gitlab-org--gitlab-foss/app/models/personal_access_token.rb

class PersonalAccessToken < ActiveRecord::Base
  include Expirable
  include TokenAuthenticatable
  add_authentication_token_field :token

  serialize :scopes, Array

  belongs_to :user

  before_save :ensure_token

  scope :active, -> { where("revoked = false AND (expires_at >= NOW() OR expires_at IS NULL)") }
  scope :inactive, -> { where("revoked = true OR expires_at < NOW()") }
  scope :with_impersonation, -> { where(impersonation: true) }
  scope :without_impersonation, -> { where(impersonation: false) }

  validates :scopes, presence: true
  validate :validate_api_scopes

  def revoke!
    self.revoked = true
    self.save
  end

  def active?
    !revoked? && !expired?
  end

  protected

  def validate_api_scopes
    unless scopes.all? { |scope| Gitlab::Auth::API_SCOPES.include?(scope.to_sym) }
      errors.add :scopes, "can only contain API scopes"
    end
  end
end
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`class PersonalAccessToken < ActiveRecord::Base`
manage personal_access_tokens through api 2016-12-27 11:26:57 -05:00			`include Expirable`
Address @DouweM's feedback on !3749. - Use `TokenAuthenticatable` to generate the personal access token - Remove a check for `authenticity_token` in application controller; this should've been `authentication_token`, maybe, and doesn't make any sense now. - Have the datepicker appear inline 2016-04-25 05:00:59 -04:00			`include TokenAuthenticatable`
			`add_authentication_token_field :token`

Add a `scopes` column to the `personal_access_tokens` table 2016-11-22 03:53:53 -05:00			`serialize :scopes, Array`

Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`belongs_to :user`

applies relevant changes to the code and code structure 2017-02-23 12:47:06 -05:00			`before_save :ensure_token`

refactors finder and correlated code 2017-02-27 13:56:54 -05:00			`scope :active, -> { where("revoked = false AND (expires_at >= NOW() OR expires_at IS NULL)") }`
Make fixes based on @vsizov's comments on MR !3749 2016-04-22 04:33:11 -04:00			`scope :inactive, -> { where("revoked = true OR expires_at < NOW()") }`
refactors finder and correlated code 2017-02-27 13:56:54 -05:00			`scope :with_impersonation, -> { where(impersonation: true) }`
			`scope :without_impersonation, -> { where(impersonation: false) }`
Allow revoking personal access tokens. 2016-04-15 11:24:20 -04:00
Require explicit scopes on personal access tokens Gitlab::Auth and API::APIGuard already check for at least one valid scope on personal access tokens, so if the scopes are empty the token will always fail validation. 2017-02-06 10:39:35 -05:00			`validates :scopes, presence: true`
			`validate :validate_api_scopes`
Only use API scopes for personal access tokens 2017-01-31 05:21:29 -05:00
Allow revoking personal access tokens. 2016-04-15 11:24:20 -04:00			`def revoke!`
			`self.revoked = true`
			`self.save`
			`end`
manage personal_access_tokens through api 2016-12-27 11:26:57 -05:00
			`def active?`
			`!revoked? && !expired?`
			`end`
Merge branch 'siemens/gitlab-ce-feature/openid-connect' 2017-03-07 11:16:08 -05:00
Only use API scopes for personal access tokens 2017-01-31 05:21:29 -05:00			`protected`

Require explicit scopes on personal access tokens Gitlab::Auth and API::APIGuard already check for at least one valid scope on personal access tokens, so if the scopes are empty the token will always fail validation. 2017-02-06 10:39:35 -05:00			`def validate_api_scopes`
			`unless scopes.all? { \|scope\| Gitlab::Auth::API_SCOPES.include?(scope.to_sym) }`
Only use API scopes for personal access tokens 2017-01-31 05:21:29 -05:00			`errors.add :scopes, "can only contain API scopes"`
			`end`
			`end`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`end`