Commit d8d101a6 authored by Max Woolf's avatar Max Woolf Committed by Gabriel Mazetto

Move PAT API to CE

Moves PAT API endpoints from EE
Ultimate to CE for all users.
parent 4866577d
---
title: Move Personal Access Token API to Core
merge_request: 46145
author:
type: changed
......@@ -4,13 +4,14 @@ group: unassigned
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
# Personal access tokens API **(ULTIMATE)**
# Personal access tokens API
You can read more about [personal access tokens](../user/profile/personal_access_tokens.md#personal-access-tokens).
## List personal access tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227264) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227264) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/270200) to [GitLab Core](https://about.gitlab.com/pricing/) in 13.6.
Get a list of personal access tokens.
......
......@@ -136,7 +136,6 @@ class License < ApplicationRecord
insights
issuable_health_status
license_scanning
personal_access_token_api_management
personal_access_token_expiration_policy
enforce_pat_expiration
prometheus_alerts
......
......@@ -26,7 +26,6 @@ module EE
mount ::API::Ldap
mount ::API::LdapGroupLinks
mount ::API::License
mount ::API::PersonalAccessTokens
mount ::API::ProjectMirror
mount ::API::ProjectPushRule
mount ::API::GroupPushRule
......
......@@ -236,6 +236,7 @@ module API
mount ::API::ProjectTemplates
mount ::API::Terraform::State
mount ::API::Terraform::StateVersion
mount ::API::PersonalAccessTokens
mount ::API::ProtectedBranches
mount ::API::ProtectedTags
mount ::API::Releases
......
......@@ -37,11 +37,6 @@ module API
def find_token(id)
PersonalAccessToken.find(id) || not_found!
end
def authenticate!
unauthorized! unless ::License.feature_available?(:personal_access_token_api_management)
super
end
end
resources :personal_access_tokens do
......
......@@ -9,41 +9,23 @@ RSpec.describe API::PersonalAccessTokens do
let_it_be(:current_user) { create(:user) }
describe 'GET /personal_access_tokens' do
context 'when unlicensed' do
before do
stub_licensed_features(personal_access_token_api_management: false)
end
context 'logged in as an Administrator' do
let_it_be(:current_user) { create(:admin) }
it 'responds with unauthorized' do
it 'returns all PATs by default' do
get api(path, current_user)
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
context 'when licensed' do
before do
stub_licensed_features(personal_access_token_api_management: true)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response.count).to eq(PersonalAccessToken.all.count)
end
context 'logged in as an Administrator' do
let_it_be(:current_user) { create(:admin) }
it 'returns all PATs by default' do
get api(path, current_user)
context 'filtered with user_id parameter' do
it 'returns only PATs belonging to that user' do
get api(path, current_user), params: { user_id: token1.user.id }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response.count).to eq(PersonalAccessToken.all.count)
end
context 'filtered with user_id parameter' do
it 'returns only PATs belonging to that user' do
get api(path, current_user), params: { user_id: token1.user.id }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response.count).to eq(1)
expect(json_response.first['user_id']).to eq(token1.user.id)
end
expect(json_response.count).to eq(1)
expect(json_response.first['user_id']).to eq(token1.user.id)
end
end
......@@ -91,57 +73,39 @@ RSpec.describe API::PersonalAccessTokens do
describe 'DELETE /personal_access_tokens/:id' do
let(:path) { "/personal_access_tokens/#{token1.id}" }
context 'when unlicensed' do
before do
stub_licensed_features(personal_access_token_api_management: false)
end
it 'responds with unauthorized' do
delete api(path, current_user)
context 'when current_user is an administrator', :enable_admin_mode do
let_it_be(:admin_user) { create(:admin) }
let_it_be(:admin_token) { create(:personal_access_token, user: admin_user) }
let_it_be(:admin_path) { "/personal_access_tokens/#{admin_token.id}" }
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
it 'revokes a different users token' do
delete api(path, admin_user)
context 'when licensed' do
before do
stub_licensed_features(personal_access_token_api_management: true)
expect(response).to have_gitlab_http_status(:no_content)
expect(token1.reload.revoked?).to be true
end
context 'when current_user is an administrator', :enable_admin_mode do
let_it_be(:admin_user) { create(:admin) }
let_it_be(:admin_token) { create(:personal_access_token, user: admin_user) }
let_it_be(:admin_path) { "/personal_access_tokens/#{admin_token.id}" }
it 'revokes a different users token' do
delete api(path, admin_user)
expect(response).to have_gitlab_http_status(:no_content)
expect(token1.reload.revoked?).to be true
end
it 'revokes their own token' do
delete api(admin_path, admin_user)
it 'revokes their own token' do
delete api(admin_path, admin_user)
expect(response).to have_gitlab_http_status(:no_content)
end
expect(response).to have_gitlab_http_status(:no_content)
end
end
context 'when current_user is not an administrator' do
let_it_be(:user_token) { create(:personal_access_token, user: current_user) }
let_it_be(:user_token_path) { "/personal_access_tokens/#{user_token.id}" }
context 'when current_user is not an administrator' do
let_it_be(:user_token) { create(:personal_access_token, user: current_user) }
let_it_be(:user_token_path) { "/personal_access_tokens/#{user_token.id}" }
it 'fails revokes a different users token' do
delete api(path, current_user)
it 'fails revokes a different users token' do
delete api(path, current_user)
expect(response).to have_gitlab_http_status(:bad_request)
end
expect(response).to have_gitlab_http_status(:bad_request)
end
it 'revokes their own token' do
delete api(user_token_path, current_user)
it 'revokes their own token' do
delete api(user_token_path, current_user)
expect(response).to have_gitlab_http_status(:no_content)
end
expect(response).to have_gitlab_http_status(:no_content)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment