Commit 6d76f14f authored by Timothy Andrew's avatar Timothy Andrew

Allow revoking personal access tokens.

parent e2a4051c
...@@ -205,3 +205,6 @@ ...@@ -205,3 +205,6 @@
text-align: center; text-align: center;
} }
} }
.personal-access-tokens-revoked-label {
color: #bbb;
}
\ No newline at end of file
class Profiles::PersonalAccessTokensController < ApplicationController class Profiles::PersonalAccessTokensController < ApplicationController
def index def index
@user = current_user @user = current_user
@personal_access_token = current_user.personal_access_tokens.new
# Prefer this to `@user.personal_access_tokens.new`, because it
# litters the view's call to `@user.personal_access_tokens` with
# this stub personal access token.
@personal_access_token = PersonalAccessToken.new(user: @user)
end end
def create def create
...@@ -14,6 +18,16 @@ class Profiles::PersonalAccessTokensController < ApplicationController ...@@ -14,6 +18,16 @@ class Profiles::PersonalAccessTokensController < ApplicationController
end end
end end
def revoke
@personal_access_token = current_user.personal_access_tokens.find(params[:id])
if @personal_access_token.revoke!
redirect_to profile_personal_access_tokens_path, notice: "Revoked personal access token #{@personal_access_token.name}!"
else
render :index
end
end
private private
def personal_access_token_params def personal_access_token_params
......
class PersonalAccessToken < ActiveRecord::Base class PersonalAccessToken < ActiveRecord::Base
belongs_to :user belongs_to :user
scope :active, -> { where.not(revoked: true) }
def self.generate(params) def self.generate(params)
personal_access_token = self.new(params) personal_access_token = self.new(params)
personal_access_token.token = Devise.friendly_token(50) personal_access_token.token = Devise.friendly_token(50)
personal_access_token personal_access_token
end end
def revoke!
self.revoked = true
self.save
end
end end
...@@ -34,11 +34,18 @@ ...@@ -34,11 +34,18 @@
%th Name %th Name
%th Token %th Token
%th Created At %th Created At
%th Actions
%tbody %tbody
- @user.personal_access_tokens.each do |token| - @user.personal_access_tokens.order(:revoked).each do |token|
%tr %tr
%td= token.name %td= token.name
%td= token.token %td= token.token
%td= token.created_at %td= token.created_at
- if token.revoked?
%td
%span.personal-access-tokens-revoked-label Revoked
- else
%td= link_to "Revoke", revoke_profile_personal_access_token_path(token), method: :put, class: "btn btn-danger", data: {confirm: t('profile.personal_access_tokens.revoke.confirmation')}
- else - else
%span You don't have any tokens yet. %span You don't have any tokens yet.
\ No newline at end of file
...@@ -12,3 +12,7 @@ en: ...@@ -12,3 +12,7 @@ en:
pagination: pagination:
previous: "Prev" previous: "Prev"
next: "Next" next: "Next"
profile:
personal_access_tokens:
revoke:
confirmation: "Are you sure? This cannot be undone."
...@@ -333,7 +333,11 @@ Rails.application.routes.draw do ...@@ -333,7 +333,11 @@ Rails.application.routes.draw do
resources :keys resources :keys
resources :emails, only: [:index, :create, :destroy] resources :emails, only: [:index, :create, :destroy]
resource :avatar, only: [:destroy] resource :avatar, only: [:destroy]
resources :personal_access_tokens, only: [:index, :create] resources :personal_access_tokens, only: [:index, :create] do
member do
put :revoke
end
end
resource :two_factor_auth, only: [:new, :create, :destroy] do resource :two_factor_auth, only: [:new, :create, :destroy] do
member do member do
post :codes post :codes
......
class AddColumnRevokedToPersonalAccessTokens < ActiveRecord::Migration
def change
add_column :personal_access_tokens, :revoked, :boolean, default: false
end
end
...@@ -15,7 +15,7 @@ module API ...@@ -15,7 +15,7 @@ module API
def find_user_by_personal_access_token def find_user_by_personal_access_token
personal_access_token_string = (params[PERSONAL_ACCESS_TOKEN_PARAM] || env[PERSONAL_ACCESS_TOKEN_HEADER]).to_s personal_access_token_string = (params[PERSONAL_ACCESS_TOKEN_PARAM] || env[PERSONAL_ACCESS_TOKEN_HEADER]).to_s
personal_access_token = PersonalAccessToken.find_by_token(personal_access_token_string) personal_access_token = PersonalAccessToken.active.find_by_token(personal_access_token_string)
personal_access_token.user if personal_access_token personal_access_token.user if personal_access_token
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment