Introduce Rotate Token in UI - Impersonation Tokens

Related to #505232 Changelog: added

Introduce Rotate Token in UI - Impersonation Tokens
3d5eb88f · Henry Helm · GitLab · 8dcd9d61 · 3d5eb88f · 3d5eb88f
Verified Commit 3d5eb88f authored 4 months ago by Henry Helm Committed by GitLab 4 months ago
--- a/app/controllers/admin/impersonation_tokens_controller.rb
+++ b/app/controllers/admin/impersonation_tokens_controller.rb
@@ -37,6 +37,20 @@ def revoke
    redirect_to admin_user_impersonation_tokens_path
  end

+  def rotate
+    token = finder.find(params.permit(:id)[:id])
+    result = PersonalAccessTokens::RotateService.new(current_user, token, nil, keep_token_lifetime: true).execute
+
+    @impersonation_token = result.payload[:personal_access_token]
+    if result.success?
+      active_access_tokens = active_impersonation_tokens
+      render json: { new_token: @impersonation_token.token,
+                     active_access_tokens: active_access_tokens, total: active_access_tokens.length }, status: :ok
+    else
+      render json: { message: result.message }, status: :unprocessable_entity
+    end
+  end
+
  private

  # rubocop: disable CodeReuse/ActiveRecord

--- a/app/serializers/impersonation_access_token_entity.rb
+++ b/app/serializers/impersonation_access_token_entity.rb
@@ -7,5 +7,9 @@ class ImpersonationAccessTokenEntity < AccessTokenEntityBase
  expose :revoke_path do |token, _options|
    revoke_admin_user_impersonation_token_path(token.user, token)
  end
+
+  expose :rotate_path do |token, _options|
+    rotate_admin_user_impersonation_token_path(token.user, token)
+  end
 end
 # rubocop: enable Gitlab/NamespacedClass
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -7,6 +7,7 @@
    resources :impersonation_tokens, only: [:index, :create] do
      member do
        put :revoke
+        put :rotate
      end
    end


--- a/spec/features/admin/admin_users_impersonation_tokens_spec.rb
+++ b/spec/features/admin/admin_users_impersonation_tokens_spec.rb
@@ -99,4 +99,35 @@
      expect(page).not_to have_content("Impersonation Tokens")
    end
  end
+
+  describe "rotating tokens" do
+    let!(:impersonation_token) do
+      create(:personal_access_token, :impersonation, user: user, organization: organization)
+    end
+
+    it "displays the newly created token" do
+      visit admin_user_impersonation_tokens_path(user_id: user.username)
+
+      accept_gl_confirm(button_text: s_('AccessTokens|Rotate')) { click_on s_('AccessTokens|Rotate') }
+      wait_for_all_requests
+
+      expect(page).to have_content("Your new impersonation token has been created.")
+      expect(active_access_tokens).to have_text(impersonation_token.name)
+      expect(created_access_token).to match(/[\w-]{20}/)
+    end
+
+    context "when rotation fails" do
+      it "displays an error message" do
+        visit admin_user_impersonation_tokens_path(user_id: user.username)
+
+        accept_gl_confirm(button_text: s_('AccessTokens|Rotate')) do
+          impersonation_token.revoke!
+          click_on s_('AccessTokens|Rotate')
+        end
+        wait_for_all_requests
+
+        expect(page).to have_content(s_('AccessTokens|Token already revoked'))
+      end
+    end
+  end
 end
--- a/spec/requests/admin/impersonation_tokens_controller_spec.rb
+++ b/spec/requests/admin/impersonation_tokens_controller_spec.rb
@@ -22,34 +22,42 @@
    end
  end

-  context "when impersonation is disabled" do
+  context 'when impersonation is disabled' do
    before do
      stub_config_setting(impersonation_enabled: false)
    end

-    it "shows error page for index page" do
+    it 'shows error page for index page' do
      get admin_user_impersonation_tokens_path(user_id: user.username)

      expect(response).to have_gitlab_http_status(:not_found)
    end

-    it "responds with 404 for create action" do
+    it 'responds with 404 for create action' do
      post admin_user_impersonation_tokens_path(user_id: user.username)

      expect(response).to have_gitlab_http_status(:not_found)
    end

-    it "responds with 404 for revoke action" do
+    it 'responds with 404 for revoke action' do
      token = create(:personal_access_token, :impersonation, user: user)

      put revoke_admin_user_impersonation_token_path(user_id: user.username, id: token.id)

      expect(response).to have_gitlab_http_status(:not_found)
    end
+
+    it 'responds with 404 for rotate action' do
+      token = create(:personal_access_token, :impersonation, user: user)
+
+      put rotate_admin_user_impersonation_token_path(user_id: user.username, id: token.id)
+
+      expect(response).to have_gitlab_http_status(:not_found)
+    end
  end

-  describe "#create", :with_current_organization do
-    it_behaves_like "#create access token" do
+  describe '#create', :with_current_organization do
+    it_behaves_like '#create access token' do
      let(:url) { admin_user_impersonation_tokens_path(user_id: user.username) }
      let(:token_attributes) { attributes_for(:personal_access_token, impersonation: true) }
    end

--- a/spec/serializers/impersonation_access_token_entity_spec.rb
+++ b/spec/serializers/impersonation_access_token_entity_spec.rb
@@ -12,13 +12,18 @@
                                          .revoke_admin_user_impersonation_token_path(
                                            { user_id: user, id: token })

+    expected_rotate_path = Gitlab::Routing.url_helpers
+                                          .rotate_admin_user_impersonation_token_path(
+                                            { user_id: user, id: token })
+
    expect(json).to(
      include(
        id: token.id,
        name: token.name,
        scopes: token.scopes,
        user_id: token.user_id,
-        revoke_path: expected_revoke_path
+        revoke_path: expected_revoke_path,
+        rotate_path: expected_rotate_path
      ))

    expect(json).not_to include(:token)