Move PAT API to CE

Moves PAT API endpoints from EE Ultimate to CE for all users.

Move PAT API to CE
Moves PAT API endpoints from EE Ultimate to CE for all users.
d8d101a6 · Max Woolf · Gabriel Mazetto · 4866577d · d8d101a6 · d8d101a6
Commit d8d101a6 authored Oct 31, 2020 by Max Woolf Committed by Gabriel Mazetto Oct 31, 2020
7 changed files
--- a/changelogs/unreleased/270200-downtier-pat-apis.yml
+++ b/changelogs/unreleased/270200-downtier-pat-apis.yml
+---
+title: Move Personal Access Token API to Core
+merge_request: 46145
+author:
+type: changed
--- a/doc/api/personal_access_tokens.md
+++ b/doc/api/personal_access_tokens.md
@@ -4,13 +4,14 @@ group: unassigned
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
-# Personal access tokens API **(ULTIMATE)**
+# Personal access tokens API
 You can read more about [personal access tokens](../user/profile/personal_access_tokens.md#personal-access-tokens).
 ## List personal access tokens
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227264) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227264) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3.
+> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/270200) to [GitLab Core](https://about.gitlab.com/pricing/) in 13.6.
 Get a list of personal access tokens.

--- a/ee/app/models/license.rb
+++ b/ee/app/models/license.rb
@@ -136,7 +136,6 @@ class License < ApplicationRecord
    insights
    issuable_health_status
    license_scanning
-    personal_access_token_api_management
    personal_access_token_expiration_policy
    enforce_pat_expiration
    prometheus_alerts

--- a/ee/lib/ee/api/api.rb
+++ b/ee/lib/ee/api/api.rb
@@ -26,7 +26,6 @@ module EE
        mount ::API::Ldap
        mount ::API::LdapGroupLinks
        mount ::API::License
-        mount ::API::PersonalAccessTokens
        mount ::API::ProjectMirror
        mount ::API::ProjectPushRule
        mount ::API::GroupPushRule

--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -236,6 +236,7 @@ module API
      mount ::API::ProjectTemplates
      mount ::API::Terraform::State
      mount ::API::Terraform::StateVersion
+      mount ::API::PersonalAccessTokens
      mount ::API::ProtectedBranches
      mount ::API::ProtectedTags
      mount ::API::Releases

--- a/ee/lib/api/personal_access_tokens.rb
+++ b/ee/lib/api/personal_access_tokens.rb
@@ -37,11 +37,6 @@ module API
      def find_token(id)
        PersonalAccessToken.find(id) || not_found!
      end
-      def authenticate!
-        unauthorized! unless ::License.feature_available?(:personal_access_token_api_management)
-        super
-      end
    end
    resources :personal_access_tokens do

--- a/ee/spec/requests/api/personal_access_tokens_spec.rb
+++ b/ee/spec/requests/api/personal_access_tokens_spec.rb
@@ -9,41 +9,23 @@ RSpec.describe API::PersonalAccessTokens do
  let_it_be(:current_user) { create(:user) }
  describe 'GET /personal_access_tokens' do
-    context 'when unlicensed' do
+    context 'logged in as an Administrator' do
-      before do
+      let_it_be(:current_user) { create(:admin) }
-        stub_licensed_features(personal_access_token_api_management: false)
-      end
-      it 'responds with unauthorized' do
+      it 'returns all PATs by default' do
        get api(path, current_user)
-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:ok)
-      end
+        expect(json_response.count).to eq(PersonalAccessToken.all.count)
-    end
-    context 'when licensed' do
-      before do
-        stub_licensed_features(personal_access_token_api_management: true)
      end
-      context 'logged in as an Administrator' do
+      context 'filtered with user_id parameter' do
-        let_it_be(:current_user) { create(:admin) }
+        it 'returns only PATs belonging to that user' do
+          get api(path, current_user), params: { user_id: token1.user.id }
-        it 'returns all PATs by default' do
-          get api(path, current_user)
          expect(response).to have_gitlab_http_status(:ok)
-          expect(json_response.count).to eq(PersonalAccessToken.all.count)
+          expect(json_response.count).to eq(1)
-        end
+          expect(json_response.first['user_id']).to eq(token1.user.id)
-        context 'filtered with user_id parameter' do
-          it 'returns only PATs belonging to that user' do
-            get api(path, current_user), params: { user_id: token1.user.id }
-            expect(response).to have_gitlab_http_status(:ok)
-            expect(json_response.count).to eq(1)
-            expect(json_response.first['user_id']).to eq(token1.user.id)
-          end
        end
      end
@@ -91,57 +73,39 @@ RSpec.describe API::PersonalAccessTokens do
  describe 'DELETE /personal_access_tokens/:id' do
    let(:path) { "/personal_access_tokens/#{token1.id}" }
-    context 'when unlicensed' do
+    context 'when current_user is an administrator', :enable_admin_mode do
-      before do
+      let_it_be(:admin_user) { create(:admin) }
-        stub_licensed_features(personal_access_token_api_management: false)
+      let_it_be(:admin_token) { create(:personal_access_token, user: admin_user) }
-      end
+      let_it_be(:admin_path) { "/personal_access_tokens/#{admin_token.id}" }
-      it 'responds with unauthorized' do
-        delete api(path, current_user)
-        expect(response).to have_gitlab_http_status(:unauthorized)
+      it 'revokes a different users token' do
-      end
+        delete api(path, admin_user)
-    end
-    context 'when licensed' do
+        expect(response).to have_gitlab_http_status(:no_content)
-      before do
+        expect(token1.reload.revoked?).to be true
-        stub_licensed_features(personal_access_token_api_management: true)
      end
-      context 'when current_user is an administrator', :enable_admin_mode do
+      it 'revokes their own token' do
-        let_it_be(:admin_user) { create(:admin) }
+        delete api(admin_path, admin_user)
-        let_it_be(:admin_token) { create(:personal_access_token, user: admin_user) }
-        let_it_be(:admin_path) { "/personal_access_tokens/#{admin_token.id}" }
-        it 'revokes a different users token' do
-          delete api(path, admin_user)
-          expect(response).to have_gitlab_http_status(:no_content)
-          expect(token1.reload.revoked?).to be true
-        end
-        it 'revokes their own token' do
-          delete api(admin_path, admin_user)
-          expect(response).to have_gitlab_http_status(:no_content)
+        expect(response).to have_gitlab_http_status(:no_content)
-        end
      end
+    end
-      context 'when current_user is not an administrator' do
+    context 'when current_user is not an administrator' do
-        let_it_be(:user_token) { create(:personal_access_token, user: current_user) }
+      let_it_be(:user_token) { create(:personal_access_token, user: current_user) }
-        let_it_be(:user_token_path) { "/personal_access_tokens/#{user_token.id}" }
+      let_it_be(:user_token_path) { "/personal_access_tokens/#{user_token.id}" }
-        it 'fails revokes a different users token' do
+      it 'fails revokes a different users token' do
-          delete api(path, current_user)
+        delete api(path, current_user)
-          expect(response).to have_gitlab_http_status(:bad_request)
+        expect(response).to have_gitlab_http_status(:bad_request)
-        end
+      end
-        it 'revokes their own token' do
+      it 'revokes their own token' do
-          delete api(user_token_path, current_user)
+        delete api(user_token_path, current_user)
-          expect(response).to have_gitlab_http_status(:no_content)
+        expect(response).to have_gitlab_http_status(:no_content)
-        end
      end
    end
  end