Move RSS and incoming email tokens from User Settings > Accounts to User Settings > Access Tokens

a6c462b2 · Douwe Maan · 9d6c7d9e · a6c462b2 · 9d6c7d9e · a6c462b2
Commit a6c462b2 authored Oct 12, 2017 by Douwe Maan
5 changed files
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -31,7 +31,7 @@ class ProfilesController < Profiles::ApplicationController

    flash[:notice] = "Incoming email token was successfully reset"

-    redirect_to profile_account_path
+    redirect_to profile_personal_access_tokens_path
  end

  def reset_rss_token
@@ -41,7 +41,7 @@ class ProfilesController < Profiles::ApplicationController

    flash[:notice] = "RSS token was successfully reset"

-    redirect_to profile_account_path
+    redirect_to profile_personal_access_tokens_path
  end

  def audit_log

--- a/app/views/profiles/accounts/_reset_token.html.haml
+++ b/app/views/profiles/accounts/_reset_token.html.haml
- name = label.parameterize
- attribute = name.underscore
-
-.reset-action
-  %p.cgray
-    = label_tag name, label, class: "label-light"
-    = text_field_tag name, current_user.send(attribute), class: 'form-control', readonly: true, onclick: 'this.select()'
-    %p.help-block
-      = help_text
-  .prepend-top-default
-    = link_to button_label, [:reset, attribute, :profile], method: :put, data: { confirm: 'Are you sure?' }, class: 'btn btn-default private-token'
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -6,21 +6,6 @@
  .alert.alert-info
    Some options are unavailable for LDAP accounts

-.row.prepend-top-default
-  .col-lg-4.profile-settings-sidebar
-    %h4.prepend-top-0
-      - number_of_tokens = incoming_email_token_enabled? ? 2 : 1
-      = "Private Token".pluralize(number_of_tokens)
-    %p
-      Keep your private tokens secret. Anyone with access to them can interact with some part of
-      GitLab as if they were you.
-  .col-lg-8.private-tokens-reset
-    = render partial: 'reset_token', locals: { label: 'RSS token', button_label: 'Reset RSS token', help_text: 'Your RSS token is used to access your personalized RSS feeds without username/password authentication. It cannot be used to access any other data.' }
-
-    - if incoming_email_token_enabled?
-      = render partial: 'reset_token', locals: { label: 'Incoming email token', button_label: 'Reset incoming email token', help_text: 'Your incoming email token is used to authenticate you when creating new issues by email, and is included in your project-specific email addresses. It cannot be used to access any other data.' }
-
-%hr
 .row.prepend-top-default
  .col-lg-4.profile-settings-sidebar
    %h4.prepend-top-0

--- a/app/views/profiles/personal_access_tokens/index.html.haml
+++ b/app/views/profiles/personal_access_tokens/index.html.haml
@@ -30,3 +30,40 @@
    = render "shared/personal_access_tokens_form", path: profile_personal_access_tokens_path, impersonation: false, token: @personal_access_token, scopes: @scopes

    = render "shared/personal_access_tokens_table", impersonation: false, active_tokens: @active_personal_access_tokens, inactive_tokens: @inactive_personal_access_tokens
+
+%hr
+.row.prepend-top-default
+  .col-lg-4.profile-settings-sidebar
+    %h4.prepend-top-0
+      RSS token
+    %p
+      Your RSS token is used to authenticate you when your RSS reader loads a personalized RSS feed, and is included in your personal RSS feed URLs.
+    %p
+      It cannot be used to access any other data.
+  .col-lg-8.rss-token-reset
+    = label_tag :rss_token, 'RSS token', class: "label-light"
+    = text_field_tag :rss_token, current_user.rss_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+    %p.help-block
+      Keep this token secret. Anyone who gets ahold of it can read activity and issue RSS feeds as if they were you.
+      You should
+      = link_to 'reset it', [:reset, :rss_token, :profile], method: :put, data: { confirm: 'Are you sure? Any RSS URLs currently in use will stop working.' }
+      if that ever happens.
+
+- if incoming_email_token_enabled?
+  %hr
+  .row.prepend-top-default
+    .col-lg-4.profile-settings-sidebar
+      %h4.prepend-top-0
+        Incoming email token
+      %p
+        Your incoming email token is used to authenticate you when you create a new issue by email, and is included in your personal project-specific email addresses.
+      %p
+        It cannot be used to access any other data.
+    .col-lg-8.incoming-email-token-reset
+      = label_tag :incoming_email_token, 'Incoming email token', class: "label-light"
+      = text_field_tag :incoming_email_token, current_user.incoming_email_token, class: 'form-control', readonly: true, onclick: 'this.select()'
+      %p.help-block
+        Keep this token secret. Anyone who gets ahold of it can create issues as if they were you.
+        You should
+        = link_to 'reset it', [:reset, :incoming_email_token, :profile], method: :put, data: { confirm: 'Are you sure? Any issue email addresses currently in use will stop working.' }
+        if that ever happens.
--- a/spec/features/profile_spec.rb
+++ b/spec/features/profile_spec.rb
 require 'spec_helper'

-describe 'Profile account page' do
+describe 'Profile account page', :js do
  let(:user) { create(:user) }

  before do
@@ -58,31 +58,36 @@ describe 'Profile account page' do

  describe 'when I reset RSS token' do
    before do
-      visit profile_account_path
+      visit profile_personal_access_tokens_path
    end

    it 'resets RSS token' do
-      previous_token = find("#rss-token").value
+      within('.rss-token-reset') do
+        previous_token = find("#rss_token").value
+
+        click_link('reset it')

-      click_link('Reset RSS token')
+        expect(find('#rss_token').value).not_to eq(previous_token)
+      end

      expect(page).to have_content 'RSS token was successfully reset'
-      expect(find('#rss-token').value).not_to eq(previous_token)
    end
  end

  describe 'when I reset incoming email token' do
    before do
      allow(Gitlab.config.incoming_email).to receive(:enabled).and_return(true)
-      visit profile_account_path
+      visit profile_personal_access_tokens_path
    end

    it 'resets incoming email token' do
-      previous_token = find('#incoming-email-token').value
+      within('.incoming-email-token-reset') do
+        previous_token = find('#incoming_email_token').value

-      click_link('Reset incoming email token')
+        click_link('reset it')

-      expect(find('#incoming-email-token').value).not_to eq(previous_token)
+        expect(find('#incoming_email_token').value).not_to eq(previous_token)
+      end
    end
  end