Add controllers and frontend for DPoP
What does this MR do and why?
This MR adds the controller and frontend code for Add DPoP checks in GraphQL and API requests (!169013 - merged).
Related to Sender constraining personal access tokens (#425130).
References
See the epic (Allow users to require demonstrated proof of po... (&14383)) for context, pre-work, and other related issues.
Screenshots or screen recordings
When dpop_authentication
FF is disabled:
When :dpop_authentication
FF is enabled:
How to set up and validate locally
- Checkout this branch locally.
- Run
bin/rails db:migrate
- In rails console, enable the feature flag:
Feature.enable(:dpop_authentication, User.first)
- Login as root.
- Go to Settings > Access tokens > Toggle the DPoP option.
- Confirm it persists in the database
User.first.dpop_enabled
and also on the frontend after refreshing the page.
Merge request reports
Activity
assigned to @ameyadarshan
added pipelinetier-1 label
1 Warning This merge request contains lines with testid selectors. Please ensure e2e:test-on-omnibus
job is run.2 Messages CHANGELOG missing: If this merge request needs a changelog entry, add the
Changelog
trailer to the commit message you want to add to the changelog.If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.
This merge request adds or changes documentation files and requires Technical Writing review. The review should happen before merge, but can be post-merge if the merge request is time sensitive. Documentation review
The following files require a review from a technical writer:
-
doc/user/profile/personal_access_tokens.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
testid
selectorsThe following changed lines in this MR contain
testid
selectors:app/views/user_settings/personal_access_tokens/_dpop.html.haml
+= gitlab_ui_form_for current_user, url: toggle_dpop_user_settings_personal_access_tokens_path, method: :put, html: { data: { testid: 'dpop-form' } } do |f|
If the
e2e:test-on-omnibus
job in theqa
stage has run automatically, please ensure the tests are passing. If the job has not run, please start themanual:e2e-test-pipeline-generate
job in theprepare
stage and ensure the tests infollow-up:e2e:test-on-omnibus-ee
pipeline are passing.For the list of known failures please refer to the latest pipeline triage issue.
If your changes are under a feature flag, please check our Testing with feature flags documentation for instructions.
Reviewer roulette
Category Reviewer Maintainer backend @lesley-r
(UTC-6, 11.5 hours behind author)
@bala.kumar
(UTC+5.5, same timezone as author)
frontend @leetickett-gitlab
(UTC+0, 5.5 hours behind author)
@janis
(UTC+1, 4.5 hours behind author)
groupauthentication Reviewer review is optional for groupauthentication @eduardosanz
(UTC+1, 4.5 hours behind author)
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
Searchable setting sections
Looks like you have edited the template of some settings section. Please check that all changed sections are still searchable:
- If you created a new section, make sure to add it to either
lib/search/project_settings.rb
orlib/search/group_settings.rb
, or in their counterparts inee/
if this section is only available behind a licensed feature. - If you removed a section, make sure to also remove it from the files above.
- If you changed a section's id, please update it also in the files above.
- If you just moved code around within the same page, there is nothing to do.
- If you are unsure what to do, please reach out to grouppersonal productivity.
app/views/user_settings/personal_access_tokens/_dpop.html.haml
+ .settings-section.js-search-settings-section
If needed, you can retry the
danger-review
job that generated this comment.Generated by
DangerEdited by ****-
- Resolved by 🤖 GitLab Bot 🤖
Proper labels assigned to this merge request. Please ignore me.
@ameyadarshan
- please see the following guidance and update this merge request.1 Error Please add typebug typefeature, or typemaintenance label to this merge request. Edited by 🤖 GitLab Bot 🤖
added DPoP label
requested review from @aqualls
added Category:System Access label
@aqualls could you please review
doc/user/profile/personal_access_tokens.md
for Technical Writing ? Thanks! This is very similar to Add Demonstrating Proof of Possession (DPoP) fo... (!148175 - closed) which you had already reviewed.added documentation label
requested review from @cindy-halim
requested review from @Saahmed
- Resolved by Ameya Darshan
@cindy-halim could you please do the frontend review for this MR?
- Resolved by Ameya Darshan
requested review from @rshambhuni
changed milestone to %17.9
FYI @hsutor this MR will make DPoP available in the product. Could you please review
doc/user/profile/personal_access_tokens.md
to ensure the tiering and offering have the correct information?requested review from @hsutor
removed review request for @rshambhuni
- Resolved by Ameya Darshan
- Resolved by Ameya Darshan
- Resolved by Ameya Darshan
- Resolved by Ameya Darshan
- Resolved by Ameya Darshan
- Resolved by Amy Qualls
@ameyadarshan I've got some string changes for you, but I'd also like to add some more info to the proposed docs.
added Technical Writing UI text labels
- Resolved by Ameya Darshan
mentioned in issue #461472 (closed)
added pipeline:mr-approved label
added pipelinetier-2 label and removed pipelinetier-1 label
Before you set this MR to auto-merge
This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.
Before you set this MR to auto-merge, please check the following:
- You are the last maintainer of this merge request
- The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
- This pipeline is recent enough (created in the last 8 hours)
If all the criteria above apply, please set auto-merge for this merge request.
See pipeline tiers and merging a merge request for more details.
requested review from @dpisek
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
test report for 5ce85777expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Govern | 79 | 0 | 13 | 0 | 92 | ✅ | | Plan | 82 | 0 | 8 | 0 | 90 | ✅ | | Create | 135 | 0 | 23 | 0 | 158 | ✅ | | Verify | 51 | 0 | 21 | 0 | 72 | ✅ | | Data Stores | 33 | 0 | 10 | 0 | 43 | ✅ | | Monitor | 8 | 0 | 12 | 0 | 20 | ✅ | | Manage | 1 | 0 | 9 | 0 | 10 | ✅ | | Package | 24 | 0 | 14 | 0 | 38 | ✅ | | Configure | 0 | 0 | 3 | 0 | 3 | ➖ | | Secure | 5 | 0 | 3 | 0 | 8 | ✅ | | Fulfillment | 2 | 0 | 7 | 0 | 9 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Ai-powered | 0 | 0 | 2 | 0 | 2 | ➖ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | | Release | 5 | 0 | 1 | 0 | 6 | ✅ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 427 | 0 | 129 | 0 | 556 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-test-on-cng:
test report for 5ce85777expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Plan | 86 | 0 | 8 | 0 | 94 | ✅ | | Create | 140 | 0 | 22 | 0 | 162 | ✅ | | Govern | 84 | 0 | 10 | 0 | 94 | ✅ | | Data Stores | 33 | 0 | 10 | 0 | 43 | ✅ | | Verify | 52 | 0 | 20 | 0 | 72 | ✅ | | Package | 29 | 0 | 15 | 0 | 44 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Manage | 1 | 0 | 9 | 0 | 10 | ✅ | | Monitor | 8 | 0 | 12 | 0 | 20 | ✅ | | Ai-powered | 0 | 0 | 2 | 0 | 2 | ➖ | | Secure | 3 | 0 | 5 | 0 | 8 | ✅ | | Fulfillment | 2 | 0 | 7 | 0 | 9 | ✅ | | Release | 5 | 0 | 1 | 0 | 6 | ✅ | | ModelOps | 0 | 0 | 1 | 0 | 1 | ➖ | | Growth | 0 | 0 | 2 | 0 | 2 | ➖ | | Configure | 0 | 0 | 3 | 0 | 3 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 445 | 0 | 127 | 0 | 572 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
Edited by ****