Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
e5cf527f
Commit
e5cf527f
authored
Apr 18, 2016
by
Timothy Andrew
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow expiration of personal access tokens.
parent
1541d1de
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
94 additions
and
20 deletions
+94
-20
app/assets/stylesheets/pages/profile.scss
app/assets/stylesheets/pages/profile.scss
+4
-0
app/controllers/profiles/personal_access_tokens_controller.rb
...controllers/profiles/personal_access_tokens_controller.rb
+1
-1
app/models/personal_access_token.rb
app/models/personal_access_token.rb
+1
-1
app/views/profiles/personal_access_tokens/index.html.haml
app/views/profiles/personal_access_tokens/index.html.haml
+18
-2
db/migrate/20160418085954_add_column_expires_at_to_personal_access_tokens.rb
...085954_add_column_expires_at_to_personal_access_tokens.rb
+5
-0
spec/factories/personal_access_tokens.rb
spec/factories/personal_access_tokens.rb
+9
-0
spec/requests/api/api_authentication_spec.rb
spec/requests/api/api_authentication_spec.rb
+56
-16
No files found.
app/assets/stylesheets/pages/profile.scss
View file @
e5cf527f
...
...
@@ -207,4 +207,8 @@
}
.personal-access-tokens-revoked-label
{
color
:
#bbb
;
}
.personal-access-tokens-never-expires-label
{
color
:
#bbb
;
}
\ No newline at end of file
app/controllers/profiles/personal_access_tokens_controller.rb
View file @
e5cf527f
...
...
@@ -31,6 +31,6 @@ class Profiles::PersonalAccessTokensController < ApplicationController
private
def
personal_access_token_params
params
.
require
(
:personal_access_token
).
permit
(
:name
)
params
.
require
(
:personal_access_token
).
permit
(
:name
,
:expires_at
)
end
end
app/models/personal_access_token.rb
View file @
e5cf527f
class
PersonalAccessToken
<
ActiveRecord
::
Base
belongs_to
:user
scope
:active
,
->
{
where
.
not
(
revoked:
true
)
}
scope
:active
,
->
{
where
.
not
(
revoked:
true
)
.
where
(
"expires_at >= :current"
,
current:
Time
.
current
)
}
def
self
.
generate
(
params
)
personal_access_token
=
self
.
new
(
params
)
...
...
app/views/profiles/personal_access_tokens/index.html.haml
View file @
e5cf527f
...
...
@@ -18,6 +18,10 @@
=
f
.
label
:name
,
class:
'label-light'
=
f
.
text_field
:name
,
class:
"form-control"
,
required:
true
.form-group
=
f
.
label
:expires_at
,
class:
'label-light'
=
f
.
text_field
:expires_at
,
class:
"form-control datepicker"
,
required:
false
.prepend-top-default
=
f
.
submit
'Add Personal Access Token'
,
class:
"btn btn-create"
...
...
@@ -34,13 +38,19 @@
%th
Name
%th
Token
%th
Created At
%th
Expires At
%th
Actions
%tbody
-
@user
.
personal_access_tokens
.
order
(
:revoked
).
each
do
|
token
|
-
@user
.
personal_access_tokens
.
order
(
"revoked, expires_at"
).
each
do
|
token
|
%tr
%td
=
token
.
name
%td
=
token
.
token
%td
=
token
.
created_at
-
if
token
.
expires_at
.
present?
%td
=
token
.
expires_at
.
to_date
-
else
%td
%span
.personal-access-tokens-never-expires-label
Never
-
if
token
.
revoked?
%td
%span
.personal-access-tokens-revoked-label
Revoked
...
...
@@ -48,4 +58,10 @@
%td
=
link_to
"Revoke"
,
revoke_profile_personal_access_token_path
(
token
),
method: :put
,
class:
"btn btn-danger"
,
data:
{
confirm:
t
(
'profile.personal_access_tokens.revoke.confirmation'
)}
-
else
%span
You don't have any tokens yet.
\ No newline at end of file
%span
You don't have any tokens yet.
:javascript
$
(
"
.datepicker
"
).
datepicker
({
dateFormat
:
"
yy-mm-dd
"
,
onSelect
:
function
(
dateText
,
inst
)
{
$
(
"
#personal_access_token_expires_at
"
).
val
(
dateText
)
}
}).
datepicker
(
"
setDate
"
,
$
.
datepicker
.
parseDate
(
'
yy-mm-dd
'
,
$
(
'
#personal_access_token_expires_at
'
).
val
()));
\ No newline at end of file
db/migrate/20160418085954_add_column_expires_at_to_personal_access_tokens.rb
0 → 100644
View file @
e5cf527f
class
AddColumnExpiresAtToPersonalAccessTokens
<
ActiveRecord
::
Migration
def
change
add_column
:personal_access_tokens
,
:expires_at
,
:datetime
end
end
spec/factories/personal_access_tokens.rb
0 → 100644
View file @
e5cf527f
FactoryGirl
.
define
do
factory
:personal_access_token
do
user
token
{
SecureRandom
.
hex
(
50
)
}
name
{
FFaker
::
Product
.
brand
}
revoked
false
expires_at
{
5
.
days
.
from_now
}
end
end
spec/requests/api/api_authentication_spec.rb
View file @
e5cf527f
...
...
@@ -41,24 +41,64 @@ describe API::Helpers::Authentication, api: true do
end
describe
".current_user"
do
it
"should return nil for an invalid token"
do
env
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_HEADER
]
=
'invalid token'
allow_any_instance_of
(
self
.
class
).
to
receive
(
:doorkeeper_guard
){
false
}
expect
(
current_user
).
to
be_nil
describe
"when authenticating using a user's private token"
do
it
"should return nil for an invalid token"
do
env
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_HEADER
]
=
'invalid token'
allow_any_instance_of
(
self
.
class
).
to
receive
(
:doorkeeper_guard
){
false
}
expect
(
current_user
).
to
be_nil
end
it
"should return nil for a user without access"
do
env
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
allow
(
Gitlab
::
UserAccess
).
to
receive
(
:allowed?
).
and_return
(
false
)
expect
(
current_user
).
to
be_nil
end
it
"should leave user as is when sudo not specified"
do
env
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
expect
(
current_user
).
to
eq
(
user
)
clear_env
params
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_PARAM
]
=
user
.
private_token
expect
(
current_user
).
to
eq
(
user
)
end
end
it
"should return nil for a user without access"
do
env
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
allow
(
Gitlab
::
UserAccess
).
to
receive
(
:allowed?
).
and_return
(
false
)
expect
(
current_user
).
to
be_nil
end
it
"should leave user as is when sudo not specified"
do
env
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_HEADER
]
=
user
.
private_token
expect
(
current_user
).
to
eq
(
user
)
clear_env
params
[
API
::
Helpers
::
Authentication
::
PRIVATE_TOKEN_PARAM
]
=
user
.
private_token
expect
(
current_user
).
to
eq
(
user
)
describe
"when authenticating using a user's personal access tokens"
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
it
"should return nil for an invalid token"
do
env
[
API
::
Helpers
::
Authentication
::
PERSONAL_ACCESS_TOKEN_HEADER
]
=
'invalid token'
allow_any_instance_of
(
self
.
class
).
to
receive
(
:doorkeeper_guard
){
false
}
expect
(
current_user
).
to
be_nil
end
it
"should return nil for a user without access"
do
env
[
API
::
Helpers
::
Authentication
::
PERSONAL_ACCESS_TOKEN_HEADER
]
=
personal_access_token
.
token
allow
(
Gitlab
::
UserAccess
).
to
receive
(
:allowed?
).
and_return
(
false
)
expect
(
current_user
).
to
be_nil
end
it
"should leave user as is when sudo not specified"
do
env
[
API
::
Helpers
::
Authentication
::
PERSONAL_ACCESS_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
(
current_user
).
to
eq
(
user
)
clear_env
params
[
API
::
Helpers
::
Authentication
::
PERSONAL_ACCESS_TOKEN_PARAM
]
=
personal_access_token
.
token
expect
(
current_user
).
to
eq
(
user
)
end
it
'does not allow revoked tokens'
do
personal_access_token
.
revoke!
env
[
API
::
Helpers
::
Authentication
::
PERSONAL_ACCESS_TOKEN_HEADER
]
=
personal_access_token
.
token
allow_any_instance_of
(
self
.
class
).
to
receive
(
:doorkeeper_guard
){
false
}
expect
(
current_user
).
to
be_nil
end
it
'does not allow expired tokens'
do
personal_access_token
.
update_attributes!
(
expires_at:
1
.
day
.
ago
)
env
[
API
::
Helpers
::
Authentication
::
PERSONAL_ACCESS_TOKEN_HEADER
]
=
personal_access_token
.
token
allow_any_instance_of
(
self
.
class
).
to
receive
(
:doorkeeper_guard
){
false
}
expect
(
current_user
).
to
be_nil
end
end
it
"should change current user to sudo when admin"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment