Skip to content
Snippets Groups Projects

Add Demonstrating Proof of Possession (DPoP) for Personal Access Tokens

Closed Add Demonstrating Proof of Possession (DPoP) for Personal Access Tokens
ameya-dpop-backend into master
8 unresolved threads
Closed Ameya Darshan requested to merge ameya-dpop-backend into master
8 unresolved threads
Compare
and
23 files
+ 906
4
Compare changes
  • Side-by-side
  • Inline
Files
23
app/controllers/user_settings/personal_access_tokens_controller.rb
+ 26
0
@@ -9,6 +9,7 @@ class PersonalAccessTokensController < ApplicationController
before_action :check_personal_access_tokens_enabled
prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:ics) }
before_action :user
def index
set_index_vars
@@ -60,8 +61,29 @@ def revoke
redirect_to user_settings_personal_access_tokens_path
end
def toggle_dpop
unless Feature.enabled?(:dpop_authentication, user, type: :beta)
redirect_to user_settings_personal_access_tokens_path
return
end
result = UserPreferences::UpdateService.new(@user, dpop_params).execute
if result.success?
flash[:notice] = _('DPoP preference updated.')
else
flash[:warning] = _('Unable to update DPoP preference.')
end
redirect_to user_settings_personal_access_tokens_path
end
private
def dpop_params
params.require(:user).permit(:dpop_enabled)
end
def finder(options = {})
PersonalAccessTokensFinder.new({ user: current_user, impersonation: false }.merge(options))
end
@@ -70,6 +92,10 @@ def personal_access_token_params
params.require(:personal_access_token).permit(:name, :expires_at, scopes: [])
end
def user
@user = current_user
end
def set_index_vars
@scopes = Gitlab::Auth.available_scopes_for(current_user)
@active_access_tokens = active_access_tokens