gitlab-org--gitlab-foss/app/controllers/profiles/personal_access_tokens_controller.rb

# frozen_string_literal: true

class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
  feature_category :authentication_and_authorization

  before_action do
    push_frontend_feature_flag(:personal_access_tokens_scoped_to_projects, current_user)
  end

  def index
    set_index_vars
    scopes = params[:scopes].split(',').map(&:squish).select(&:present?).map(&:to_sym) unless params[:scopes].nil?
    @personal_access_token = finder.build(
      name: params[:name],
      scopes: scopes
    )
  end

  def create
    result = ::PersonalAccessTokens::CreateService.new(
      current_user: current_user, target_user: current_user, params: personal_access_token_params
    ).execute

    @personal_access_token = result.payload[:personal_access_token]

    if result.success?
      PersonalAccessToken.redis_store!(current_user.id, @personal_access_token.token)
      redirect_to profile_personal_access_tokens_path, notice: _("Your new personal access token has been created.")
    else
      set_index_vars
      render :index
    end
  end

  def revoke
    @personal_access_token = finder.find(params[:id])
    service = PersonalAccessTokens::RevokeService.new(current_user, token: @personal_access_token).execute
    service.success? ? flash[:notice] = service.message : flash[:alert] = service.message

    redirect_to profile_personal_access_tokens_path
  end

  private

  def finder(options = {})
    PersonalAccessTokensFinder.new({ user: current_user, impersonation: false }.merge(options))
  end

  def personal_access_token_params
    params.require(:personal_access_token).permit(:name, :expires_at, scopes: [])
  end

  def set_index_vars
    @scopes = Gitlab::Auth.available_scopes_for(current_user)

    @inactive_personal_access_tokens = finder(state: 'inactive').execute
    @active_personal_access_tokens = active_personal_access_tokens

    @new_personal_access_token = PersonalAccessToken.redis_getdel(current_user.id)
  end

  def active_personal_access_tokens
    finder(state: 'active', sort: 'expires_at_asc').execute
  end
end

Profiles::PersonalAccessTokensController.prepend_mod_with('Profiles::PersonalAccessTokensController')
Enable more frozen string in app/controllers/ Enables frozen string for the following: * app/controllers/dashboard/*/.rb * app/controllers/explore/*/.rb * app/controllers/google_api/*/.rb * app/controllers/groups/*/.rb * app/controllers/import/*/.rb * app/controllers/instance_statistics/*/.rb * app/controllers/ldap/*/.rb * app/controllers/oauth/*/.rb * app/controllers/profiles/*/.rb Partially addresses #47424. 2018-09-23 15:44:14 -04:00			`# frozen_string_literal: true`

Add an entry for Personal Access Tokens in the sidebar. 2016-04-19 04:31:21 -04:00			`class Profiles::PersonalAccessTokensController < Profiles::ApplicationController`
Add latest changes from gitlab-org/gitlab@master 2020-10-08 14:08:32 -04:00			`feature_category :authentication_and_authorization`

Add latest changes from gitlab-org/gitlab@master 2021-02-24 22:10:50 -05:00			`before_action do`
			`push_frontend_feature_flag(:personal_access_tokens_scoped_to_projects, current_user)`
			`end`

Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`def index`
Allow creating personal access tokens / OAuth applications with scopes. 2016-11-22 03:57:31 -05:00			`set_index_vars`
Add latest changes from gitlab-org/gitlab@master 2021-06-30 08:07:58 -04:00			`scopes = params[:scopes].split(',').map(&:squish).select(&:present?).map(&:to_sym) unless params[:scopes].nil?`
			`@personal_access_token = finder.build(`
			`name: params[:name],`
			`scopes: scopes`
			`)`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`end`

