Merge branch 'atroschinetz/new-deploy-token-via-ajax' into 'master'

Backend for new deploy tokens via ajax

See merge request gitlab-org/gitlab!27141

app/controllers/groups/settings/ci_cd_controller.rb

@@ -8,6 +8,7 @@ module Groups
       before_action :authorize_update_max_artifacts_size!, only: [:update]
       before_action do
         push_frontend_feature_flag(:new_variables_ui, @group)
+        push_frontend_feature_flag(:ajax_new_deploy_token, @group)
       end
       before_action :define_variables, only: [:show, :create_deploy_token]
 
@@ -42,13 +43,30 @@ module Groups
       end
 
       def create_deploy_token
-        @new_deploy_token = Groups::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute
-
-        if @new_deploy_token.persisted?
-          flash.now[:notice] = s_('DeployTokens|Your new group deploy token has been created.')
+        result = Projects::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute
+        @new_deploy_token = result[:deploy_token]
+
+        if result[:status] == :success
+          respond_to do |format|
+            format.json do
+              # IMPORTANT: It's a security risk to expose the token value more than just once here!
+              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
+              render json: json, status: result[:http_status]
+            end
+            format.html do
+              flash.now[:notice] = s_('DeployTokens|Your new group deploy token has been created.')
+              render :show
+            end
+          end
+        else
+          respond_to do |format|
+            format.json { render json: { message: result[:message] }, status: result[:http_status] }
+            format.html do
+              flash.now[:alert] = result[:message]
+              render :show
+            end
+          end
         end
-
-        render 'show'
       end
 
       private

app/controllers/projects/settings/ci_cd_controller.rb

@@ -7,6 +7,7 @@ module Projects
       before_action :define_variables
       before_action do
         push_frontend_feature_flag(:new_variables_ui, @project)
+        push_frontend_feature_flag(:ajax_new_deploy_token, @project)
       end
 
       def show
@@ -47,13 +48,30 @@ module Projects
       end
 
       def create_deploy_token
-        @new_deploy_token = Projects::DeployTokens::CreateService.new(@project, current_user, deploy_token_params).execute
+        result = Projects::DeployTokens::CreateService.new(@project, current_user, deploy_token_params).execute
+        @new_deploy_token = result[:deploy_token]
 
-        if @new_deploy_token.persisted?
-          flash.now[:notice] = s_('DeployTokens|Your new project deploy token has been created.')
+        if result[:status] == :success
+          respond_to do |format|
+            format.json do
+              # IMPORTANT: It's a security risk to expose the token value more than just once here!
+              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
+              render json: json, status: result[:http_status]
+            end
+            format.html do
+              flash.now[:notice] = s_('DeployTokens|Your new project deploy token has been created.')
+              render :show
+            end
+          end
+        else
+          respond_to do |format|
+            format.json { render json: { message: result[:message] }, status: result[:http_status] }
+            format.html do
+              flash.now[:alert] = result[:message]
+              render :show
+            end
+          end
         end
-
-        render 'show'
       end
 
       private

app/services/groups/deploy_tokens/create_service.rb

@@ -6,7 +6,13 @@ module Groups
       include DeployTokenMethods
 
       def execute
-        create_deploy_token_for(@group, params)
+        deploy_token = create_deploy_token_for(@group, params)
+
+        if deploy_token.persisted?
+          success(deploy_token: deploy_token, http_status: :ok)
+        else
+          error(deploy_token.errors.full_messages.to_sentence, :bad_request)
+        end
       end
     end
   end

app/services/projects/deploy_tokens/create_service.rb

@@ -6,7 +6,13 @@ module Projects
       include DeployTokenMethods
 
       def execute
-        create_deploy_token_for(@project, params)
+        deploy_token = create_deploy_token_for(@project, params)
+
+        if deploy_token.persisted?
+          success(deploy_token: deploy_token, http_status: :ok)
+        else
+          error(deploy_token.errors.full_messages.to_sentence, :bad_request)
+        end
       end
     end
   end

app/views/shared/deploy_tokens/_form.html.haml

 %p.profile-settings-content
   = s_("DeployTokens|Pick a name for the application, and we'll give you a unique deploy token.")
 
