Skip to content

GitLab Next

Menu

Projects Groups Snippets

/
Help
Sign in / Register

GitLab FOSS
Project information
- Project information
- Activity
- Labels
- Members
Repository
- Repository
- Files
- Commits
- Branches
- Tags
- Contributors
- Graph
- Compare
- Locked Files
Issues 0
- Issues 0
- List
- Boards
- Service Desk
- Milestones
- Iterations
- Requirements
Merge requests 1
- Merge requests 1
Deployments
- Deployments
- Environments
- Releases
Packages & Registries
- Packages & Registries
- Package Registry
- Container Registry
- Infrastructure Registry
Monitor
- Monitor
- Metrics
- Incidents
Analytics
- Analytics
- Value stream
- Code review
- Insights
- Issue
- Repository
Snippets
- Snippets
Activity
Graph
Create a new issue
Commits
Issue Boards

Collapse sidebar

GitLab.org
GitLab FOSS
Merge requests
!3749

Allow creating Personal Access Tokens through the website

Review changes
Download
Email patches
Plain diff

Merged Timothy Andrew requested to merge 2979-personal-access-tokens into master Apr 15, 2016

Overview 117
Commits 47
Changes 19

Related to #2979 (closed)

Allow a user to create personal access tokens, and use them to authenticate
Refactor API::Helpers into API::Helpers::Core and API::Helpers::Authentication

Tasks

#2979 (closed) (!3749 (merged)) - Personal Access Tokens
- Basic Implementation
  - Add UI to add "Personal Access Tokens"
  - Reload lib/api on every request
  - Respect these tokens for API requests
  - Just a param or a header too?
  - Allow revoking tokens
  - Expire tokens
  - Left bar should have a "PAT" icon
  - Scopes?
  - Copy to Clipboard
  - Show active/inactive tokens separately
    - No need to check for expired/revoked in the appropriate places
  - Why does regular ApplicationController check for private token?
  - Support non-API requests
  - Revert (or work on) lib/api eager loading
- Create MR
- Refactoring
- Fix tests
- Write more tests
- Add screenshots to MR
- Add description of query performance to MR
- Limit the number of queries in the personal_access_tokens page
- Wait for CI to pass
- Fix merge issues in schema.rb
- Assign MR to endboss
- Wait for feedback
- Fix feedback
  - Wait for CI to pass
- Assign to @rspeicher
- Fix @rspeicher's comments
- Wait for CI to pass
- Assign back to @rspeicher
- Write documentation and ping @axil
- Wait for Axil to respond
- Assign to endboss
- Address Douwe's feedback
  - Use the private_token or authentication_token param instead of personal_access_token
  - Ditto for the header
- Assign to endboss
- Make sure CI is green
- Address Douwe's feedback
  - Don't go through the authenticate_user_from_private_token! method, if a private token is supplied (or combine them)
  - In authenticate_user_from_personal_access_token! don't hit DB if token_string is nil
  - Use current_user.personal_access_tokens.build in the controller
  - Remove the "We aren't using personal_access_token as the root param" comment
  - No need for = "...", we can just have the Inactive ... #{...} on the next line in the view
  - Render dates in a (more) human format
  - CSS issue with table
  - Don't show the tokens in the UI indefinitely
  - How to implement scopes? Add-on to current impl? Doorkeeper?
- Wait for @DouweM's comments about scopes
- Address @DouweM's second review
  - Try not using native['innerHTML']
  - use contexts for all "when ..."
  - Ensure consistency (styling) with other pages for "You don't have any tokens" message
  - "Actions" table column doesn't need a label
  - %td can be moved outside of the if/else statement
  - The header title should be "Profile Settings"
  - Can this be a before_create, so we don't need to use generate?
  - If it couldn't be revoked, will we show an error?
  - If it couldn't be saved, will we show an error?
- Merge master
- Update CHANGELOG entry
- Add tests for form errors?
- Post screenshots
- Tag @jschatz1 for review
- Wait for build to pass
- Respond to @jschatz1's comments
  - Hardcoded colors should be variables
  - Should not be allowed to chose a date in the past
  - Use the same table as in the Applications tab
  - button should say "Create Personal Access Token"
  - Float the revoke to the right on the a
  - Change revocation message. "Are you sure you want to revoke this certificate? This action cannot be undone."
  - Date stays selected and looks selected even though date is set as "never".
  - ~~hover on the calendar button shifts~~ (not caused by this MR - happens on milestones#new as well)
  - Don't use the panel for the created token
    - Use a normal flash for "Your new personal access token has been created"
    - Show the input (with the token) below it full width.
    - Put the "Make sure you save it - you won't be able to access it again." message near the input
  - Have the input highlight all on single click
- Update screenshots
- Merge master in + conflicts
- Assign to @jschatz1 again
- Respond to @jschatz1's comments
  - No button for clipboard, only link
  - text-danger
  - highlight fade on that area where the token was created
- Make sure build is green
- Assign to @jschatz1
- Wait for build to pass
- Respond to @DouweM's feedback
  - move the redirect_to out of the if/else
  - certificate -> token
  - datepicker back to text field
  - combine the get_user_from_private_token and get_user_from_personal_access_token methods in ApplicationController
  - combine the get_user_from_private_token and get_user_from_personal_access_token methods in lib/api/helpers
  - don't need the new constants
- Wait for build to pass
- Wait for merge

Screenshots

Assignee

Assign to

Reviewer

Request review from

Time tracking

Source branch: 2979-personal-access-tokens