Commit 7c42aaa5 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'anonymous-applications' into 'master'

Correctly show anonymous authorized applications under Profile > Applications.

Fixes #1907.

Access tokens that were created using the ["Resource Owner Password Credentials" flow](http://doc.gitlab.com/ce/api/oauth2.html#resource-owner-password-credentials) by the user entering their username and password don't have a connected application, so the Profile > Applications page used to crash. These tokens are now rendered as "Anonymous" and can be revoked.

![Screen_Shot_2015-07-02_at_11.53.55](https://gitlab.com/gitlab-org/gitlab-ce/uploads/0fb044ce1fbf5d5e2825c3abee7763ee/Screen_Shot_2015-07-02_at_11.53.55.png)

See merge request !924
parents 7a94a46c cd5e79e9
......@@ -31,6 +31,7 @@ v 7.13.0 (unreleased)
- Reporter role can manage issue tracker now: edit any issue, set assignee or milestone and manage labels
- Better performance for pages with events list, issues list and commits list
- Faster automerge check and merge itself when source and target branches are in same repository
- Correctly show anonymous authorized applications under Profile > Applications.
v 7.12.1
- Fix error when deleting a user who has projects (Stan Hu)
......
......@@ -4,7 +4,12 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
layout 'profile'
def destroy
Doorkeeper::AccessToken.revoke_all_for(params[:id], current_resource_owner)
if params[:token_id].present?
current_resource_owner.oauth_authorized_tokens.find(params[:token_id]).revoke
else
Doorkeeper::AccessToken.revoke_all_for(params[:id], current_resource_owner)
end
redirect_to applications_profile_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy])
end
end
......@@ -11,7 +11,8 @@ class ProfilesController < Profiles::ApplicationController
def applications
@applications = current_user.oauth_applications
@authorized_tokens = current_user.oauth_authorized_tokens
@authorized_apps = @authorized_tokens.map(&:application).uniq
@authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
@authorized_apps = @authorized_tokens.map(&:application).uniq - [nil]
end
def update
......
- submit_btn_css ||= 'btn btn-link btn-remove'
= form_tag oauth_authorized_application_path(application) do
- if defined?(token)
- path = oauth_authorized_application_path(0, token_id: token)
- else
- path = oauth_authorized_application_path(application)
= form_tag path do
%input{:name => "_method", :type => "hidden", :value => "delete"}/
= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: 'btn btn-link btn-remove btn-sm'
\ No newline at end of file
= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: 'btn btn-link btn-remove btn-sm'
......@@ -56,5 +56,14 @@
%td= token.created_at
%td= token.scopes
%td= render 'doorkeeper/authorized_applications/delete_form', application: app
- @authorized_anonymous_tokens.each do |token|
%tr
%td
Anonymous
%div.help-block
%em Authorization was granted by entering your username and password in the application.
%td= token.created_at
%td= token.scopes
%td= render 'doorkeeper/authorized_applications/delete_form', token: token
- else
%p.light You dont have any authorized applications
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment