diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-06-17 17:40:24 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-17 21:18:40 +0300 |
| commit | a899e7e33746ec7395db40fc76ef8886e524fda5 (patch) | |
| tree | f59bca93fd362a423f78dea0e25ed344fa643311 /app/views/profiles | |
| parent | bf0294378e37ef6e5d5f2c52f6e56b57a66e77d2 (diff) | |
Merge branch '2979-personal-access-tokens' into 'master'
Allow creating Personal Access Tokens through the website
Related to #2979
- Allow a user to create personal access tokens, and use them to authenticate
- Refactor `API::Helpers` into `API::Helpers::Core` and `API::Helpers::Authentication`
# Tasks
- [ ] #2979 (!3749) - Personal Access Tokens
- [x] Basic Implementation
- [x] Add UI to add "Personal Access Tokens"
- [x] Reload `lib/api` on every request
- [x] Respect these tokens for API requests
- [x] Just a param or a header too?
- [x] Allow revoking tokens
- [x] Expire tokens
- [x] Left bar should have a "PAT" icon
- [x] Scopes?
- [x] Copy to Clipboard
- [x] Show active/inactive tokens separately
- [x] No need to check for expired/revoked in the appropriate places
- [x] Why does regular ApplicationController check for private token?
- [x] Support non-API requests
- [x] Revert (or work on) `lib/api` eager loading
- [x] Create MR
- [x] Refactoring
- [x] Fix tests
- [x] Write more tests
- [x] Add screenshots to MR
- [x] Add description of query performance to MR
- [x] Limit the number of queries in the `personal_access_tokens` page
- [x] Wait for CI to pass
- [x] Fix merge issues in schema.rb
- [x] Assign MR to endboss
- [x] Wait for feedback
- [x] Fix feedback
- [x] Wait for CI to pass
- [x] Assign to @rspeicher
- [x] Fix @rspeicher's comments
- [x] Wait for CI to pass
- [x] Assign back to @rspeicher
- [x] Write documentation and ping @axil
- [x] Wait for Axil to respond
- [x] Assign to endboss
- [x] Address Douwe's feedback
- [x] Use the `private_token` or `authentication_token` param instead of `personal_access_token`
- [x] Ditto for the header
- [x] Assign to endboss
- [x] Make sure CI is green
- [x] Address Douwe's feedback
- [x] Don't go through the `authenticate_user_from_private_token!` method, if a private token is supplied (or combine them)
- [x] In `authenticate_user_from_personal_access_token!` don't hit DB if `token_string` is `nil`
- [x] Use `current_user.personal_access_tokens.build` in the controller
- [x] Remove the "We aren't using `personal_access_token` as the root param" comment
- [x] `No need for = "...", we can just have the Inactive ... #{...} on the next line` in the view
- [x] Render dates in a (more) human format
- [x] CSS issue with table
- [x] Don't show the tokens in the UI indefinitely
- [x] How to implement scopes? Add-on to current impl? Doorkeeper?
- [x] Wait for @DouweM's comments about scopes
- [x] Address @DouweM's second review
- [x] Try not using `native['innerHTML']`
- [x] use contexts for all "when ..."
- [x] Ensure consistency (styling) with other pages for "You don't have any tokens" message
- [x] "Actions" table column doesn't need a label
- [x] %td can be moved outside of the if/else statement
- [x] The header title should be "Profile Settings"
- [x] Can this be a `before_create`, so we don't need to use `generate`?
- [x] If it couldn't be revoked, will we show an error?
- [x] If it couldn't be saved, will we show an error?
- [x] Merge master
- [x] Update CHANGELOG entry
- [x] Add tests for form errors?
- [x] Post screenshots
- [x] Tag @jschatz1 for review
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/0dff6fd/builds) to pass
- [x] Respond to @jschatz1's comments
- [x] Hardcoded colors should be variables
- [x] Should not be allowed to chose a date in the past
- [x] Use the same table as in the Applications tab
- [x] button should say "Create Personal Access Token"
- [x] Float the revoke to the right on the `a`
- [x] Change revocation message. "Are you sure you want to revoke this certificate? This action cannot be undone."
- [x] Date stays selected and looks selected even though date is set as "never".
- [x] ~~hover on the calendar button shifts~~ (not caused by this MR - happens on `milestones#new` as well)
- [x] Don't use the panel for the created token
- [x] Use a normal flash for "Your new personal access token has been created"
- [x] Show the input (with the token) below it full width.
- [x] Put the "Make sure you save it - you won't be able to access it again." message near the input
- [x] Have the input highlight all on single click
- [x] Update screenshots
- [x] Merge master in + conflicts
- [x] Assign to @jschatz1 again
- [x] Respond to @jschatz1's comments
- [x] No button for clipboard, only link
- [x] text-danger
- [x] highlight fade on that area where the token was created
- [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/d754d99179f1ffe846fcc1d8e858163b39efc5dc/builds) is green
- [x] Assign to @jschatz1
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/faa0e3f7580bc38d4d12916b4589c64d6c2678a7/builds) to pass
- [x] Respond to @DouweM's feedback
- [x] move the redirect_to out of the if/else
- [x] certificate -> token
- [x] datepicker back to text field
- [x] combine the get_user_from_private_token and get_user_from_personal_access_token methods in ApplicationController
- [x] combine the get_user_from_private_token and get_user_from_personal_access_token methods in `lib/api/helpers`
- [x] don't need the new constants
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/9d7cda3ddce52baad9618466a5d00319b333be57/builds) to pass
- [ ] Wait for merge
# Screenshots
See merge request !3749
Diffstat (limited to 'app/views/profiles')
| -rw-r--r-- | app/views/profiles/personal_access_tokens/index.html.haml | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/app/views/profiles/personal_access_tokens/index.html.haml b/app/views/profiles/personal_access_tokens/index.html.haml new file mode 100644 index 00000000000..1b45548bd02 --- /dev/null +++ b/app/views/profiles/personal_access_tokens/index.html.haml @@ -0,0 +1,105 @@ +- page_title "Personal Access Tokens" + +.row.prepend-top-default + .col-lg-3.profile-settings-sidebar + %h4.prepend-top-0 + = page_title + %p + You can generate a personal access token for each application you use that needs access to the GitLab API. + .col-lg-9 + + - if flash[:personal_access_token] + .created-personal-access-token-container + %h5.prepend-top-0 + Your New Personal Access Token + .form-group + = text_field_tag 'created-personal-access-token', flash[:personal_access_token], readonly: true, class: "form-control", 'aria-describedby' => "created-personal-access-token-help-block" + = clipboard_button(clipboard_text: flash[:personal_access_token]) + %span#created-personal-access-token-help-block.help-block.text-danger Make sure you save it - you won't be able to access it again. + + %hr + + %h5.prepend-top-0 + Add a Personal Access Token + %p.profile-settings-content + Pick a name for the application, and we'll give you a unique token. + = form_for [:profile, @personal_access_token], + method: :post, html: { class: 'js-requires-input' } do |f| + + = form_errors(@personal_access_token) + + .form-group + = f.label :name, class: 'label-light' + = f.text_field :name, class: "form-control", required: true + + .form-group + = f.label :expires_at, class: 'label-light' + = f.text_field :expires_at, class: "datepicker form-control", required: false + + .prepend-top-default + = f.submit 'Create Personal Access Token', class: "btn btn-create" + + %hr + + %h5 Active Personal Access Tokens (#{@active_personal_access_tokens.length}) + + - if @active_personal_access_tokens.present? + .table-responsive + %table.table.active-personal-access-tokens + %thead + %tr + %th Name + %th Created + %th Expires + %th + %tbody + - @active_personal_access_tokens.each do |token| + %tr + %td= token.name + %td= token.created_at.to_date.to_s(:medium) + %td + - if token.expires_at.present? + = token.expires_at.to_date.to_s(:medium) + - else + %span.personal-access-tokens-never-expires-label Never + %td= link_to "Revoke", revoke_profile_personal_access_token_path(token), method: :put, class: "btn btn-danger pull-right", data: { confirm: "Are you sure you want to revoke this token? This action cannot be undone." } + + - else + .settings-message.text-center + You don't have any active tokens yet. + + %hr + + %h5 Inactive Personal Access Tokens (#{@inactive_personal_access_tokens.length}) + + - if @inactive_personal_access_tokens.present? + .table-responsive + %table.table.inactive-personal-access-tokens + %thead + %tr + %th Name + %th Created + %tbody + - @inactive_personal_access_tokens.each do |token| + %tr + %td= token.name + %td= token.created_at.to_date.to_s(:medium) + + - else + .settings-message.text-center + There are no inactive tokens. + + +:javascript + var date = $('#personal_access_token_expires_at').val(); + + var datepicker = $(".datepicker").datepicker({ + dateFormat: "yy-mm-dd", + minDate: 0 + }); + + $("#created-personal-access-token").click(function() { + this.select(); + }); + + $("#created-personal-access-token").effect('highlight', { color: '#ffff99' }, 2000); |