Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6d76f14f
Commit
6d76f14f
authored
Apr 15, 2016
by
Timothy Andrew
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow revoking personal access tokens.
parent
e2a4051c
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
48 additions
and
4 deletions
+48
-4
app/assets/stylesheets/pages/profile.scss
app/assets/stylesheets/pages/profile.scss
+3
-0
app/controllers/profiles/personal_access_tokens_controller.rb
...controllers/profiles/personal_access_tokens_controller.rb
+15
-1
app/models/personal_access_token.rb
app/models/personal_access_token.rb
+7
-0
app/views/profiles/personal_access_tokens/index.html.haml
app/views/profiles/personal_access_tokens/index.html.haml
+8
-1
config/locales/en.yml
config/locales/en.yml
+4
-0
config/routes.rb
config/routes.rb
+5
-1
db/migrate/20160415144643_add_column_revoked_to_personal_access_tokens.rb
...415144643_add_column_revoked_to_personal_access_tokens.rb
+5
-0
lib/api/helpers/authentication.rb
lib/api/helpers/authentication.rb
+1
-1
No files found.
app/assets/stylesheets/pages/profile.scss
View file @
6d76f14f
...
...
@@ -205,3 +205,6 @@
text-align
:
center
;
}
}
.personal-access-tokens-revoked-label
{
color
:
#bbb
;
}
\ No newline at end of file
app/controllers/profiles/personal_access_tokens_controller.rb
View file @
6d76f14f
class
Profiles::PersonalAccessTokensController
<
ApplicationController
def
index
@user
=
current_user
@personal_access_token
=
current_user
.
personal_access_tokens
.
new
# Prefer this to `@user.personal_access_tokens.new`, because it
# litters the view's call to `@user.personal_access_tokens` with
# this stub personal access token.
@personal_access_token
=
PersonalAccessToken
.
new
(
user:
@user
)
end
def
create
...
...
@@ -14,6 +18,16 @@ class Profiles::PersonalAccessTokensController < ApplicationController
end
end
def
revoke
@personal_access_token
=
current_user
.
personal_access_tokens
.
find
(
params
[
:id
])
if
@personal_access_token
.
revoke!
redirect_to
profile_personal_access_tokens_path
,
notice:
"Revoked personal access token
#{
@personal_access_token
.
name
}
!"
else
render
:index
end
end
private
def
personal_access_token_params
...
...
app/models/personal_access_token.rb
View file @
6d76f14f
class
PersonalAccessToken
<
ActiveRecord
::
Base
belongs_to
:user
scope
:active
,
->
{
where
.
not
(
revoked:
true
)
}
def
self
.
generate
(
params
)
personal_access_token
=
self
.
new
(
params
)
personal_access_token
.
token
=
Devise
.
friendly_token
(
50
)
personal_access_token
end
def
revoke!
self
.
revoked
=
true
self
.
save
end
end
app/views/profiles/personal_access_tokens/index.html.haml
View file @
6d76f14f
...
...
@@ -34,11 +34,18 @@
%th
Name
%th
Token
%th
Created At
%th
Actions
%tbody
-
@user
.
personal_access_tokens
.
each
do
|
token
|
-
@user
.
personal_access_tokens
.
order
(
:revoked
).
each
do
|
token
|
%tr
%td
=
token
.
name
%td
=
token
.
token
%td
=
token
.
created_at
-
if
token
.
revoked?
%td
%span
.personal-access-tokens-revoked-label
Revoked
-
else
%td
=
link_to
"Revoke"
,
revoke_profile_personal_access_token_path
(
token
),
method: :put
,
class:
"btn btn-danger"
,
data:
{
confirm:
t
(
'profile.personal_access_tokens.revoke.confirmation'
)}
-
else
%span
You don't have any tokens yet.
\ No newline at end of file
config/locales/en.yml
View file @
6d76f14f
...
...
@@ -12,3 +12,7 @@ en:
pagination
:
previous
:
"
Prev"
next
:
"
Next"
profile
:
personal_access_tokens
:
revoke
:
confirmation
:
"
Are
you
sure?
This
cannot
be
undone."
config/routes.rb
View file @
6d76f14f
...
...
@@ -333,7 +333,11 @@ Rails.application.routes.draw do
resources
:keys
resources
:emails
,
only:
[
:index
,
:create
,
:destroy
]
resource
:avatar
,
only:
[
:destroy
]
resources
:personal_access_tokens
,
only:
[
:index
,
:create
]
resources
:personal_access_tokens
,
only:
[
:index
,
:create
]
do
member
do
put
:revoke
end
end
resource
:two_factor_auth
,
only:
[
:new
,
:create
,
:destroy
]
do
member
do
post
:codes
...
...
db/migrate/20160415144643_add_column_revoked_to_personal_access_tokens.rb
0 → 100644
View file @
6d76f14f
class
AddColumnRevokedToPersonalAccessTokens
<
ActiveRecord
::
Migration
def
change
add_column
:personal_access_tokens
,
:revoked
,
:boolean
,
default:
false
end
end
lib/api/helpers/authentication.rb
View file @
6d76f14f
...
...
@@ -15,7 +15,7 @@ module API
def
find_user_by_personal_access_token
personal_access_token_string
=
(
params
[
PERSONAL_ACCESS_TOKEN_PARAM
]
||
env
[
PERSONAL_ACCESS_TOKEN_HEADER
]).
to_s
personal_access_token
=
PersonalAccessToken
.
find_by_token
(
personal_access_token_string
)
personal_access_token
=
PersonalAccessToken
.
active
.
find_by_token
(
personal_access_token_string
)
personal_access_token
.
user
if
personal_access_token
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment