Skip to content

GitLab Next

Projects
Groups
Snippets
Help

Loading...
Help
Sign in / Register

Project overview
Repository
Issues 0
Merge Requests 0
- Merge Requests 0
Requirements
Security & Compliance
Packages & Registries
Analytics
Snippets
- Snippets
Members
- Members

Collapse sidebar

Activity
Graph
Create a new issue
Commits
Issue Boards

GitLab.org
GitLab FOSS
Merge Requests
!3749

Merged

Opened Apr 15, 2016 by Timothy Andrew @timothyandrew99 of 101 tasks completed99/101 tasks

Report abuse

Allow creating Personal Access Tokens through the website

Overview 117
Commits 47
Pipelines 18
Changes 19

Related to #2979 (closed)

Allow a user to create personal access tokens, and use them to authenticate
Refactor API::Helpers into API::Helpers::Core and API::Helpers::Authentication

Tasks

#2979 (closed) (!3749 (merged)) - Personal Access Tokens
- Basic Implementation
  - Add UI to add "Personal Access Tokens"
  - Reload lib/api on every request
  - Respect these tokens for API requests
  - Just a param or a header too?
  - Allow revoking tokens
  - Expire tokens
  - Left bar should have a "PAT" icon
  - Scopes?
  - Copy to Clipboard
  - Show active/inactive tokens separately
    - No need to check for expired/revoked in the appropriate places
  - Why does regular ApplicationController check for private token?
  - Support non-API requests
  - Revert (or work on) lib/api eager loading
- Create MR
- Refactoring
- Fix tests
- Write more tests
- Add screenshots to MR
- Add description of query performance to MR
- Limit the number of queries in the personal_access_tokens page
- Wait for CI to pass
- Fix merge issues in schema.rb
- Assign MR to endboss
- Wait for feedback
- Fix feedback
  - Wait for CI to pass
- Assign to @rspeicher
- Fix @rspeicher's comments
- Wait for CI to pass
- Assign back to @rspeicher
- Write documentation and ping @axil
- Wait for Axil to respond
- Assign to endboss
- Address Douwe's feedback
  - Use the private_token or authentication_token param instead of personal_access_token
  - Ditto for the header
- Assign to endboss
- Make sure CI is green
- Address Douwe's feedback
  - Don't go through the authenticate_user_from_private_token! method, if a private token is supplied (or combine them)
  - In authenticate_user_from_personal_access_token! don't hit DB if token_string is nil
  - Use current_user.personal_access_tokens.build in the controller
  - Remove the "We aren't using personal_access_token as the root param" comment
  - No need for = "...", we can just have the Inactive ... #{...} on the next line in the view
  - Render dates in a (more) human format
  - CSS issue with table
  - Don't show the tokens in the UI indefinitely
  - How to implement scopes? Add-on to current impl? Doorkeeper?
- Wait for @DouweM's comments about scopes
- Address @DouweM's second review
  - Try not using native['innerHTML']
  - use contexts for all "when ..."
  - Ensure consistency (styling) with other pages for "You don't have any tokens" message
  - "Actions" table column doesn't need a label
  - %td can be moved outside of the if/else statement
  - The header title should be "Profile Settings"
  - Can this be a before_create, so we don't need to use generate?
  - If it couldn't be revoked, will we show an error?
  - If it couldn't be saved, will we show an error?
- Merge master
- Update CHANGELOG entry
- Add tests for form errors?
- Post screenshots
- Tag @jschatz1 for review
- Wait for build to pass
- Respond to @jschatz1's comments
  - Hardcoded colors should be variables
  - Should not be allowed to chose a date in the past
  - Use the same table as in the Applications tab
  - button should say "Create Personal Access Token"
  - Float the revoke to the right on the a
  - Change revocation message. "Are you sure you want to revoke this certificate? This action cannot be undone."
  - Date stays selected and looks selected even though date is set as "never".
  - ~~hover on the calendar button shifts~~ (not caused by this MR - happens on milestones#new as well)
  - Don't use the panel for the created token
    - Use a normal flash for "Your new personal access token has been created"
    - Show the input (with the token) below it full width.
    - Put the "Make sure you save it - you won't be able to access it again." message near the input
  - Have the input highlight all on single click
- Update screenshots
- Merge master in + conflicts
- Assign to @jschatz1 again
- Respond to @jschatz1's comments
  - No button for clipboard, only link
  - text-danger
  - highlight fade on that area where the token was created
- Make sure build is green
- Assign to @jschatz1
- Wait for build to pass
- Respond to @DouweM's feedback
  - move the redirect_to out of the if/else
  - certificate -> token
  - datepicker back to text field
  - combine the get_user_from_private_token and get_user_from_personal_access_token methods in ApplicationController
  - combine the get_user_from_private_token and get_user_from_personal_access_token methods in lib/api/helpers
  - don't need the new constants
- Wait for build to pass
- Wait for merge

Screenshots

Related to #2979

- Allow a user to create personal access tokens, and use them to authenticate
- Refactor `API::Helpers` into `API::Helpers::Core` and `API::Helpers::Authentication`

# Tasks

- [ ]  #2979 (!3749)  - Personal Access Tokens
    - [x]  Basic Implementation
        - [x]  Add UI to add "Personal Access Tokens"
        - [x]  Reload `lib/api` on every request
        - [x]  Respect these tokens for API requests
        - [x]  Just a param or a header too?
        - [x]  Allow revoking tokens
        - [x]  Expire tokens
        - [x]  Left bar should have a "PAT" icon
        - [x]  Scopes?
        - [x]  Copy to Clipboard
        - [x]  Show active/inactive tokens separately
            - [x]  No need to check for expired/revoked in the appropriate places
        - [x]  Why does regular ApplicationController check for private token?
        - [x]  Support non-API requests
        - [x]  Revert (or work on) `lib/api` eager loading
    - [x]  Create MR
    - [x]  Refactoring
    - [x]  Fix tests
    - [x]  Write more tests
    - [x]  Add screenshots to MR
    - [x]  Add description of query performance to MR
    - [x]  Limit the number of queries in the `personal_access_tokens` page
    - [x]  Wait for CI to pass
    - [x]  Fix merge issues in schema.rb
    - [x]  Assign MR to endboss
    - [x]  Wait for feedback
    - [x]  Fix feedback
        - [x]  Wait for CI to pass
    - [x]  Assign to @rspeicher
    - [x]  Fix @rspeicher's comments
    - [x]  Wait for CI to pass
    - [x]  Assign back to @rspeicher
    - [x]  Write documentation and ping @axil
    - [x]  Wait for Axil to respond
    - [x]  Assign to endboss
    - [x]  Address Douwe's feedback
        - [x]  Use the `private_token` or `authentication_token` param instead of `personal_access_token`
        - [x]  Ditto for the header
    - [x]  Assign to endboss
    - [x]  Make sure CI is green
    - [x]  Address Douwe's feedback
        - [x]  Don't go through the `authenticate_user_from_private_token!` method, if a private token is supplied (or combine them)
        - [x]  In `authenticate_user_from_personal_access_token!` don't hit DB if `token_string` is `nil`
        - [x]  Use `current_user.personal_access_tokens.build` in the controller
        - [x]  Remove the "We aren't using `personal_access_token` as the root param" comment
        - [x]  `No need for = "...", we can just have the Inactive ... #{...} on the next line` in the view
        - [x]  Render dates in a (more) human format
        - [x]  CSS issue with table
        - [x]  Don't show the tokens in the UI indefinitely
        - [x]  How to implement scopes? Add-on to current impl? Doorkeeper?
    - [x]  Wait for @DouweM's comments about scopes
    - [x]  Address @DouweM's second review 
        - [x]  Try not using `native['innerHTML']`
        - [x]  use contexts for all "when ..."
        - [x]  Ensure consistency (styling) with other pages for "You don't have any tokens" message
        - [x]  "Actions" table column doesn't need a label
        - [x]  %td can be moved outside of the if/else statement
        - [x]  The header title should be "Profile Settings"
        - [x]  Can this be a `before_create`, so we don't need to use `generate`?
        - [x]  If it couldn't be revoked, will we show an error?
        - [x]  If it couldn't be saved, will we show an error?
