gitlab-org--gitlab-foss/app/views/profiles/personal_access_tokens/index.html.haml

- page_title "Personal Access Tokens"
= render 'profiles/head'

.row.prepend-top-default
  .col-lg-3.profile-settings-sidebar
    %h4.prepend-top-0
      = page_title
    %p
      You can generate a personal access token for each application you use that needs access to the GitLab API.
    %p
      You can also use personal access tokens to authenticate against Git over HTTP.
      They are the only accepted password when you have Two-Factor Authentication (2FA) enabled.

  .col-lg-9

    - if flash[:personal_access_token]
      .created-personal-access-token-container
        %h5.prepend-top-0
          Your New Personal Access Token
        .form-group
          = text_field_tag 'created-personal-access-token', flash[:personal_access_token], readonly: true, class: "form-control", 'aria-describedby' => "created-personal-access-token-help-block"
          = clipboard_button(clipboard_text: flash[:personal_access_token], title: "Copy personal access token to clipboard", placement: "left")
          %span#created-personal-access-token-help-block.help-block.text-danger Make sure you save it - you won't be able to access it again.

      %hr

    %h5.prepend-top-0
      Add a Personal Access Token
    %p.profile-settings-content
      Pick a name for the application, and we'll give you a unique token.

    = render "form", personal_access_token: @personal_access_token, scopes: @scopes

    %hr

    %h5 Active Personal Access Tokens (#{@active_personal_access_tokens.length})

    - if @active_personal_access_tokens.present?
      .table-responsive
        %table.table.active-personal-access-tokens
          %thead
            %tr
              %th Name
              %th Created
              %th Expires
              %th Scopes
              %th
          %tbody
            - @active_personal_access_tokens.each do |token|
              %tr
                %td= token.name
                %td= token.created_at.to_date.to_s(:medium)
                %td
                  - if token.expires_at.present?
                    = token.expires_at.to_date.to_s(:medium)
                  - else
                    %span.personal-access-tokens-never-expires-label Never
                %td= token.scopes.present? ? token.scopes.join(", ") : "<no scopes selected>"
                %td= link_to "Revoke", revoke_profile_personal_access_token_path(token), method: :put, class: "btn btn-danger pull-right", data: { confirm: "Are you sure you want to revoke this token? This action cannot be undone." }

    - else
      .settings-message.text-center
        You don't have any active tokens yet.

    %hr

    %h5 Inactive Personal Access Tokens (#{@inactive_personal_access_tokens.length})

    - if @inactive_personal_access_tokens.present?
      .table-responsive
        %table.table.inactive-personal-access-tokens
          %thead
            %tr
              %th Name
              %th Created
          %tbody
            - @inactive_personal_access_tokens.each do |token|
              %tr
                %td= token.name
                %td= token.created_at.to_date.to_s(:medium)

    - else
      .settings-message.text-center
        There are no inactive tokens.


:javascript
  var $dateField = $('#personal_access_token_expires_at');
  var date = $dateField.val();

  new Pikaday({
    field: $dateField.get(0),
    theme: 'gitlab-theme',
    format: 'YYYY-MM-DD',
    minDate: new Date(),
    onSelect: function(dateText) {
      $dateField.val(dateFormat(new Date(dateText), 'yyyy-mm-dd'));
    }
  });

  $("#created-personal-access-token").click(function() {
    this.select();
  });