-= form_for token, url: create_deploy_token_path(group_or_project, anchor: 'js-deploy-tokens'), method: :post do |f|
+= form_for token, url: create_deploy_token_path(group_or_project, anchor: 'js-deploy-tokens'), method: :post, remote: Feature.enabled?(:ajax_new_deploy_token, group_or_project) do |f|
   = form_errors(token)
 
   .form-group

lib/api/deploy_tokens.rb

@@ -65,11 +65,15 @@ module API
       post ':id/deploy_tokens' do
         authorize!(:create_deploy_token, user_project)
 
-        deploy_token = ::Projects::DeployTokens::CreateService.new(
+        result = ::Projects::DeployTokens::CreateService.new(
           user_project, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
         ).execute
 
-        present deploy_token, with: Entities::DeployTokenWithToken
+        if result[:status] == :success
+          present result[:deploy_token], with: Entities::DeployTokenWithToken
+        else
+          render_api_error!(result[:message], result[:http_status])
+        end
       end
 
       desc 'Delete a project deploy token' do
@@ -126,11 +130,15 @@ module API
       post ':id/deploy_tokens' do
         authorize!(:create_deploy_token, user_group)
 
-        deploy_token = ::Groups::DeployTokens::CreateService.new(
+        result = ::Groups::DeployTokens::CreateService.new(
           user_group, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
         ).execute
 
-        present deploy_token, with: Entities::DeployTokenWithToken
+        if result[:status] == :success
+          present result[:deploy_token], with: Entities::DeployTokenWithToken
+        else
+          render_api_error!(result[:message], result[:http_status])
+        end
       end
 
       desc 'Delete a group deploy token' do

spec/controllers/groups/settings/ci_cd_controller_spec.rb

@@ -212,14 +212,86 @@ describe Groups::Settings::CiCdController do
   end
 
   describe 'POST create_deploy_token' do
-    it_behaves_like 'a created deploy token' do
-      let(:entity) { group }
-      let(:create_entity_params) { { group_id: group } }
-      let(:deploy_token_type) { DeployToken.deploy_token_types[:group_type] }
-
+    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
       before do
+        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: group })
         entity.add_owner(user)
       end
+
+      it_behaves_like 'a created deploy token' do
+        let(:entity) { group }
+        let(:create_entity_params) { { group_id: group } }
+        let(:deploy_token_type) { DeployToken.deploy_token_types[:group_type] }
+      end
+    end
+
+    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
+      let(:good_deploy_token_params) do
+        {
+          name: 'name',
+          expires_at: 1.day.from_now.to_s,
+          username: 'deployer',
+          read_repository: '1',
+          deploy_token_type: DeployToken.deploy_token_types[:group_type]
+        }
+      end
+      let(:request_params) do
+        {
+          group_id: group.to_param,
+          deploy_token: deploy_token_params
+        }
+      end
+
+      before do
+        group.add_owner(user)
+      end
+
+      subject { post :create_deploy_token, params: request_params, format: :json }
+
+      context('a good request') do
+        let(:deploy_token_params) { good_deploy_token_params }
+        let(:expected_response) do
+          {
+            'id' => be_a(Integer),
+            'name' => deploy_token_params[:name],
+            'username' => deploy_token_params[:username],
+            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
+            'token' => be_a(String),
+            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
+              key, value = kv
+              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
+            end
+          }
+        end
+
+        it 'creates the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to match_response_schema('public_api/v4/deploy_token')
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('a bad request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
+        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
+
+        it 'does not create the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('an invalid request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
+
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
+        end
+      end
     end
   end
 end

