Address @DouweM's feedback on !3749.

- Use `TokenAuthenticatable` to generate the personal access token
- Remove a check for `authenticity_token` in application controller;
  this should've been `authentication_token`, maybe, and doesn't make
  any sense now.
- Have the datepicker appear inline
This commit is contained in:
Timothy Andrew 2016-04-25 14:30:59 +05:30
parent fe5eca8b38
commit bafbf22c6a
6 changed files with 35 additions and 29 deletions

View file

@ -67,7 +67,7 @@ class ApplicationController < ActionController::Base
# From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
# https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
def authenticate_user_from_private_token!
user_token = params[:authenticity_token].presence || params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
user_token = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
user = user_token && User.find_by_authentication_token(user_token.to_s)
if user

View file

@ -1,4 +1,7 @@
class PersonalAccessToken < ActiveRecord::Base
include TokenAuthenticatable
add_authentication_token_field :token
belongs_to :user
scope :active, -> { where(revoked: false).where("expires_at >= NOW() OR expires_at IS NULL") }
@ -6,7 +9,7 @@ class PersonalAccessToken < ActiveRecord::Base
def self.generate(params)
personal_access_token = self.new(params)
personal_access_token.token = Devise.friendly_token(50)
personal_access_token.ensure_token
personal_access_token
end

View file

@ -21,7 +21,8 @@
.form-group
= f.label :expires_at, class: 'label-light'
= f.text_field :expires_at, class: "form-control datepicker", required: false
= f.hidden_field :expires_at, class: "form-control", required: false
.datepicker
.prepend-top-default
= f.submit 'Add Personal Access Token', class: "btn btn-create"
@ -90,16 +91,5 @@
:javascript
$(".datepicker").datepicker({
dateFormat: "yy-mm-dd",
beforeShow: function() {
////////////////////////////////////////////////////////////////
// 1. Need the setTimeout because the datepicker doesn't have //
// an `afterShow` callback. //
// 2. Need to set the z-index like this because we don't want //
// to target datepickers outside the current page, which //
// will happen if we set this in CSS directly. //
////////////////////////////////////////////////////////////////
setTimeout(function(){
$('.ui-datepicker').css('z-index', 3);
}, 0);
}
});
onSelect: function(dateText, inst) { $("#personal_access_token_params_expires_at").val(dateText) }
}).datepicker("setDate", $.datepicker.parseDate('yy-mm-dd', $('#personal_access_token_params_expires_at').val()));

View file

@ -40,12 +40,6 @@ describe ApplicationController do
let(:user) { create(:user) }
it "logs the user in when the 'authenticity_token' param is populated with the private token" do
get :index, authenticity_token: user.private_token
expect(response.status).to eq(200)
expect(response.body).to eq("authenticated")
end
it "logs the user in when the 'private_token' param is populated with the private token" do
get :index, private_token: user.private_token
expect(response.status).to eq(200)

View file

@ -1,6 +1,6 @@
require 'spec_helper'
describe 'Profile > Personal Access Tokens', feature: true do
describe 'Profile > Personal Access Tokens', feature: true, js: true do
let(:user) { create(:user) }
before do
@ -13,18 +13,22 @@ describe 'Profile > Personal Access Tokens', feature: true do
fill_in "Name", with: FFaker::Product.brand
expect {click_on "Add Personal Access Token"}.to change { PersonalAccessToken.count }.by(1)
active_personal_access_tokens = find(".table.active-personal-access-tokens").native.inner_html
active_personal_access_tokens = find(".table.active-personal-access-tokens").native['innerHTML']
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.name)
expect(active_personal_access_tokens).to match("Never")
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.token)
fill_in "Name", with: FFaker::Product.brand
fill_in "Expires at", with: 5.days.from_now
# Set date to 1st of next month
find("a[title='Next']").click
click_on "1"
expect {click_on "Add Personal Access Token"}.to change { PersonalAccessToken.count }.by(1)
active_personal_access_tokens = find(".table.active-personal-access-tokens").native.inner_html
active_personal_access_tokens = find(".table.active-personal-access-tokens").native['innerHTML']
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.name)
expect(active_personal_access_tokens).to match(5.days.from_now.to_date.to_s)
expect(active_personal_access_tokens).to match(Date.today.next_month.at_beginning_of_month.to_s)
expect(active_personal_access_tokens).to match(PersonalAccessToken.last.token)
end
end
@ -35,7 +39,7 @@ describe 'Profile > Personal Access Tokens', feature: true do
visit profile_personal_access_tokens_path
click_on "Revoke"
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native.inner_html
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native['innerHTML']
expect(inactive_personal_access_tokens).to match(personal_access_token.name)
expect(inactive_personal_access_tokens).to match(personal_access_token.token)
end
@ -44,7 +48,7 @@ describe 'Profile > Personal Access Tokens', feature: true do
personal_access_token = create(:personal_access_token, expires_at: 5.days.ago, user: user)
visit profile_personal_access_tokens_path
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native.inner_html
inactive_personal_access_tokens = find(".table.inactive-personal-access-tokens").native['innerHTML']
expect(inactive_personal_access_tokens).to match(personal_access_token.name)
expect(inactive_personal_access_tokens).to match(personal_access_token.token)
end

View file

@ -0,0 +1,15 @@
require 'spec_helper'
describe PersonalAccessToken, models: true do
describe ".generate" do
it "generates a random token" do
personal_access_token = PersonalAccessToken.generate({})
expect(personal_access_token.token).to be_present
end
it "doesn't save the record" do
personal_access_token = PersonalAccessToken.generate({})
expect(personal_access_token).to_not be_persisted
end
end
end