Draft: Switch to masked representation for newly created access tokens
What does this MR do and why?
Follow-up to !77449 (merged). Closes #350590 (closed).
This MR changes the personal, impersonation, project and group access tokens to be shown in a masked representation when newly created. The same representation is already used for the personal feed tokens and prevents accidental token leakage when e.g. screen sharing.
Open Tasks:
-
Add spec coverage for NewTokenField
Vue component -
Resolve duplicate id
issue in<input-copy-toggle-visibility>
component
Screenshots or screen recordings
Type | Before | After |
---|---|---|
Group Access Token | ||
Project Access Token | ||
Personal Access Token | ||
Impersonation Access Token |
How to set up and validate locally
- Use this branch and visit either the personal, impersonation, project or group access token page (e.g.
Group > Settings > Access Tokens
for group access token). - Enter a valid access token name, select a scope of choice and click the
Create * access token
button. - A text-box with
Your new * access token
label will appear. - Click the
Copy * access token
button and ensure that the token was copied successfully. - Click the
Click to reveal
button and ensure that the token value is properly displayed within the text-box. - Use the token e.g. via API to ensure it is valid and accepted by GitLab.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.