spec/controllers/projects/settings/ci_cd_controller_spec.rb

@@ -249,10 +249,82 @@ describe Projects::Settings::CiCdController do
   end
 
   describe 'POST create_deploy_token' do
-    it_behaves_like 'a created deploy token' do
-      let(:entity) { project }
-      let(:create_entity_params) { { namespace_id: project.namespace, project_id: project } }
-      let(:deploy_token_type) { DeployToken.deploy_token_types[:project_type] }
+    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
+      before do
+        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
+      end
+
+      it_behaves_like 'a created deploy token' do
+        let(:entity) { project }
+        let(:create_entity_params) { { namespace_id: project.namespace, project_id: project } }
+        let(:deploy_token_type) { DeployToken.deploy_token_types[:project_type] }
+      end
+    end
+
+    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
+      let(:good_deploy_token_params) do
+        {
+          name: 'name',
+          expires_at: 1.day.from_now.to_s,
+          username: 'deployer',
+          read_repository: '1',
+          deploy_token_type: DeployToken.deploy_token_types[:project_type]
+        }
+      end
+      let(:request_params) do
+        {
+          namespace_id: project.namespace.to_param,
+          project_id: project.to_param,
+          deploy_token: deploy_token_params
+        }
+      end
+
+      subject { post :create_deploy_token, params: request_params, format: :json }
+
+      context('a good request') do
+        let(:deploy_token_params) { good_deploy_token_params }
+        let(:expected_response) do
+          {
+            'id' => be_a(Integer),
+            'name' => deploy_token_params[:name],
+            'username' => deploy_token_params[:username],
+            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
+            'token' => be_a(String),
+            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
+              key, value = kv
+              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
+            end
+          }
+        end
+
+        it 'creates the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to match_response_schema('public_api/v4/deploy_token')
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('a bad request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
+        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
+
+        it 'does not create the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('an invalid request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
+
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
+        end
+      end
     end
   end
 end

spec/features/projects/settings/ci_cd_settings_spec.rb

@@ -14,6 +14,7 @@ describe 'Projects > Settings > CI / CD settings' do
       project.add_role(user, role)
       sign_in(user)
       stub_container_registry_config(enabled: true)
+      stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
       visit project_settings_ci_cd_path(project)
     end
 

spec/features/projects/settings/user_sees_revoke_deploy_token_modal_spec.rb

@@ -11,6 +11,7 @@ describe 'Repository Settings > User sees revoke deploy token modal', :js do
   before do
     project.add_role(user, role)
     sign_in(user)
+    stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
     visit(project_settings_ci_cd_path(project))
     click_link('Revoke')
   end

spec/support/services/deploy_token_shared_examples.rb

@@ -17,7 +17,7 @@ RSpec.shared_examples 'a deploy token creation service' do
       end
 
       it 'returns a DeployToken' do
-        expect(subject).to be_an_instance_of DeployToken
+        expect(subject[:deploy_token]).to be_an_instance_of DeployToken
       end
     end
 
@@ -25,7 +25,7 @@ RSpec.shared_examples 'a deploy token creation service' do
       let(:deploy_token_params) { attributes_for(:deploy_token, expires_at: '') }
 
       it 'sets Forever.date' do
-        expect(subject.read_attribute(:expires_at)).to eq(Forever.date)
+        expect(subject[:deploy_token].read_attribute(:expires_at)).to eq(Forever.date)
       end
     end
 
@@ -33,7 +33,7 @@ RSpec.shared_examples 'a deploy token creation service' do
       let(:deploy_token_params) { attributes_for(:deploy_token, username: '') }
 
       it 'converts it to nil' do
-        expect(subject.read_attribute(:username)).to be_nil
+        expect(subject[:deploy_token].read_attribute(:username)).to be_nil
       end
     end
 
@@ -41,7 +41,7 @@ RSpec.shared_examples 'a deploy token creation service' do
       let(:deploy_token_params) { attributes_for(:deploy_token, username: 'deployer') }
 
       it 'keeps the provided username' do
-        expect(subject.read_attribute(:username)).to eq('deployer')
+        expect(subject[:deploy_token].read_attribute(:username)).to eq('deployer')
       end
     end