Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Oops you've made a malformed request.

hab
hab August 26, 2021

Hello.

Switched phones, and forgot to switch my 2FA settings before I did so.  I no longer have access to the old phone.

So I submitted a request to recover the account, which makes you wait 12 hours or what.  Fine.  Got the email this morning containing the recovery link.

It doesn't work.  "Oops you've made a malformed request" every time.  After poking thru the distressingly large number of threads here of ppl having the same issue, here's what I have tried so far, based on those threads:

3 browsers:  Firefox, Chrome, Safari.  I have disabled all extensions in each one, I have cleared all site data on each one.  They are all the latest version.  Tried both regular and incognito windows.

No luck at all.

The error prompts me to contact support, which would be a neat trick, since I need to log in to do that and I can't.  I created this account specifically to ask this question.

Some other info:  I am literally the only person on my account.  There's no organization/enterprise/anything like that.  I am a lone developer.  THIS account is NOT the account with the issue.

TIA.

Answer
Watch
Like Be the first to like this
260 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 31, 2021

Hi @hab,

Bitbucket uses Atlassian accounts for authentication and it is possible to set up 2FA for both. I would like to ask if you have 2FA set up for the Atlassian account (https://id.atlassian.com/) or for the Bitbucket account (https://bitbucket.org/), or perhaps for both, and which one you are trying to recover now.

If you are trying to disable Bitbucket 2FA, there is a recovery option via SSH. If you have the SSH keys of this Bitbucket account in one of your machines, you can run the following command in a terminal on this machine

ssh git@bitbucket.org recovery_codes

which will give you 6 recovery codes. Each of them is for one-time use only, so you could use one of them to log in to Bitbucket and a second one to disable 2FA (you can then enable it again with your new phone).

If this is not an option, could you please also let me know:

1. Does the URL giving you this error start with https://id.atlassian.com/ or with https://bitbucket.org/?

2. If you log out from both https://id.atlassian.com/ and https://bitbucket.org/, are you then able to log in using your email and password, or do you get a 'malformed request' error as well? I'm just trying to narrow down the scope of the problem and see if this only occurs with the link in the recovery email or also when you attempt to log in without the recovery email.

Kind regards,
Theodora

View More Comments
hab
hab August 31, 2021

Hi Theodora.  Thanks for replying.

To answer your questions:

1 - it's id.atlassian.com

2 - Just tried without using the link in the email, and it lets me log in, but wants 2FA.

Out of curiosity, I tried running that ssh command, and I get: Perission denied (public key)

Not sure if that last point helps.

Thanks again!

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 31, 2021

Hi @hab,

Out of curiosity, I tried running that ssh command, and I get: Perission denied (public key)

If you navigate to the ~/.ssh directory on this machine, do you see any SSH key pairs there?

If so, you can try specifying the private key in the command as follows:

ssh -i ~/.ssh/id_rsa git@bitbucket.org recovery_codes

where id_rsa replace with the name of your private SSH key if it is different.

In case you have multiple SSH key pairs in ~/.ssh and you don't remember which one you use for your Bitbucket account, you can try running the above command for each of the private SSH keys (by replacing the private SSH key name in the command).


If this doesn't work for you, or if there are no SSH keys in your ~/.ssh directory, another suggestion would be to try accessing the recovery link from another device, e.g. your phone, if that is possible.

Otherwise, please let me know and I can open a support ticket for you. We would need a HAR file generated when the recovery page opens/loads so we can check the request. Since the HAR file contains private data, I can open a support ticket for you (visible only to you and Atlassian staff) where you can upload it (I will also give you instructions on how to generate it).

Kind regards,
Theodora

Like
hab
hab September 2, 2021

Hi @Theodora Boudale 

So I checked.  I do have ssh keys- 2 of them, but neither seems to be for the account I am trying to recover.  I also remember switching computers around the same time I switched phones, so very possible I could have missed a keyfile when switching over.

At any rate - yes, please open a support ticket. 

Thank you!

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 3, 2021

Hi @hab,

I went ahead and opened a support ticket for you, for the email of the community account you used to post here. You will receive an email with a link to the support ticket. In case you haven't received the email, please feel free to let me know and I will post the link here (no one other than you and Atlassian staff can view it, even if they have the link).

I would like to ask if you could provide the following in the support ticket, so we can better help you:

1. The email of the account you're having issues with

2. Your timezone: we provide 9/5 regional support and a timezone is needed for the support ticket. I have set a random one at the ticket, but if it doesn't match your own timezone then you will get responses outside your work hours.

3. A HAR file for the page that gives you the error.

You can follow the steps below in Chrome:

(a) Open the Bitbucket 2FA recovery email in Chrome (without selecting the recovery link yet)
(b) From Chrome Menu at the top-right of your browser window, select Tools > Developer Tools.
(c) In the Developer Tools panel, select the Network tab. After you do, check the options Preserve log and Disable cache right below the tab's name
(d) Hit F1 to open The Developer Tools settings, scroll down to find the option Auto-open DevTools for popups and enable it
(e) Select the recovery link "Log in to my account" from the 2FA recovery email. A new tab should open, along with a Developer Tools panel.
(f) Wait until the page has finished loading. Then, right click in the area where the network records are shown and select Save as HAR with content to save the HAR file on your machine.
(g) Before attaching the HAR file to the support ticket I opened fro you, ensure to remove/censor any sensitive information using a text editor (i.e. remove passwords, secrets, etc).

If you have any questions, please feel free to let me know.

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events