Merge branch '323088-expose-project-access-token-value-with-create-api' into 'master'

Expose project access token value with create API See merge request gitlab-org/gitlab!55408

Merge branch '323088-expose-project-access-token-value-with-create-api' into 'master'
Expose project access token value with create API See merge request gitlab-org/gitlab!55408
7064b459 · Arturo Herrero · 3196d6cc · 68f98f58 · 7064b459 · 7064b459
Commit 7064b459 authored Mar 02, 2021 by Arturo Herrero
4 changed files
--- a/changelogs/unreleased/323088-expose-project-access-token-value-with-create-api.yml
+++ b/changelogs/unreleased/323088-expose-project-access-token-value-with-create-api.yml
+---
+title: Expose project access token value with create API
+merge_request: 55408
+author:
+type: changed
--- a/doc/api/resource_access_tokens.md
+++ b/doc/api/resource_access_tokens.md
@@ -78,7 +78,8 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
   "created_at" : "2021-01-21T19:35:37.921Z",
   "user_id" : 166,
   "id" : 58,
-   "expires_at" : "2021-01-31"
+   "expires_at" : "2021-01-31",
+   "token" : "D4y...Wzr"
 }
 ```


--- a/lib/api/resource_access_tokens.rb
+++ b/lib/api/resource_access_tokens.rb
@@ -69,7 +69,7 @@ module API
          ).execute

          if token_response.success?
-            present token_response.payload[:access_token], with: Entities::PersonalAccessToken
+            present token_response.payload[:access_token], with: Entities::PersonalAccessTokenWithToken
          else
            bad_request!(token_response.message)
          end

--- a/spec/requests/api/resource_access_tokens_spec.rb
+++ b/spec/requests/api/resource_access_tokens_spec.rb
@@ -30,6 +30,18 @@ RSpec.describe API::ResourceAccessTokens do
          expect(token_ids).to match_array(access_tokens.pluck(:id))
        end

+        it "exposes the correct token information", :aggregate_failures do
+          get_tokens
+
+          token = access_tokens.last
+          api_get_token = json_response.last
+
+          expect(api_get_token["name"]).to eq(token.name)
+          expect(api_get_token["scopes"]).to eq(token.scopes)
+          expect(api_get_token["expires_at"]).to eq(token.expires_at.to_date.iso8601)
+          expect(api_get_token).not_to have_key('token')
+        end
+
        context "when using a project access token to GET other project access tokens" do
          let_it_be(:token) { access_tokens.first }

@@ -182,13 +194,13 @@ RSpec.describe API::ResourceAccessTokens do
    end

    describe "POST projects/:id/access_tokens" do
-      let_it_be(:params) { { name: "test", scopes: ["api"], expires_at: Date.today + 1.month } }
+      let(:params) { { name: "test", scopes: ["api"], expires_at: expires_at } }
+      let(:expires_at) { 1.month.from_now }

      subject(:create_token) { post api("/projects/#{project_id}/access_tokens", user), params: params }

      context "when the user has maintainer permissions" do
        let_it_be(:project_id) { project.id }
-        let_it_be(:expires_at) { 1.month.from_now }

        before do
          project.add_maintainer(user)
@@ -203,11 +215,12 @@ RSpec.describe API::ResourceAccessTokens do
              expect(json_response["name"]).to eq("test")
              expect(json_response["scopes"]).to eq(["api"])
              expect(json_response["expires_at"]).to eq(expires_at.to_date.iso8601)
+              expect(json_response["token"]).to be_present
            end
          end

          context "when 'expires_at' is not set" do
-            let_it_be(:params) { { name: "test", scopes: ["api"] } }
+            let(:expires_at) { nil }

            it "creates a project access token with the params", :aggregate_failures do
              create_token