			`def create`
Add latest changes from gitlab-org/gitlab@master 2020-11-09 07:09:24 -05:00			`result = ::PersonalAccessTokens::CreateService.new(`
			`current_user: current_user, target_user: current_user, params: personal_access_token_params`
			`).execute`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-11-09 07:09:24 -05:00			`@personal_access_token = result.payload[:personal_access_token]`

			`if result.success?`
Fix new personal access token showing up in a flash message 2017-12-03 23:01:18 -05:00			`PersonalAccessToken.redis_store!(current_user.id, @personal_access_token.token)`
Externalize strings in flash messages - Externalize strings in controllers - Update PO file 2019-04-08 10:17:45 -04:00			`redirect_to profile_personal_access_tokens_path, notice: _("Your new personal access token has been created.")`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`else`
Allow creating personal access tokens / OAuth applications with scopes. 2016-11-22 03:57:31 -05:00			`set_index_vars`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`render :index`
			`end`
			`end`

Allow revoking personal access tokens. 2016-04-15 11:24:20 -04:00			`def revoke`
apply codestyle and implementation changes to the respective feature code 2017-03-01 11:59:03 -05:00			`@personal_access_token = finder.find(params[:id])`
Add latest changes from gitlab-org/gitlab@master 2020-08-07 11:10:17 -04:00			`service = PersonalAccessTokens::RevokeService.new(current_user, token: @personal_access_token).execute`
			`service.success? ? flash[:notice] = service.message : flash[:alert] = service.message`
Implement @DouweM's feedback. - Extract a duplicated `redirect_to` - Fix a typo: "token", not "certificate" - Have the "Expires at" datepicker be attached to a text field, not inline - Have both private tokens and personal access tokens verified in a single "authenticate_from_private_token" method, both in the application and API. Move relevant logic to `User#find_by_personal_access_token` - Remove unnecessary constants relating to API auth. We don't need a separate constant for personal access tokens since the param is the same as for private tokens. 2016-06-15 22:54:13 -04:00
			`redirect_to profile_personal_access_tokens_path`
Allow revoking personal access tokens. 2016-04-15 11:24:20 -04:00			`end`

Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`private`

apply codestyle and implementation changes to the respective feature code 2017-03-01 11:59:03 -05:00			`def finder(options = {})`
			`PersonalAccessTokensFinder.new({ user: current_user, impersonation: false }.merge(options))`
refactors finder and correlated code 2017-02-27 13:56:54 -05:00			`end`

Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`def personal_access_token_params`
Allow creating personal access tokens / OAuth applications with scopes. 2016-11-22 03:57:31 -05:00			`params.require(:personal_access_token).permit(:name, :expires_at, scopes: [])`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`end`
Display appropriate errors when personal access token creation/revocation fails. 2016-06-02 23:53:16 -04:00
Allow creating personal access tokens / OAuth applications with scopes. 2016-11-22 03:57:31 -05:00			`def set_index_vars`
Added write_repository scope for personal access token 2019-04-15 09:05:55 -04:00			`@scopes = Gitlab::Auth.available_scopes_for(current_user)`
apply codestyle and implementation changes to the respective feature code 2017-03-01 11:59:03 -05:00
			`@inactive_personal_access_tokens = finder(state: 'inactive').execute`
Add latest changes from gitlab-org/gitlab@master 2020-06-18 08:09:25 -04:00			`@active_personal_access_tokens = active_personal_access_tokens`
Fix new personal access token showing up in a flash message 2017-12-03 23:01:18 -05:00
			`@new_personal_access_token = PersonalAccessToken.redis_getdel(current_user.id)`
Display appropriate errors when personal access token creation/revocation fails. 2016-06-02 23:53:16 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-06-18 08:09:25 -04:00
			`def active_personal_access_tokens`
			`finder(state: 'active', sort: 'expires_at_asc').execute`
			`end`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-06-18 08:09:25 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-05-11 17:10:21 -04:00			`Profiles::PersonalAccessTokensController.prepend_mod_with('Profiles::PersonalAccessTokensController')`