Skip to content
Snippets Groups Projects

Add Demonstrating Proof of Possession (DPoP) for Personal Access Tokens

Closed Add Demonstrating Proof of Possession (DPoP) for Personal Access Tokens
ameya-dpop-backend into master
8 unresolved threads
Closed Ameya Darshan requested to merge ameya-dpop-backend into master
8 unresolved threads
Compare
and
16 files
+ 474
1
Compare changes
  • Side-by-side
  • Inline
Files
16
app/controllers/user_settings/personal_access_tokens_controller.rb
+ 17
0
@@ -7,6 +7,7 @@ class PersonalAccessTokensController < ApplicationController
feature_category :system_access
before_action :check_personal_access_tokens_enabled
before_action :user
def index
set_index_vars
@@ -50,8 +51,20 @@ def revoke
redirect_to user_settings_personal_access_tokens_path
end
def toggle_dpop
if Feature.enabled?(:dpop_authentication, user, type: :beta) and !@user.keys.nil?
@user.user_preference.update!(dpop_enabled: dpop_toggled?)
end
redirect_to user_settings_personal_access_tokens_path
end
private
def dpop_toggled?
params[:user][:dpop_enabled].to_i == 1
end
def finder(options = {})
PersonalAccessTokensFinder.new({ user: current_user, impersonation: false }.merge(options))
end
@@ -60,6 +73,10 @@ def personal_access_token_params
params.require(:personal_access_token).permit(:name, :expires_at, scopes: [])
end
def user
@user = current_user
end
def set_index_vars
@scopes = Gitlab::Auth.available_scopes_for(current_user)
@active_access_tokens = active_access_tokens