This is the first commit doing mainly 3 things:
1. create a new scope and allow users to use it
2. Have the JWTController respond correctly on this
3. Updates documentation to suggest usage of PATs
There is one gotcha, there will be no support for impersonation tokens, as this
seems not needed.
Fixesgitlab-org/gitlab-ce#19219
- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
single "authenticate_from_private_token" method, both in the
application and API. Move relevant logic to
`User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
separate constant for personal access tokens since the param is the
same as for private tokens.
- No hardcoded colors in any SCSS file except `variables.scss`
- Don't allow choosing a date in the past
- Use the same table as in the "Applications" tab
- The button should say "Create Personal Access Token"
- Float the revoke button to the right of the table cell
- Change the revocation message to be more explicit.
- Date shouldn't look selected on page load
- Don't use a panel for the created token
- Use a normal flash for "Your new personal access token has been created"
- Show the input (with the token) below it full width.
- Put the "Make sure you save it - you won't be able to access it again." message near the input
- Have the created token's input highlight all on single click
- Use the `:personal_access_token` param root instead of
`personal_access_token_params`, because we aren't using the
`personal_access_token` param for authentication anymore (we're using
`private_token` instead).
- Use `build` to instantiate a `PersonalAccessToken`
- Use better-formatted dates
