbucketUsername: data.username,
+			bitbucketEmail: data.email || "",
 			bitbucketWorkspaceName: data.workspaceName || "",
 			name: data.name || "",
+			apiToken: data.apiToken || "",
+			appPassword: data.appPassword || "",
 		})
 			.then(async () => {
 				await utils.gitProvider.getAll.invalidate();
@@ -121,6 +136,12 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 					>
 						<CardContent className="p-0">
 							<div className="flex flex-col gap-4">
+								<p className="text-muted-foreground text-sm">
+									Update your Bitbucket authentication. Use API Token for
+									enhanced security (recommended) or App Password for legacy
+									support.
+								</p>
+
 								<FormField
 									control={form.control}
 									name="name"
@@ -154,6 +175,24 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 									)}
 								/>
 
+								<FormField
+									control={form.control}
+									name="email"
+									render={({ field }) => (
+										<FormItem>
+											<FormLabel>Email (Required for API Tokens)</FormLabel>
+											<FormControl>
+												<Input
+													type="email"
+													placeholder="Your Bitbucket email address"
+													{...field}
+												/>
+											</FormControl>
+											<FormMessage />
+										</FormItem>
+									)}
+								/>
+
 								<FormField
 									control={form.control}
 									name="workspaceName"
@@ -171,6 +210,49 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 									)}
 								/>
 
+								<div className="flex flex-col gap-2 border-t pt-4">
+									<h3 className="text-sm font-medium mb-2">
+										Authentication (Update to use API Token)
+									</h3>
+									<FormField
+										control={form.control}
+										name="apiToken"
+										render={({ field }) => (
+											<FormItem>
+												<FormLabel>API Token (Recommended)</FormLabel>
+												<FormControl>
+													<Input
+														type="password"
+														placeholder="Enter your Bitbucket API Token"
+														{...field}
+													/>
+												</FormControl>
+												<FormMessage />
+											</FormItem>
+										)}
+									/>
+
+									<FormField
+										control={form.control}
+										name="appPassword"
+										render={({ field }) => (
+											<FormItem>
+												<FormLabel>
+													App Password (Legacy - will be deprecated June 2026)
+												</FormLabel>
+												<FormControl>
+													<Input
+														type="password"
+														placeholder="Enter your Bitbucket App Password"
+														{...field}
+													/>
+												</FormControl>
+												<FormMessage />
+											</FormItem>
+										)}
+									/>
+								</div>
+
 								<div className="flex w-full justify-between gap-4 mt-4">
 									<Button
 										type="button"
@@ -180,7 +262,10 @@ export const EditBitbucketProvider = ({ bitbucketId }: Props) => {
 											await testConnection({
 												bitbucketId,
 												bitbucketUsername: username,
+												bitbucketEmail: email,
 												workspaceName: workspaceName,
+												apiToken: apiToken,
+												appPassword: appPassword,
 											})
 												.then(async (message) => {
 													toast.info(`Message: ${message}`);

apps/dokploy/components/dashboard/settings/git/show-git-providers.tsx

@@ -157,7 +157,13 @@ export const ShowGitProviders = () => {
 																</div>
 															</div>
 
-															<div className="flex flex-row gap-1">
+															<div className="flex flex-row gap-1 items-center">
+																{isBitbucket &&
+																gitProvider.bitbucket?.appPassword &&
+																!gitProvider.bitbucket?.apiToken ? (
+																	<Badge variant="yellow">Deprecated</Badge>
+																) : null}
+
 																{!haveGithubRequirements && isGithub && (
 																	<div className="flex flex-row gap-1 items-center">
 																		<Badge

apps/dokploy/drizzle/0111_mushy_wolfsbane.sql

@@ -0,0 +1 @@
+ALTER TABLE "bitbucket" ADD COLUMN "apiToken" text;

apps/dokploy/drizzle/0112_freezing_skrulls.sql

@@ -0,0 +1 @@
+ALTER TABLE "bitbucket" ADD COLUMN "bitbucketEmail" text;