Merge branch '222734-clarify-call-to-action-for-expired-active-tokens' into 'master'

Resolve "Clarify call to action for expired active tokens" [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!59304

Merge branch '222734-clarify-call-to-action-for-expired-active-tokens' into 'master'
Resolve "Clarify call to action for expired active tokens" [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!59304
e3d57cd4 · Max Woolf · 8a514a91 · cf4dc920 · e3d57cd4 · e3d57cd4
Commit e3d57cd4 authored Jul 09, 2021 by Max Woolf
6 changed files
--- a/app/helpers/personal_access_tokens_helper.rb
+++ b/app/helpers/personal_access_tokens_helper.rb
+# frozen_string_literal: true
+
+module PersonalAccessTokensHelper
+  def personal_access_token_expiration_enforced?
+    false
+  end
+end
--- a/app/views/shared/access_tokens/_table.html.haml
+++ b/app/views/shared/access_tokens/_table.html.haml
 - no_active_tokens_message = local_assigns.fetch(:no_active_tokens_message, _('This user has no active %{type}.') % { type: type_plural })
 - impersonation = local_assigns.fetch(:impersonation, false)
 - project = local_assigns.fetch(:project, false)
+- personal = !impersonation && !project

 %hr

 %h5
  = _('Active %{type} (%{token_length})') % { type: type_plural, token_length: active_tokens.length }
+- if personal && !personal_access_token_expiration_enforced?
+  %p.profile-settings-content
+    = _("Personal access tokens are not revoked upon expiration.")
 - if impersonation
  %p.profile-settings-content
    = _("To see all the user's personal access tokens you must impersonate them first.")
@@ -16,6 +20,7 @@
      %thead
        %tr
          %th= _('Token name')
+          %th= _('Scopes')
          %th= s_('AccessTokens|Created')
          %th
            = _('Last Used')
@@ -23,12 +28,12 @@
          %th= _('Expires')
          - if project
            %th= _('Role')
-          %th= _('Scopes')
          %th
      %tbody
        - active_tokens.each do |token|
          %tr
            %td= token.name
+            %td= token.scopes.present? ? token.scopes.join(', ') : _('no scopes selected')
            %td= token.created_at.to_date.to_s(:medium)
            %td
              - if token.last_used_at?
@@ -47,8 +52,7 @@
                %span.token-never-expires-label= _('Never')
            - if project
              %td= project.project_member(token.user).human_access
-            %td= token.scopes.present? ? token.scopes.join(', ') : _('no scopes selected')
-            %td= link_to _('Revoke'), revoke_route_helper.call(token), method: :put, class: 'gl-button btn btn-danger btn-sm float-right qa-revoke-button', data: { confirm: _('Are you sure you want to revoke this %{type}? This action cannot be undone.') % { type: type } }
+            %td= link_to _('Revoke'), revoke_route_helper.call(token), method: :put, class: "gl-button btn btn-danger btn-sm float-right qa-revoke-button #{'btn-danger-secondary' unless token.expires?}", data: { confirm: _('Are you sure you want to revoke this %{type}? This action cannot be undone.') % { type: type } }
 - else
  .settings-message.text-center
    = no_active_tokens_message
--- a/ee/app/helpers/ee/personal_access_tokens_helper.rb
+++ b/ee/app/helpers/ee/personal_access_tokens_helper.rb
+# frozen_string_literal: true
+
+module EE
+  module PersonalAccessTokensHelper
+    extend ::Gitlab::Utils::Override
+    include ::Gitlab::Utils::StrongMemoize
+
+    def personal_access_token_expiration_policy_enabled?
+      return group_level_personal_access_token_expiration_policy_enabled? if current_user.group_managed_account?
+
+      instance_level_personal_access_token_expiration_policy_enabled?
+    end
+
+    def personal_access_token_max_expiry_date
+      return group_level_personal_access_token_max_expiry_date if current_user.group_managed_account?
+
+      instance_level_personal_access_token_max_expiry_date
+    end
+
+    def personal_access_token_expiration_policy_licensed?
+      ::License.feature_available?(:personal_access_token_expiration_policy)
+    end
+
+    override :personal_access_token_expiration_enforced?
+    def personal_access_token_expiration_enforced?
+      ::PersonalAccessToken.expiration_enforced?
+    end
+
+    def enforce_pat_expiration_feature_available?
+      ::PersonalAccessToken.enforce_pat_expiration_feature_available?
+    end
+
+    def token_expiry_banner_message(user)
+      verifier = ::PersonalAccessTokens::RotationVerifierService.new(user)
+
+      return _('At least one of your Personal Access Tokens is expired, but expiration enforcement is disabled. %{generate_new}') if verifier.expired?
+
+      return _('At least one of your Personal Access Tokens will expire soon, but expiration enforcement is disabled. %{generate_new}') if verifier.expiring_soon?
+    end
+
+    private
+
+    def instance_level_personal_access_token_expiration_policy_enabled?
+      instance_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
+    end
+
+    def instance_level_personal_access_token_max_expiry_date
+      ::Gitlab::CurrentSettings.max_personal_access_token_lifetime_from_now
+    end
+
+    def group_level_personal_access_token_expiration_policy_enabled?
+      group_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
+    end
+
+    def group_level_personal_access_token_max_expiry_date
+      current_user.managing_group.max_personal_access_token_lifetime_from_now
+    end
+  end
+end
--- a/ee/app/helpers/personal_access_tokens_helper.rb
+++ b/ee/app/helpers/personal_access_tokens_helper.rb
-# frozen_string_literal: true
-
-module PersonalAccessTokensHelper
-  include Gitlab::Utils::StrongMemoize
-
-  def personal_access_token_expiration_policy_enabled?
-    return group_level_personal_access_token_expiration_policy_enabled? if current_user.group_managed_account?
-
-    instance_level_personal_access_token_expiration_policy_enabled?
-  end
-
-  def personal_access_token_max_expiry_date
-    return group_level_personal_access_token_max_expiry_date if current_user.group_managed_account?
-
-    instance_level_personal_access_token_max_expiry_date
-  end
-
-  def personal_access_token_expiration_policy_licensed?
-    License.feature_available?(:personal_access_token_expiration_policy)
-  end
-
-  def enforce_pat_expiration_feature_available?
-    PersonalAccessToken.enforce_pat_expiration_feature_available?
-  end
-
-  def token_expiry_banner_message(user)
-    verifier = PersonalAccessTokens::RotationVerifierService.new(user)
-
-    return _('At least one of your Personal Access Tokens is expired, but expiration enforcement is disabled. %{generate_new}') if verifier.expired?
-
-    return _('At least one of your Personal Access Tokens will expire soon, but expiration enforcement is disabled. %{generate_new}') if verifier.expiring_soon?
-  end
-
-  private
-
-  def instance_level_personal_access_token_expiration_policy_enabled?
-    instance_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
-  end
-
-  def instance_level_personal_access_token_max_expiry_date
-    ::Gitlab::CurrentSettings.max_personal_access_token_lifetime_from_now
-  end
-
-  def group_level_personal_access_token_expiration_policy_enabled?
-    group_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
-  end
-
-  def group_level_personal_access_token_max_expiry_date
-    current_user.managing_group.max_personal_access_token_lifetime_from_now
-  end
-end
--- a/ee/spec/helpers/personal_access_tokens_helper_spec.rb
+++ b/ee/spec/helpers/personal_access_tokens_helper_spec.rb
@@ -2,7 +2,7 @@

 require 'spec_helper'

-RSpec.describe PersonalAccessTokensHelper do
+RSpec.describe EE::PersonalAccessTokensHelper do
  let(:group) do
    build(:group, max_personal_access_token_lifetime: group_level_max_personal_access_token_lifetime)
  end
@@ -178,4 +178,12 @@ RSpec.describe PersonalAccessTokensHelper do
      it { is_expected.to eq('At least one of your Personal Access Tokens will expire soon, but expiration enforcement is disabled. %{generate_new}') }
    end
  end
+
+  describe '#personal_access_token_expiration_enforced' do
+    it 'calls the class method expiration_enforced?' do
+      expect(::PersonalAccessToken).to receive(:expiration_enforced?)
+
+      helper.personal_access_token_expiration_enforced?
+    end
+  end
 end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -23872,6 +23872,9 @@ msgstr ""
 msgid "Personal Access Token prefix"
 msgstr ""

+msgid "Personal access tokens are not revoked upon expiration."
+msgstr ""
+
 msgid "Personal project creation is not allowed. Please contact your administrator with questions"
 msgstr ""