Address @DouweM's feedback on !3749.
- Use `TokenAuthenticatable` to generate the personal access token - Remove a check for `authenticity_token` in application controller; this should've been `authentication_token`, maybe, and doesn't make any sense now. - Have the datepicker appear inline
This commit is contained in:
parent
fe5eca8b38
commit
bafbf22c6a
|
@ -67,7 +67,7 @@ class ApplicationController < ActionController::Base
|
||||||
# From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
|
# From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
|
||||||
# https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
|
# https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
|
||||||
def authenticate_user_from_private_token!
|
def authenticate_user_from_private_token!
|
||||||
user_token = params[:authenticity_token].presence || params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
|
user_token = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
|
||||||
user = user_token && User.find_by_authentication_token(user_token.to_s)
|
user = user_token && User.find_by_authentication_token(user_token.to_s)
|
||||||
|
|
||||||
if user
|
if user
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
class PersonalAccessToken < ActiveRecord::Base
|
class PersonalAccessToken < ActiveRecord::Base
|
||||||
|
include TokenAuthenticatable
|
||||||
|
add_authentication_token_field :token
|
||||||
|
|
||||||
belongs_to :user
|
belongs_to :user
|
||||||
|
|
||||||
scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }
|
scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }
|
||||||
|
@ -6,7 +9,7 @@ class PersonalAccessToken < ActiveRecord::Base
|
||||||
|
|
||||||
def self.generate(params)
|
def self.generate(params)
|
||||||
personal_access_token = self.new(params)
|
personal_access_token = self.new(params)
|
||||||
personal_access_token.token = Devise.friendly_token(50)
|
personal_access_token.ensure_token
|
||||||
personal_access_token
|
personal_access_token
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,8 @@
|
||||||
|
|
||||||
.form-group
|
.form-group
|
||||||
= f.label :expires_at, class: 'label-light'
|
= f.label :expires_at, class: 'label-light'
|
||||||
= f.text_field :expires_at, class: "form-control datepicker", required: false
|
= f.hidden_field :expires_at, class: "form-control", required: false
|
||||||
|
.datepicker
|
||||||
|
|
||||||
.prepend-top-default
|
.prepend-top-default
|
||||||
= f.submit 'Add Personal Access Token', class: "btn btn-create"
|
= f.submit 'Add Personal Access Token', class: "btn btn-create"
|
||||||
|
@ -90,16 +91,5 @@
|
||||||
:javascript
|
:javascript
|
||||||
$(".datepicker").datepicker({
|
$(".datepicker").datepicker({
|
||||||
dateFormat: "yy-mm-dd",
|
dateFormat: "yy-mm-dd",
|
||||||
beforeShow: function() {
|
onSelect: function(dateText, inst) { $("#personal_access_token_params_expires_at").val(dateText) }
|
||||||
////////////////////////////////////////////////////////////////
|
}).datepicker("setDate", $.datepicker.parseDate('yy-mm-dd', $('#personal_access_token_params_expires_at').val()));
|
||||||
// 1. Need the setTimeout because the datepicker doesn't have //
|
|
||||||
// an `afterShow` callback. //
|
|
||||||
// 2. Need to set the z-index like this because we don't want //
|
|
||||||
// to target datepickers outside the current page, which //
|
|
||||||
// will happen if we set this in CSS directly. //
|
|
||||||
////////////////////////////////////////////////////////////////
|
|
||||||
setTimeout(function(){
|
|
||||||
$('.ui-datepicker').css('z-index', 3);
|
|
||||||
}, 0);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
|
@ -40,12 +40,6 @@ describe ApplicationController do
|
||||||
|
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
it "logs the user in when the 'authenticity_token' param is populated with the private token" do
|
|
||||||
get :index, authenticity_token: user.private_token
|
|
||||||
expect(response.status).to eq(200)
|
|
||||||
expect(response.body).to eq("authenticated")
|
|
||||||
end
|
|
||||||
|
|
||||||
it "logs the user in when the 'private_token' param is populated with the private token" do
|
it "logs the user in when the 'private_token' param is populated with the private token" do
|
||||||
get :index, private_token: user.private_token
|
get :index, private_token: user.private_token
|
||||||
expect(response.status).to eq(200)
|
expect(response.status).to eq(200)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
require 'spec_helper'
|
require 'spec_helper'
