VSTS Extension - Password Field in Service Endpoints Input Descriptor is disabled and not required

(Romil Goyal) #1

There are 2 input descriptors defined in the extension. However, the password descriptor is kept as disabled and it’s validation is not required. Want to understand why it has been kept as such.

What is the overall intent of the password field if it is not being taken as a user input? Can we remove it altogether?

PS - I am from Azure DevOps(previously VSTS) team at Microsoft. We have a customer issue reported around this wherein a customer is trying to update the url of the endpoint and it is failing on the validation of the password field. If we can remove this field altogether, since it is not being filled from UI, this will help us.

(Colin Mueller) #2

SonarQube uses Basic Authentication, which requires a username/password even if the password is blank.

When it comes to Service Endpoints that means we have to use endpoint-auth-scheme-basic rather than endpoint-auth-scheme-token.

It sounds like the issue is not with the authentication mechanism, but that validation is being performed on a field we declare it shouldn’t. How is the update happening? Via Rest API or in the UI? Any screenshots, of course, are also valuable.

(Romil Goyal) #3

Thanks for your reply Colin. The update is happening via UI. And I checked the UI is sending a null password even though it’s a disabled field and we are validating it at the service end. It’s a fix at our end to be in sync with the UI,