Commit cf4dc920 authored by Dennis Tang's avatar Dennis Tang Committed by Max Woolf

Resolve "Clarify call to action for expired active tokens" [RUN AS-IF-FOSS]

parent 61820f46
# frozen_string_literal: true
module PersonalAccessTokensHelper
def personal_access_token_expiration_enforced?
false
end
end
- no_active_tokens_message = local_assigns.fetch(:no_active_tokens_message, _('This user has no active %{type}.') % { type: type_plural })
- impersonation = local_assigns.fetch(:impersonation, false)
- project = local_assigns.fetch(:project, false)
- personal = !impersonation && !project
%hr
%h5
= _('Active %{type} (%{token_length})') % { type: type_plural, token_length: active_tokens.length }
- if personal && !personal_access_token_expiration_enforced?
%p.profile-settings-content
= _("Personal access tokens are not revoked upon expiration.")
- if impersonation
%p.profile-settings-content
= _("To see all the user's personal access tokens you must impersonate them first.")
......@@ -16,6 +20,7 @@
%thead
%tr
%th= _('Token name')
%th= _('Scopes')
%th= s_('AccessTokens|Created')
%th
= _('Last Used')
......@@ -23,12 +28,12 @@
%th= _('Expires')
- if project
%th= _('Role')
%th= _('Scopes')
%th
%tbody
- active_tokens.each do |token|
%tr
%td= token.name
%td= token.scopes.present? ? token.scopes.join(', ') : _('no scopes selected')
%td= token.created_at.to_date.to_s(:medium)
%td
- if token.last_used_at?
......@@ -47,8 +52,7 @@
%span.token-never-expires-label= _('Never')
- if project
%td= project.project_member(token.user).human_access
%td= token.scopes.present? ? token.scopes.join(', ') : _('no scopes selected')
%td= link_to _('Revoke'), revoke_route_helper.call(token), method: :put, class: 'gl-button btn btn-danger btn-sm float-right qa-revoke-button', data: { confirm: _('Are you sure you want to revoke this %{type}? This action cannot be undone.') % { type: type } }
%td= link_to _('Revoke'), revoke_route_helper.call(token), method: :put, class: "gl-button btn btn-danger btn-sm float-right qa-revoke-button #{'btn-danger-secondary' unless token.expires?}", data: { confirm: _('Are you sure you want to revoke this %{type}? This action cannot be undone.') % { type: type } }
- else
.settings-message.text-center
= no_active_tokens_message
# frozen_string_literal: true
module EE
module PersonalAccessTokensHelper
extend ::Gitlab::Utils::Override
include ::Gitlab::Utils::StrongMemoize
def personal_access_token_expiration_policy_enabled?
return group_level_personal_access_token_expiration_policy_enabled? if current_user.group_managed_account?
instance_level_personal_access_token_expiration_policy_enabled?
end
def personal_access_token_max_expiry_date
return group_level_personal_access_token_max_expiry_date if current_user.group_managed_account?
instance_level_personal_access_token_max_expiry_date
end
def personal_access_token_expiration_policy_licensed?
::License.feature_available?(:personal_access_token_expiration_policy)
end
override :personal_access_token_expiration_enforced?
def personal_access_token_expiration_enforced?
::PersonalAccessToken.expiration_enforced?
end
def enforce_pat_expiration_feature_available?
::PersonalAccessToken.enforce_pat_expiration_feature_available?
end
def token_expiry_banner_message(user)
verifier = ::PersonalAccessTokens::RotationVerifierService.new(user)
return _('At least one of your Personal Access Tokens is expired, but expiration enforcement is disabled. %{generate_new}') if verifier.expired?
return _('At least one of your Personal Access Tokens will expire soon, but expiration enforcement is disabled. %{generate_new}') if verifier.expiring_soon?
end
private
def instance_level_personal_access_token_expiration_policy_enabled?
instance_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
end
def instance_level_personal_access_token_max_expiry_date
::Gitlab::CurrentSettings.max_personal_access_token_lifetime_from_now
end
def group_level_personal_access_token_expiration_policy_enabled?
group_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
end
def group_level_personal_access_token_max_expiry_date
current_user.managing_group.max_personal_access_token_lifetime_from_now
end
end
end
# frozen_string_literal: true
module PersonalAccessTokensHelper
include Gitlab::Utils::StrongMemoize
def personal_access_token_expiration_policy_enabled?
return group_level_personal_access_token_expiration_policy_enabled? if current_user.group_managed_account?
instance_level_personal_access_token_expiration_policy_enabled?
end
def personal_access_token_max_expiry_date
return group_level_personal_access_token_max_expiry_date if current_user.group_managed_account?
instance_level_personal_access_token_max_expiry_date
end
def personal_access_token_expiration_policy_licensed?
License.feature_available?(:personal_access_token_expiration_policy)
end
def enforce_pat_expiration_feature_available?
PersonalAccessToken.enforce_pat_expiration_feature_available?
end
def token_expiry_banner_message(user)
verifier = PersonalAccessTokens::RotationVerifierService.new(user)
return _('At least one of your Personal Access Tokens is expired, but expiration enforcement is disabled. %{generate_new}') if verifier.expired?
return _('At least one of your Personal Access Tokens will expire soon, but expiration enforcement is disabled. %{generate_new}') if verifier.expiring_soon?
end
private
def instance_level_personal_access_token_expiration_policy_enabled?
instance_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
end
def instance_level_personal_access_token_max_expiry_date
::Gitlab::CurrentSettings.max_personal_access_token_lifetime_from_now
end
def group_level_personal_access_token_expiration_policy_enabled?
group_level_personal_access_token_max_expiry_date && personal_access_token_expiration_policy_licensed?
end
def group_level_personal_access_token_max_expiry_date
current_user.managing_group.max_personal_access_token_lifetime_from_now
end
end
......@@ -2,7 +2,7 @@
require 'spec_helper'
RSpec.describe PersonalAccessTokensHelper do
RSpec.describe EE::PersonalAccessTokensHelper do
let(:group) do
build(:group, max_personal_access_token_lifetime: group_level_max_personal_access_token_lifetime)
end
......@@ -178,4 +178,12 @@ RSpec.describe PersonalAccessTokensHelper do
it { is_expected.to eq('At least one of your Personal Access Tokens will expire soon, but expiration enforcement is disabled. %{generate_new}') }
end
end
describe '#personal_access_token_expiration_enforced' do
it 'calls the class method expiration_enforced?' do
expect(::PersonalAccessToken).to receive(:expiration_enforced?)
helper.personal_access_token_expiration_enforced?
end
end
end
......@@ -23860,6 +23860,9 @@ msgstr ""
msgid "Personal Access Token prefix"
msgstr ""
msgid "Personal access tokens are not revoked upon expiration."
msgstr ""
msgid "Personal project creation is not allowed. Please contact your administrator with questions"
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment