Merge branch '270200-downtier-pat-apis' into 'master'

Move Personal Access Token API to Core [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!46145

Merge branch '270200-downtier-pat-apis' into 'master'
Move Personal Access Token API to Core [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!46145
535655dd · Gabriel Mazetto · f40bd9c2 · d8d101a6 · 535655dd · 535655dd
Commit 535655dd authored Oct 31, 2020 by Gabriel Mazetto
7 changed files
--- a/changelogs/unreleased/270200-downtier-pat-apis.yml
+++ b/changelogs/unreleased/270200-downtier-pat-apis.yml
+---
+title: Move Personal Access Token API to Core
+merge_request: 46145
+author:
+type: changed
--- a/doc/api/personal_access_tokens.md
+++ b/doc/api/personal_access_tokens.md
@@ -4,13 +4,14 @@ group: unassigned
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
-# Personal access tokens API **(ULTIMATE)**
+# Personal access tokens API
 You can read more about [personal access tokens](../user/profile/personal_access_tokens.md#personal-access-tokens).
 ## List personal access tokens
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227264) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227264) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3.
+> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/270200) to [GitLab Core](https://about.gitlab.com/pricing/) in 13.6.
 Get a list of personal access tokens.

--- a/ee/app/models/license.rb
+++ b/ee/app/models/license.rb
@@ -137,7 +137,6 @@ class License < ApplicationRecord
    insights
    issuable_health_status
    license_scanning
-    personal_access_token_api_management
    personal_access_token_expiration_policy
    enforce_pat_expiration
    group_saml_group_sync

--- a/ee/lib/ee/api/api.rb
+++ b/ee/lib/ee/api/api.rb
@@ -26,7 +26,6 @@ module EE
        mount ::API::Ldap
        mount ::API::LdapGroupLinks
        mount ::API::License
-        mount ::API::PersonalAccessTokens
        mount ::API::ProjectMirror
        mount ::API::ProjectPushRule
        mount ::API::GroupPushRule

--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -237,6 +237,7 @@ module API
      mount ::API::ProjectTemplates
      mount ::API::Terraform::State
      mount ::API::Terraform::StateVersion
+      mount ::API::PersonalAccessTokens
      mount ::API::ProtectedBranches
      mount ::API::ProtectedTags
      mount ::API::Releases

--- a/ee/lib/api/personal_access_tokens.rb
+++ b/ee/lib/api/personal_access_tokens.rb
@@ -37,11 +37,6 @@ module API
      def find_token(id)
        PersonalAccessToken.find(id) || not_found!
      end
-      def authenticate!
-        unauthorized! unless ::License.feature_available?(:personal_access_token_api_management)
-        super
-      end
    end
    resources :personal_access_tokens do

--- a/ee/spec/requests/api/personal_access_tokens_spec.rb
+++ b/ee/spec/requests/api/personal_access_tokens_spec.rb
@@ -9,41 +9,23 @@ RSpec.describe API::PersonalAccessTokens do
  let_it_be(:current_user) { create(:user) }
  describe 'GET /personal_access_tokens' do
-    context 'when unlicensed' do
+    context 'logged in as an Administrator' do
-      before do
+      let_it_be(:current_user) { create(:admin) }
-        stub_licensed_features(personal_access_token_api_management: false)
-      end
-      it 'responds with unauthorized' do
+      it 'returns all PATs by default' do
        get api(path, current_user)
-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:ok)
-      end
+        expect(json_response.count).to eq(PersonalAccessToken.all.count)
-    end
-    context 'when licensed' do
-      before do
-        stub_licensed_features(personal_access_token_api_management: true)
      end
-      context 'logged in as an Administrator' do
+      context 'filtered with user_id parameter' do
-        let_it_be(:current_user) { create(:admin) }
+        it 'returns only PATs belonging to that user' do
+          get api(path, current_user), params: { user_id: token1.user.id }
-        it 'returns all PATs by default' do
-          get api(path, current_user)
          expect(response).to have_gitlab_http_status(:ok)
-          expect(json_response.count).to eq(PersonalAccessToken.all.count)
+          expect(json_response.count).to eq(1)
-        end
+          expect(json_response.first['user_id']).to eq(token1.user.id)
-        context 'filtered with user_id parameter' do
-          it 'returns only PATs belonging to that user' do
-            get api(path, current_user), params: { user_id: token1.user.id }
-            expect(response).to have_gitlab_http_status(:ok)
-            expect(json_response.count).to eq(1)
-            expect(json_response.first['user_id']).to eq(token1.user.id)
-          end
        end
      end
@@ -91,57 +73,39 @@ RSpec.describe API::PersonalAccessTokens do
  describe 'DELETE /personal_access_tokens/:id' do
    let(:path) { "/personal_access_tokens/#{token1.id}" }
-    context 'when unlicensed' do
+    context 'when current_user is an administrator', :enable_admin_mode do
-      before do
+      let_it_be(:admin_user) { create(:admin) }
-        stub_licensed_features(personal_access_token_api_management: false)
+      let_it_be(:admin_token) { create(:personal_access_token, user: admin_user) }
-      end
+      let_it_be(:admin_path) { "/personal_access_tokens/#{admin_token.id}" }
-      it 'responds with unauthorized' do
-        delete api(path, current_user)
-        expect(response).to have_gitlab_http_status(:unauthorized)
+      it 'revokes a different users token' do
-      end
+        delete api(path, admin_user)
-    end
-    context 'when licensed' do
+        expect(response).to have_gitlab_http_status(:no_content)
-      before do
+        expect(token1.reload.revoked?).to be true
-        stub_licensed_features(personal_access_token_api_management: true)
      end
-      context 'when current_user is an administrator', :enable_admin_mode do
+      it 'revokes their own token' do
-        let_it_be(:admin_user) { create(:admin) }
+        delete api(admin_path, admin_user)
-        let_it_be(:admin_token) { create(:personal_access_token, user: admin_user) }
-        let_it_be(:admin_path) { "/personal_access_tokens/#{admin_token.id}" }
-        it 'revokes a different users token' do
-          delete api(path, admin_user)
-          expect(response).to have_gitlab_http_status(:no_content)
-          expect(token1.reload.revoked?).to be true
-        end
-        it 'revokes their own token' do
-          delete api(admin_path, admin_user)
-          expect(response).to have_gitlab_http_status(:no_content)
+        expect(response).to have_gitlab_http_status(:no_content)
-        end
      end
+    end
-      context 'when current_user is not an administrator' do
+    context 'when current_user is not an administrator' do
-        let_it_be(:user_token) { create(:personal_access_token, user: current_user) }
+      let_it_be(:user_token) { create(:personal_access_token, user: current_user) }
-        let_it_be(:user_token_path) { "/personal_access_tokens/#{user_token.id}" }
+      let_it_be(:user_token_path) { "/personal_access_tokens/#{user_token.id}" }
-        it 'fails revokes a different users token' do
+      it 'fails revokes a different users token' do
-          delete api(path, current_user)
+        delete api(path, current_user)
-          expect(response).to have_gitlab_http_status(:bad_request)
+        expect(response).to have_gitlab_http_status(:bad_request)
-        end
+      end
-        it 'revokes their own token' do
+      it 'revokes their own token' do
-          delete api(user_token_path, current_user)
+        delete api(user_token_path, current_user)
-          expect(response).to have_gitlab_http_status(:no_content)
+        expect(response).to have_gitlab_http_status(:no_content)
-        end
      end
    end
  end