    - [x]  Merge master
    - [x]  Update CHANGELOG entry
    - [x]  Add tests for form errors?
    - [x]  Post screenshots
    - [x]  Tag @jschatz1 for review
    - [x]  Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/0dff6fd/builds) to pass
    - [x]  Respond to @jschatz1's comments
        - [x]  Hardcoded colors should be variables
        - [x]  Should not be allowed to chose a date in the past
        - [x]  Use the same table as in the Applications tab
        - [x]  button should say "Create Personal Access Token"
        - [x]  Float the revoke to the right on the `a`
        - [x]  Change revocation message. "Are you sure you want to revoke this certificate? This action cannot be undone."
        - [x]  Date stays selected and looks selected even though date is set as "never".
        - [x]  ~~hover on the calendar button shifts~~ (not caused by this MR - happens on `milestones#new` as well)
        - [x]  Don't use the panel for the created token
            - [x]  Use a normal flash for "Your new personal access token has been created"
            - [x]  Show the input (with the token) below it full width.
            - [x]  Put the "Make sure you save it - you won't be able to access it again." message near the input
        - [x]  Have the input highlight all on single click
    - [x]  Update screenshots
    - [x]  Merge master in + conflicts
    - [x]  Assign to @jschatz1 again
    - [x]  Respond to @jschatz1's comments
        - [x]  No button for clipboard, only link
        - [x]  text-danger
        - [x]  highlight fade on that area where the token was created
    - [x]  Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/d754d99179f1ffe846fcc1d8e858163b39efc5dc/builds) is green
    - [x]  Assign to @jschatz1
    - [x]  Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/faa0e3f7580bc38d4d12916b4589c64d6c2678a7/builds) to pass
    - [x]  Respond to @DouweM's feedback
        - [x]  move the redirect_to out of the if/else
        - [x]  certificate -> token
        - [x]  datepicker back to text field
        - [x]  combine the get_user_from_private_token and get_user_from_personal_access_token methods in ApplicationController
        - [x]  combine the get_user_from_private_token and get_user_from_personal_access_token methods in `lib/api/helpers`
        - [x]  don't need the new constants
    - [x]  Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/9d7cda3ddce52baad9618466a5d00319b333be57/builds) to pass
    - [ ]  Wait for merge

# Screenshots
![Screen_Shot_2016-06-16_at_8.30.33_AM](/uploads/30a168964b7c5e0eb322705747829fb6/Screen_Shot_2016-06-16_at_8.30.33_AM.png)
![Screen_Shot_2016-06-16_at_8.30.44_AM](/uploads/7a8202885df6120071bbe81b215aaead/Screen_Shot_2016-06-16_at_8.30.44_AM.png)
![Screen_Shot_2016-06-16_at_8.31.02_AM](/uploads/6905c0848864e390138b771389c7a1b2/Screen_Shot_2016-06-16_at_8.31.02_AM.png)
![Screen_Shot_2016-06-16_at_8.31.29_AM](/uploads/0bc92369fb2f9bc335773f6abec421c3/Screen_Shot_2016-06-16_at_8.31.29_AM.png)

Assignee

Assign to

8.9

Milestone

Assign milestone

Time tracking

0

Labels

None

Assign labels

View project labels

Reference: gitlab-org/gitlab-foss!3749

Cherry-pick this merge request

Pick into branch

Switch branch

A new branch will be created in your fork and a new merge request will be started.