|
||||||
|
|
||||||
describe 'Profile > Personal Access Tokens', feature: true do
|
describe 'Profile > Personal Access Tokens', feature: true, js: true do
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
|
@ -13,18 +13,22 @@ describe 'Profile > Personal Access Tokens', feature: true do
|
||||||
fill_in "Name", with: FFaker::Product.brand
|
fill_in "Name", with: FFaker::Product.brand
|
||||||
expect {click_on "Add Personal Access Token"}.to change { PersonalAccessToken.count }.by(1)
|
expect {click_on "Add Personal Access Token"}.to change { PersonalAccessToken.count }.by(1)
|
||||||
|
|
||||||
active_personal_access_tokens = find(".table.active-personal-access-tokens").native.inner_html
|
active_personal_access_tokens = find(".table.active-personal-access-tokens").native['innerHTML']
|
||||||
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.name)
|
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.name)
|
||||||
expect(active_personal_access_tokens).to match("Never")
|
expect(active_personal_access_tokens).to match("Never")
|
||||||
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.token)
|
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.token)
|
||||||
|
|
||||||
fill_in "Name", with: FFaker::Product.brand
|
fill_in "Name", with: FFaker::Product.brand
|
||||||
fill_in "Expires at", with: 5.days.from_now
|
|
||||||
|
# Set date to 1st of next month
|
||||||
|
find("a[title='Next']").click
|
||||||
|
click_on "1"
|
||||||
|
|
||||||
expect {click_on "Add Personal Access Token"}.to change { PersonalAccessToken.count }.by(1)
|
expect {click_on "Add Personal Access Token"}.to change { PersonalAccessToken.count }.by(1)
|
||||||
|
|
||||||
active_personal_access_tokens = find(".table.active-personal-access-tokens").native.inner_html
|
active_personal_access_tokens = find(".table.active-personal-access-tokens").native['innerHTML']
|
||||||
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.name)
|
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.name)
|
||||||
expect(active_personal_access_tokens).to match(5.days.from_now.to_date.to_s)
|
expect(active_personal_access_tokens).to match(Date.today.next_month.at_beginning_of_month.to_s)
|
||||||
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.token)
|
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.token)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -35,7 +39,7 @@ describe 'Profile > Personal Access Tokens', feature: true do
|
||||||
visit profile_personal_access_tokens_path
|
visit profile_personal_access_tokens_path
|
||||||
click_on "Revoke"
|
click_on "Revoke"
|
||||||
|
|
||||||
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native.inner_html
|
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native['innerHTML']
|
||||||
expect(inactive_personal_access_tokens).to match(personal_access_token.name)
|
expect(inactive_personal_access_tokens).to match(personal_access_token.name)
|
||||||
expect(inactive_personal_access_tokens).to match(personal_access_token.token)
|
expect(inactive_personal_access_tokens).to match(personal_access_token.token)
|
||||||
end
|
end
|
||||||
|
@ -44,7 +48,7 @@ describe 'Profile > Personal Access Tokens', feature: true do
|
||||||
personal_access_token = create(:personal_access_token, expires_at: 5.days.ago, user: user)
|
personal_access_token = create(:personal_access_token, expires_at: 5.days.ago, user: user)
|
||||||
visit profile_personal_access_tokens_path
|
visit profile_personal_access_tokens_path
|
||||||
|
|
||||||
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native.inner_html
|
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native['innerHTML']
|
||||||
expect(inactive_personal_access_tokens).to match(personal_access_token.name)
|
expect(inactive_personal_access_tokens).to match(personal_access_token.name)
|
||||||
expect(inactive_personal_access_tokens).to match(personal_access_token.token)
|
expect(inactive_personal_access_tokens).to match(personal_access_token.token)
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe PersonalAccessToken, models: true do
|
||||||
|
describe ".generate" do
|
||||||
|
it "generates a random token" do
|
||||||
|
personal_access_token = PersonalAccessToken.generate({})
|
||||||
|
expect(personal_access_token.token).to be_present
|
||||||
|
end
|
||||||
|
|
||||||
|
it "doesn't save the record" do
|
||||||
|
personal_access_token = PersonalAccessToken.generate({})
|
||||||
|
expect(personal_access_token).to_not be_persisted
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue