Split the existing feature spec into both feature and controller specs.
Feature specs assert on browser DOM, and controller specs assert on database
state.
- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
single "authenticate_from_private_token" method, both in the
application and API. Move relevant logic to
`User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
separate constant for personal access tokens since the param is the
same as for private tokens.
- Just use a link for the clipboard button. Having a non-clickable
container (that looks like a button) is confusing.
- Use `text-danger` for the "you won't be able to access it again" message.
- Highlight the created token so people know to look there.
- No hardcoded colors in any SCSS file except `variables.scss`
- Don't allow choosing a date in the past
- Use the same table as in the "Applications" tab
- The button should say "Create Personal Access Token"
- Float the revoke button to the right of the table cell
- Change the revocation message to be more explicit.
- Date shouldn't look selected on page load
- Don't use a panel for the created token
- Use a normal flash for "Your new personal access token has been created"
- Show the input (with the token) below it full width.
- Put the "Make sure you save it - you won't be able to access it again." message near the input
- Have the created token's input highlight all on single click
- Use `TokenAuthenticatable` to generate the personal access token
- Remove a check for `authenticity_token` in application controller;
this should've been `authentication_token`, maybe, and doesn't make
any sense now.
- Have the datepicker appear inline