Merge branch '334664-allow-linking-to-prefilled-pat-page' into 'master'

Allow passing PAT name and scopes via the URL

See merge request gitlab-org/gitlab!64897

app/controllers/profiles/personal_access_tokens_controller.rb

@@ -9,7 +9,11 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
 
   def index
     set_index_vars
-    @personal_access_token = finder.build
+    scopes = params[:scopes].split(',').map(&:squish).select(&:present?).map(&:to_sym) unless params[:scopes].nil?
+    @personal_access_token = finder.build(
+      name: params[:name],
+      scopes: scopes
+    )
   end
 
   def create

doc/user/profile/personal_access_tokens.md

@@ -11,6 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - [Notifications for expiring tokens](https://gitlab.com/gitlab-org/gitlab/-/issues/3649) added in GitLab 12.6.
 > - [Token lifetime limits](https://gitlab.com/gitlab-org/gitlab/-/issues/3649) added in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
 > - [Additional notifications for expiring tokens](https://gitlab.com/gitlab-org/gitlab/-/issues/214721) added in GitLab 13.3.
+> - [Prefill token name and scopes](https://gitlab.com/gitlab-org/gitlab/-/issues/334664) added in GitLab 14.1.
 
 If you're unable to use [OAuth2](../../api/oauth2.md), you can use a personal access token to authenticate with the [GitLab API](../../api/index.md#personalproject-access-tokens). You can also use a personal access token with Git to authenticate over HTTP.
 
@@ -37,6 +38,16 @@ You can create as many personal access tokens as you like.
 Save the personal access token somewhere safe. After you leave the page,
 you no longer have access to the token.
 
+### Prefill personal access token name and scopes
+
+You can link directly to the Personal Access Token page and have the form prefilled with a name and
+list of scopes. To do this, you can append a `name` parameter and a list of comma-separated scopes
+to the URL. For example:
+
+```plaintext
+https://gitlab.example.com/-/profile/personal_access_tokens?name=Example+Access+token&scopes=api,read_user,read_registry
+```
+
 ## Revoke a personal access token
 
 At any time, you can revoke a personal access token.

spec/controllers/profiles/personal_access_tokens_controller_spec.rb

@@ -64,5 +64,17 @@ RSpec.describe Profiles::PersonalAccessTokensController do
     it "retrieves newly created personal access token value" do
       expect(assigns(:new_personal_access_token)).to eql(token_value)
     end
+
+    it "sets PAT name and scopes" do
+      name = 'My PAT'
+      scopes = 'api,read_user'
+
+      get :index, params: { name: name, scopes: scopes }
+
+      expect(assigns(:personal_access_token)).to have_attributes(
+        name: eq(name),
+        scopes: contain_exactly(:api, :read_user)
+      )
+    end
   end
 end

spec/features/profiles/personal_access_tokens_spec.rb

@@ -149,4 +149,15 @@ RSpec.describe 'Profile > Personal Access Tokens', :js do
 
     expect(page).to have_pushed_frontend_feature_flags(personalAccessTokensScopedToProjects: true)
   end
+
+  it "prefills token details" do
+    name = 'My PAT'
+    scopes = 'api,read_user'
+
+    visit profile_personal_access_tokens_path({ name: name, scopes: scopes })
+
+    expect(page).to have_field("Token name", with: name)
+    expect(find("#personal_access_token_scopes_api")).to be_checked
+    expect(find("#personal_access_token_scopes_read_user")).to be_checked
+  end
 end