Commit graph

10 commits

Author SHA1 Message Date
Timothy Andrew
f14d423dc7 Add a controller spec for personal access tokens.
Split the existing feature spec into both feature and controller specs.
Feature specs assert on browser DOM, and controller specs assert on database
state.
2016-12-16 16:29:32 +05:30
Timothy Andrew
6c809dfae8 Allow creating personal access tokens / OAuth applications with scopes. 2016-12-16 15:08:10 +05:30
Timothy Andrew
7ee0898a9e Implement @DouweM's feedback.
- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
  single "authenticate_from_private_token" method, both in the
  application and API. Move relevant logic to
  `User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
  separate constant for personal access tokens since the param is the
  same as for private tokens.
2016-06-16 08:24:13 +05:30
Timothy Andrew
e18a08fd89 Implement second round of comments from @jschatz1.
- Just use a link for the clipboard button. Having a non-clickable
  container (that looks like a button) is confusing.
- Use `text-danger` for the "you won't be able to access it again" message.
- Highlight the created token so people know to look there.
2016-06-10 10:30:49 +05:30
Timothy Andrew
1f5ecf916e Implement @jschatz1's comments.
- No hardcoded colors in any SCSS file except `variables.scss`
- Don't allow choosing a date in the past
- Use the same table as in the "Applications" tab
- The button should say "Create Personal Access Token"
- Float the revoke button to the right of the table cell
- Change the revocation message to be more explicit.
- Date shouldn't look selected on page load
- Don't use a panel for the created token
    - Use a normal flash for "Your new personal access token has been created"
    - Show the input (with the token) below it full width.
    - Put the "Make sure you save it - you won't be able to access it again." message near the input
- Have the created token's input highlight all on single click
2016-06-09 14:08:49 +05:30
Timothy Andrew
3adf125a15 Add tests for errors while creating/revoking personal access tokens. 2016-06-03 10:00:03 +05:30
Timothy Andrew
a1295d8ebe Don't use natve['innerHTML'] in the feature spec.
- The `have_text` matcher works fine.
2016-06-03 08:58:15 +05:30
Timothy Andrew
4d50d8a6e3 Only show a personal access token right after its creation. 2016-06-02 11:06:38 +05:30
Timothy Andrew
bafbf22c6a Address @DouweM's feedback on !3749.
- Use `TokenAuthenticatable` to generate the personal access token
- Remove a check for `authenticity_token` in application controller;
  this should've been `authentication_token`, maybe, and doesn't make
  any sense now.
- Have the datepicker appear inline
2016-04-28 22:28:36 +05:30
Timothy Andrew
25aefde62b Add feature specs for personal access token management. 2016-04-28 22:28:36 +05:30