gitlab-org--gitlab-foss/app/models/deploy_token.rb

class DeployToken < ActiveRecord::Base
  include Expirable
  include TokenAuthenticatable
  add_authentication_token_field :token

  AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
  GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token'.freeze

  default_value_for(:expires_at) { Forever.date }

  has_many :project_deploy_tokens, inverse_of: :deploy_token
  has_many :projects, through: :project_deploy_tokens

  validate :ensure_at_least_one_scope
  before_save :ensure_token

  accepts_nested_attributes_for :project_deploy_tokens

  scope :active, -> { where("revoked = false AND expires_at >= NOW()") }

  def self.gitlab_deploy_token
    active.find_by(name: GITLAB_DEPLOY_TOKEN_NAME)
  end

  def revoke!
    update!(revoked: true)
  end

  def active?
    !revoked
  end

  def scopes
    AVAILABLE_SCOPES.select { |token_scope| read_attribute(token_scope) }
  end

  def username
    "gitlab+deploy-token-#{id}"
  end

  def has_access_to?(requested_project)
    active? && project == requested_project
  end

  # This is temporal. Currently we limit DeployToken
  # to a single project, later we're going to extend
  # that to be for multiple projects and namespaces.
  def project
    projects.first
  end

  def expires_at
    expires_at = read_attribute(:expires_at)
    expires_at != Forever.date ? expires_at : nil
  end

  def expires_at=(value)
    write_attribute(:expires_at, value.presence || Forever.date)
  end

  private

  def ensure_at_least_one_scope
    errors.add(:base, "Scopes can't be blank") unless read_repository || read_registry
  end
end
Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 2018-03-19 12:11:12 -04:00			`class DeployToken < ActiveRecord::Base`
			`include Expirable`
			`include TokenAuthenticatable`
			`add_authentication_token_field :token`

Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`AVAILABLE_SCOPES = %i(read_repository read_registry).freeze`
Rename special deploy token to make it more descriptive Also: - Includes more specs - Improves a bit the documentation 2018-04-18 13:25:57 -04:00			`GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token'.freeze`
Handles default expires_at date directly into DeployToken model 2018-04-06 12:23:45 -04:00
Handle limit for datetime attributes on MySQL The TIMESTAMP data type is used for values that contain both date and time parts. TIMESTAMP has a range of '1970-01-01 00:00:01' UTC to '2038-01-19 03:14:07' UTC. A Forever lib class was included to handle future dates for PostgreSQL and MySQL, also changes were made to DeployToken to enforce Forever.date Also removes extra conditional from JwtController 2018-04-06 15:48:17 -04:00			`default_value_for(:expires_at) { Forever.date }`
Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 2018-03-19 12:11:12 -04:00
Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`has_many :project_deploy_tokens, inverse_of: :deploy_token`
Revert the addition of goldiloader This reverts the addition of the "goldiloader" Gem and all use of it. While this Gem is very promising it's causing a variety of problems on GitLab.com due to it eager-loading too much data in places where we don't expect/can handle this. At least for the time being this means we have to go back to manually fixing N+1 query problems, but at least those should not cause a negative impact on availability. 2018-04-18 09:41:42 -04:00			`has_many :projects, through: :project_deploy_tokens`
Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 2018-03-19 12:11:12 -04:00
Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`validate :ensure_at_least_one_scope`
Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 2018-03-19 12:11:12 -04:00			`before_save :ensure_token`

Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`accepts_nested_attributes_for :project_deploy_tokens`

Addresses database comments - Adds a default on expires_at datetime - Modifies deploy tokens views to handle default expires at value - Use datetime_with_timezone where possible - Remove unused scopes 2018-04-06 10:30:21 -04:00			`scope :active, -> { where("revoked = false AND expires_at >= NOW()") }`
Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 2018-03-19 12:11:12 -04:00
Refactor deploy token methods on Ci::Build Also include a class method for retriving the gitlab_deploy_token on DeployTokens 2018-04-20 11:05:16 -04:00			`def self.gitlab_deploy_token`
			`active.find_by(name: GITLAB_DEPLOY_TOKEN_NAME)`
			`end`

Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`def revoke!`
			`update!(revoked: true)`
Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 2018-03-19 12:11:12 -04:00			`end`
Implement 'read_repo' for DeployTokens This will allow to download a repo using the token from the DeployToken 2018-03-29 18:56:35 -04:00
			`def active?`
			`!revoked`
			`end`

Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`def scopes`
Addresses database comments - Adds a default on expires_at datetime - Modifies deploy tokens views to handle default expires at value - Use datetime_with_timezone where possible - Remove unused scopes 2018-04-06 10:30:21 -04:00			`AVAILABLE_SCOPES.select { \|token_scope\| read_attribute(token_scope) }`
Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`end`

Implement 'read_repo' for DeployTokens This will allow to download a repo using the token from the DeployToken 2018-03-29 18:56:35 -04:00			`def username`
Support Deploy Tokens properly without hacking abilities 2018-04-05 09:49:18 -04:00			`"gitlab+deploy-token-#{id}"`
			`end`

Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`def has_access_to?(requested_project)`
Verify that deploy token has valid access when pulling container registry image 2018-04-10 03:31:30 -04:00			`active? && project == requested_project`
Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`end`

Addresses database comments - Adds a default on expires_at datetime - Modifies deploy tokens views to handle default expires at value - Use datetime_with_timezone where possible - Remove unused scopes 2018-04-06 10:30:21 -04:00			`# This is temporal. Currently we limit DeployToken`
			`# to a single project, later we're going to extend`
			`# that to be for multiple projects and namespaces.`
Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`def project`
			`projects.first`
			`end`

Handle limit for datetime attributes on MySQL The TIMESTAMP data type is used for values that contain both date and time parts. TIMESTAMP has a range of '1970-01-01 00:00:01' UTC to '2038-01-19 03:14:07' UTC. A Forever lib class was included to handle future dates for PostgreSQL and MySQL, also changes were made to DeployToken to enforce Forever.date Also removes extra conditional from JwtController 2018-04-06 15:48:17 -04:00			`def expires_at`
			`expires_at = read_attribute(:expires_at)`
			`expires_at != Forever.date ? expires_at : nil`
			`end`

			`def expires_at=(value)`
			`write_attribute(:expires_at, value.presence \|\| Forever.date)`
			`end`

Include ProjectDeployTokens Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs 2018-04-05 13:22:34 -04:00			`private`

			`def ensure_at_least_one_scope`
			`errors.add(:base, "Scopes can't be blank") unless read_repository \|\| read_registry`
Implement 'read_repo' for DeployTokens This will allow to download a repo using the token from the DeployToken 2018-03-29 18:56:35 -04:00			`end`
Create barebones for Deploytoken Includes: - Model, factories, create service and controller actions - As usual, includes specs for everything - Builds UI (copy from PAT) - Add revoke action Closes #31591 2018-03-19 12:11:12 -04:00			`end`