gitlab-org--gitlab-foss/app/models/personal_access_token.rb

class PersonalAccessToken < ActiveRecord::Base
  include TokenAuthenticatable
  add_authentication_token_field :token

  serialize :scopes, Array

  belongs_to :user

  scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }
  scope :inactive, -> { where("revoked = true OR expires_at < NOW()") }

  validate :validate_scopes

  def self.generate(params)
    personal_access_token = self.new(params)
    personal_access_token.ensure_token
    personal_access_token
  end

  def revoke!
    self.revoked = true
    self.save
  end

  protected

  def validate_scopes
    unless Set.new(scopes.map(&:to_sym)).subset?(Set.new(Gitlab::Auth::API_SCOPES))
      errors.add :scopes, "can only contain API scopes"
    end
  end
end
Allow creating Personal Access Tokens through the website. 2016-04-15 07:36:44 +00:00			`class PersonalAccessToken < ActiveRecord::Base`
Address @DouweM's feedback on !3749. - Use `TokenAuthenticatable` to generate the personal access token - Remove a check for `authenticity_token` in application controller; this should've been `authentication_token`, maybe, and doesn't make any sense now. - Have the datepicker appear inline 2016-04-25 09:00:59 +00:00			`include TokenAuthenticatable`
			`add_authentication_token_field :token`

Add a `scopes` column to the `personal_access_tokens` table 2016-11-22 08:53:53 +00:00			`serialize :scopes, Array`

Allow creating Personal Access Tokens through the website. 2016-04-15 07:36:44 +00:00			`belongs_to :user`

Make fixes based on @vsizov's comments on MR !3749 2016-04-22 08:33:11 +00:00			`scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }`
			`scope :inactive, -> { where("revoked = true OR expires_at < NOW()") }`
Allow revoking personal access tokens. 2016-04-15 15:24:20 +00:00
Only use API scopes for personal access tokens 2017-01-31 10:21:29 +00:00			`validate :validate_scopes`

Allow creating Personal Access Tokens through the website. 2016-04-15 07:36:44 +00:00			`def self.generate(params)`
			`personal_access_token = self.new(params)`
Address @DouweM's feedback on !3749. - Use `TokenAuthenticatable` to generate the personal access token - Remove a check for `authenticity_token` in application controller; this should've been `authentication_token`, maybe, and doesn't make any sense now. - Have the datepicker appear inline 2016-04-25 09:00:59 +00:00			`personal_access_token.ensure_token`
Allow creating Personal Access Tokens through the website. 2016-04-15 07:36:44 +00:00			`personal_access_token`
			`end`
Allow revoking personal access tokens. 2016-04-15 15:24:20 +00:00
			`def revoke!`
			`self.revoked = true`
			`self.save`
			`end`
Only use API scopes for personal access tokens 2017-01-31 10:21:29 +00:00
			`protected`

			`def validate_scopes`
			`unless Set.new(scopes.map(&:to_sym)).subset?(Set.new(Gitlab::Auth::API_SCOPES))`
			`errors.add :scopes, "can only contain API scopes"`
			`end`
			`end`
Allow creating Personal Access Tokens through the website. 2016-04-15 07:36:44 +00:00			`end`