debian-mirror-gitlab/app/controllers/profiles/personal_access_tokens_controller.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

93 lines
2.7 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2016-06-22 15:30:34 +05:30
class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
2021-01-03 14:25:43 +05:30
feature_category :authentication_and_authorization
2022-11-25 23:54:43 +05:30
before_action :check_personal_access_tokens_enabled
2016-06-22 15:30:34 +05:30
def index
2017-08-17 22:00:37 +05:30
set_index_vars
2021-09-30 23:02:18 +05:30
scopes = params[:scopes].split(',').map(&:squish).select(&:present?).map(&:to_sym) unless params[:scopes].nil?
@personal_access_token = finder.build(
name: params[:name],
scopes: scopes
)
2022-08-13 15:12:31 +05:30
respond_to do |format|
format.html
format.json do
render json: @active_personal_access_tokens
end
end
2016-06-22 15:30:34 +05:30
end
def create
2021-01-29 00:20:46 +05:30
result = ::PersonalAccessTokens::CreateService.new(
current_user: current_user, target_user: current_user, params: personal_access_token_params
).execute
2016-06-22 15:30:34 +05:30
2021-01-29 00:20:46 +05:30
@personal_access_token = result.payload[:personal_access_token]
if result.success?
2022-07-23 23:45:48 +05:30
render json: { new_token: @personal_access_token.token,
active_access_tokens: active_personal_access_tokens }, status: :ok
2016-06-22 15:30:34 +05:30
else
2022-07-23 23:45:48 +05:30
render json: { errors: result.errors }, status: :unprocessable_entity
2016-06-22 15:30:34 +05:30
end
end
def revoke
2017-08-17 22:00:37 +05:30
@personal_access_token = finder.find(params[:id])
2020-10-24 23:57:45 +05:30
service = PersonalAccessTokens::RevokeService.new(current_user, token: @personal_access_token).execute
service.success? ? flash[:notice] = service.message : flash[:alert] = service.message
2016-06-22 15:30:34 +05:30
redirect_to profile_personal_access_tokens_path
end
private
2017-08-17 22:00:37 +05:30
def finder(options = {})
PersonalAccessTokensFinder.new({ user: current_user, impersonation: false }.merge(options))
end
2016-06-22 15:30:34 +05:30
def personal_access_token_params
2017-08-17 22:00:37 +05:30
params.require(:personal_access_token).permit(:name, :expires_at, scopes: [])
2016-06-22 15:30:34 +05:30
end
2017-08-17 22:00:37 +05:30
def set_index_vars
2019-07-31 22:56:46 +05:30
@scopes = Gitlab::Auth.available_scopes_for(current_user)
2020-07-28 23:09:34 +05:30
@active_personal_access_tokens = active_personal_access_tokens
2016-06-22 15:30:34 +05:30
end
2020-07-28 23:09:34 +05:30
def active_personal_access_tokens
2022-08-27 11:52:29 +05:30
tokens = finder(state: 'active', sort: 'expires_at_asc_id_desc').execute
2022-08-13 15:12:31 +05:30
if Feature.enabled?('access_token_pagination')
tokens = tokens.page(page)
add_pagination_headers(tokens)
end
2022-10-11 01:57:18 +05:30
::PersonalAccessTokenSerializer.new.represent(tokens)
2020-07-28 23:09:34 +05:30
end
2022-08-13 15:12:31 +05:30
def add_pagination_headers(relation)
Gitlab::Pagination::OffsetHeaderBuilder.new(
request_context: self,
per_page: relation.limit_value,
page: relation.current_page,
next_page: relation.next_page,
prev_page: relation.prev_page,
total: relation.total_count,
params: params.permit(:page)
).execute
end
def page
(params[:page] || 1).to_i
end
2022-11-25 23:54:43 +05:30
def check_personal_access_tokens_enabled
render_404 if Gitlab::CurrentSettings.personal_access_tokens_disabled?
end
2016-06-22 15:30:34 +05:30
end