  $("#created-personal-access-token").effect('highlight', { color: '#ffff99' }, 2000);
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`- page_title "Personal Access Tokens"`
Fix preferences tests. 2016-06-30 12:42:07 -04:00			`= render 'profiles/head'`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00
			`.row.prepend-top-default`
			`.col-lg-3.profile-settings-sidebar`
			`%h4.prepend-top-0`
			`= page_title`
			`%p`
Fix minor styling issues. - No "Actions" label necessary - `%td` can be moved out of `if/else` - Page header should be "Profile Settings", not "Personal Access Tokens" - "You don't have any tokens" message should be styled consistently 2016-06-02 23:37:37 -04:00			`You can generate a personal access token for each application you use that needs access to the GitLab API.`
Deny Git over HTTP access to users that have 2FA enabled, unless they use a Personal Access Token. 2016-08-10 20:04:25 -04:00			`%p`
Refactor `find_for_git_client` method to not use assignment in conditionals and syntax fixes. 2016-08-17 18:21:18 -04:00			`You can also use personal access tokens to authenticate against Git over HTTP.`
			`They are the only accepted password when you have Two-Factor Authentication (2FA) enabled.`
Deny Git over HTTP access to users that have 2FA enabled, unless they use a Personal Access Token. 2016-08-10 20:04:25 -04:00
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`.col-lg-9`
Only show a personal access token right after its creation. 2016-06-01 22:57:47 -04:00
			`- if flash[:personal_access_token]`
Implement second round of comments from @jschatz1. - Just use a link for the clipboard button. Having a non-clickable container (that looks like a button) is confusing. - Use `text-danger` for the "you won't be able to access it again" message. - Highlight the created token so people know to look there. 2016-06-09 23:19:05 -04:00			`.created-personal-access-token-container`
Implement @jschatz1's comments. - No hardcoded colors in any SCSS file except `variables.scss` - Don't allow choosing a date in the past - Use the same table as in the "Applications" tab - The button should say "Create Personal Access Token" - Float the revoke button to the right of the table cell - Change the revocation message to be more explicit. - Date shouldn't look selected on page load - Don't use a panel for the created token - Use a normal flash for "Your new personal access token has been created" - Show the input (with the token) below it full width. - Put the "Make sure you save it - you won't be able to access it again." message near the input - Have the created token's input highlight all on single click 2016-06-09 04:38:49 -04:00			`%h5.prepend-top-0`
			`Your New Personal Access Token`
			`.form-group`
Implement second round of comments from @jschatz1. - Just use a link for the clipboard button. Having a non-clickable container (that looks like a button) is confusing. - Use `text-danger` for the "you won't be able to access it again" message. - Highlight the created token so people know to look there. 2016-06-09 23:19:05 -04:00			`= text_field_tag 'created-personal-access-token', flash[:personal_access_token], readonly: true, class: "form-control", 'aria-describedby' => "created-personal-access-token-help-block"`
Text for copy to clipboard: URL, personal access token, commands, reference 2017-01-11 15:40:51 -05:00			`= clipboard_button(clipboard_text: flash[:personal_access_token], title: "Copy personal access token to clipboard", placement: "left")`
Implement second round of comments from @jschatz1. - Just use a link for the clipboard button. Having a non-clickable container (that looks like a button) is confusing. - Use `text-danger` for the "you won't be able to access it again" message. - Highlight the created token so people know to look there. 2016-06-09 23:19:05 -04:00			`%span#created-personal-access-token-help-block.help-block.text-danger Make sure you save it - you won't be able to access it again.`
Implement @jschatz1's comments. - No hardcoded colors in any SCSS file except `variables.scss` - Don't allow choosing a date in the past - Use the same table as in the "Applications" tab - The button should say "Create Personal Access Token" - Float the revoke button to the right of the table cell - Change the revocation message to be more explicit. - Date shouldn't look selected on page load - Don't use a panel for the created token - Use a normal flash for "Your new personal access token has been created" - Show the input (with the token) below it full width. - Put the "Make sure you save it - you won't be able to access it again." message near the input - Have the created token's input highlight all on single click 2016-06-09 04:38:49 -04:00
			`%hr`
Only show a personal access token right after its creation. 2016-06-01 22:57:47 -04:00
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`%h5.prepend-top-0`
			`Add a Personal Access Token`
			`%p.profile-settings-content`
			`Pick a name for the application, and we'll give you a unique token.`

View-related (and other minor) changes to !5951 based on @rymai's review. - The `scopes_form` partial can be used in the `admin/applications` view as well - Don't allow partials to access instance variables directly. Instead, pass in the instance variables as local variables, and use `local_assigns.fetch` to assert that the variables are passed in as expected. - Change a few instances of `render :partial` to `render` - Remove an instance of `required: false` in a view, since this is the default - Inline many instances of a local variable (`ip = 'ip'`) in `auth_spec` 2016-12-04 23:19:51 -05:00			`= render "form", personal_access_token: @personal_access_token, scopes: @scopes`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00
			`%hr`

Fix minor issues with the personal access tokens implementation. - Use the `:personal_access_token` param root instead of `personal_access_token_params`, because we aren't using the `personal_access_token` param for authentication anymore (we're using `private_token` instead). - Use `build` to instantiate a `PersonalAccessToken` - Use better-formatted dates 2016-06-01 05:01:16 -04:00			`%h5 Active Personal Access Tokens (#{@active_personal_access_tokens.length})`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00
Improve performance of the personal access tokens page. 2016-04-20 04:50:24 -04:00			`- if @active_personal_access_tokens.present?`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`.table-responsive`
Implement @jschatz1's comments. - No hardcoded colors in any SCSS file except `variables.scss` - Don't allow choosing a date in the past - Use the same table as in the "Applications" tab - The button should say "Create Personal Access Token" - Float the revoke button to the right of the table cell - Change the revocation message to be more explicit. - Date shouldn't look selected on page load - Don't use a panel for the created token - Use a normal flash for "Your new personal access token has been created" - Show the input (with the token) below it full width. - Put the "Make sure you save it - you won't be able to access it again." message near the input - Have the created token's input highlight all on single click 2016-06-09 04:38:49 -04:00			`%table.table.active-personal-access-tokens`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`%thead`
			`%tr`
			`%th Name`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00			`%th Created`
			`%th Expires`
Allow creating personal access tokens / OAuth applications with scopes. 2016-11-22 03:57:31 -05:00			`%th Scopes`
Fix minor styling issues. - No "Actions" label necessary - `%td` can be moved out of `if/else` - Page header should be "Profile Settings", not "Personal Access Tokens" - "You don't have any tokens" message should be styled consistently 2016-06-02 23:37:37 -04:00			`%th`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`%tbody`
Improve performance of the personal access tokens page. 2016-04-20 04:50:24 -04:00			`- @active_personal_access_tokens.each do \|token\|`
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`%tr`
			`%td= token.name`
Fix minor issues with the personal access tokens implementation. - Use the `:personal_access_token` param root instead of `personal_access_token_params`, because we aren't using the `personal_access_token` param for authentication anymore (we're using `private_token` instead). - Use `build` to instantiate a `PersonalAccessToken` - Use better-formatted dates 2016-06-01 05:01:16 -04:00			`%td= token.created_at.to_date.to_s(:medium)`
Fix minor styling issues. - No "Actions" label necessary - `%td` can be moved out of `if/else` - Page header should be "Profile Settings", not "Personal Access Tokens" - "You don't have any tokens" message should be styled consistently 2016-06-02 23:37:37 -04:00			`%td`
			`- if token.expires_at.present?`
			`= token.expires_at.to_date.to_s(:medium)`
			`- else`
Allow expiration of personal access tokens. 2016-04-18 06:18:54 -04:00			`%span.personal-access-tokens-never-expires-label Never`
Allow creating personal access tokens / OAuth applications with scopes. 2016-11-22 03:57:31 -05:00			`%td= token.scopes.present? ? token.scopes.join(", ") : "<no scopes selected>"`
Implement @DouweM's feedback. - Extract a duplicated `redirect_to` - Fix a typo: "token", not "certificate" - Have the "Expires at" datepicker be attached to a text field, not inline - Have both private tokens and personal access tokens verified in a single "authenticate_from_private_token" method, both in the application and API. Move relevant logic to `User#find_by_personal_access_token` - Remove unnecessary constants relating to API auth. We don't need a separate constant for personal access tokens since the param is the same as for private tokens. 2016-06-15 22:54:13 -04:00			`%td= link_to "Revoke", revoke_profile_personal_access_token_path(token), method: :put, class: "btn btn-danger pull-right", data: { confirm: "Are you sure you want to revoke this token? This action cannot be undone." }`
Allow revoking personal access tokens. 2016-04-15 11:24:20 -04:00
Allow creating Personal Access Tokens through the website. 2016-04-15 03:36:44 -04:00			`- else`
Fix minor styling issues. - No "Actions" label necessary - `%td` can be moved out of `if/else` - Page header should be "Profile Settings", not "Personal Access Tokens" - "You don't have any tokens" message should be styled consistently 2016-06-02 23:37:37 -04:00			`.settings-message.text-center`
			`You don't have any active tokens yet.`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00
			`%hr`

Fix minor issues with the personal access tokens implementation. - Use the `:personal_access_token` param root instead of `personal_access_token_params`, because we aren't using the `personal_access_token` param for authentication anymore (we're using `private_token` instead). - Use `build` to instantiate a `PersonalAccessToken` - Use better-formatted dates 2016-06-01 05:01:16 -04:00			`%h5 Inactive Personal Access Tokens (#{@inactive_personal_access_tokens.length})`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00
Improve performance of the personal access tokens page. 2016-04-20 04:50:24 -04:00			`- if @inactive_personal_access_tokens.present?`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00			`.table-responsive`
Implement @jschatz1's comments. - No hardcoded colors in any SCSS file except `variables.scss` - Don't allow choosing a date in the past - Use the same table as in the "Applications" tab - The button should say "Create Personal Access Token" - Float the revoke button to the right of the table cell - Change the revocation message to be more explicit. - Date shouldn't look selected on page load - Don't use a panel for the created token - Use a normal flash for "Your new personal access token has been created" - Show the input (with the token) below it full width. - Put the "Make sure you save it - you won't be able to access it again." message near the input - Have the created token's input highlight all on single click 2016-06-09 04:38:49 -04:00			`%table.table.inactive-personal-access-tokens`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00			`%thead`
			`%tr`
			`%th Name`
			`%th Created`
			`%tbody`
Improve performance of the personal access tokens page. 2016-04-20 04:50:24 -04:00			`- @inactive_personal_access_tokens.each do \|token\|`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00			`%tr`
			`%td= token.name`
Fix minor issues with the personal access tokens implementation. - Use the `:personal_access_token` param root instead of `personal_access_token_params`, because we aren't using the `personal_access_token` param for authentication anymore (we're using `private_token` instead). - Use `build` to instantiate a `PersonalAccessToken` - Use better-formatted dates 2016-06-01 05:01:16 -04:00			`%td= token.created_at.to_date.to_s(:medium)`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00
			`- else`
Fix minor styling issues. - No "Actions" label necessary - `%td` can be moved out of `if/else` - Page header should be "Profile Settings", not "Personal Access Tokens" - "You don't have any tokens" message should be styled consistently 2016-06-02 23:37:37 -04:00			`.settings-message.text-center`
			`There are no inactive tokens.`
Add an "Inactive Personal Access Tokens" section. - Show the count for each section in parens - Remove the `revoked?` check, because everything in the active section is guaranteed to not be revoked. 2016-04-19 05:58:35 -04:00
Allow expiration of personal access tokens. 2016-04-18 06:18:54 -04:00
			`:javascript`
Removed jQuery UI datepicker Part of #18437 to remove jQuery UI. This removes the datepicker 2017-01-03 12:13:12 -05:00			`var $dateField = $('#personal_access_token_expires_at');`
			`var date = $dateField.val();`

			`new Pikaday({`
			`field: $dateField.get(0),`
Updated styles for Pikaday 2017-01-04 11:53:41 -05:00			`theme: 'gitlab-theme',`
Changed date check test 2017-01-30 08:56:04 -05:00			`format: 'YYYY-MM-DD',`
Removed jQuery UI datepicker Part of #18437 to remove jQuery UI. This removes the datepicker 2017-01-03 12:13:12 -05:00			`minDate: new Date(),`
			`onSelect: function(dateText) {`
			`$dateField.val(dateFormat(new Date(dateText), 'yyyy-mm-dd'));`
			`}`
Implement @jschatz1's comments. - No hardcoded colors in any SCSS file except `variables.scss` - Don't allow choosing a date in the past - Use the same table as in the "Applications" tab - The button should say "Create Personal Access Token" - Float the revoke button to the right of the table cell - Change the revocation message to be more explicit. - Date shouldn't look selected on page load - Don't use a panel for the created token - Use a normal flash for "Your new personal access token has been created" - Show the input (with the token) below it full width. - Put the "Make sure you save it - you won't be able to access it again." message near the input - Have the created token's input highlight all on single click 2016-06-09 04:38:49 -04:00			`});`

			`$("#created-personal-access-token").click(function() {`
			`this.select();`
			`});`
Implement second round of comments from @jschatz1. - Just use a link for the clipboard button. Having a non-clickable container (that looks like a button) is confusing. - Use `text-danger` for the "you won't be able to access it again" message. - Highlight the created token so people know to look there. 2016-06-09 23:19:05 -04:00
			`$("#created-personal-access-token").effect('highlight', { color: '#ffff99' }, 2000);`