Skip to content

Hide feed, incoming email, and static object tokens by default

Peter Hegman requested to merge 344237-access-tokens-should-be-hidden-by-default-upon-loading-a-page into master

What does this MR do and why?

Currently the feed, incoming email, and static object tokens are displayed in plain text on the screen. This MR changes this so they are hidden by default and requires the user to click a button to revel the token. In the process this MR converts that section from HAML to Vue

Screenshots or screen recordings

Desktop

Before After
Screen_Shot_2021-12-08_at_1.02.38_PM Screen_Shot_2021-12-08_at_1.01.54_PM

Mobile

Before After
Screen_Shot_2021-12-08_at_1.06.52_PM Screen_Shot_2021-12-08_at_1.10.01_PM

How to set up and validate locally

  1. Enable the hide_access_tokens feature flag
    • bin/rails console
    • Feature.enable(:hide_access_tokens)
  2. Open gitlab.yml in the gdk/gitlab directory. Find the incoming_email property and change enabled to true. Run gdk restart
  3. Sign in as an Admin.
  4. Navigate to /admin/application_settings/general. Open the Visibility and access controls section and ensure the Disable feed token checkbox is unchecked.
  5. Navigate to /admin/application_settings/repository. Open the External storage for repository static objects section. Enter https://foo.bar for the External storage URL field and a random value (fdsafasdf) for External storage authentication token.
  6. Navigate to /-/profile/personal_access_tokens

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #344237 (closed)

Edited by Peter Hegman

Merge request reports