Merge branch 'atroschinetz/new-deploy-token-via-ajax' into 'master'

Backend for new deploy tokens via ajax See merge request gitlab-org/gitlab!27141

Merge branch 'atroschinetz/new-deploy-token-via-ajax' into 'master'
Backend for new deploy tokens via ajax See merge request gitlab-org/gitlab!27141
ca279f65 · Shinya Maeda · 36600f4a · 3572bfb7 · ca279f65 · ca279f65
Commit ca279f65 authored Apr 01, 2020 by Shinya Maeda
11 changed files
--- a/app/controllers/groups/settings/ci_cd_controller.rb
+++ b/app/controllers/groups/settings/ci_cd_controller.rb
@@ -8,6 +8,7 @@ module Groups
      before_action :authorize_update_max_artifacts_size!, only: [:update]
      before_action do
        push_frontend_feature_flag(:new_variables_ui, @group)
+        push_frontend_feature_flag(:ajax_new_deploy_token, @group)
      end
      before_action :define_variables, only: [:show, :create_deploy_token]

@@ -42,13 +43,30 @@ module Groups
      end

      def create_deploy_token
-        @new_deploy_token = Groups::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute
+        result = Projects::DeployTokens::CreateService.new(@group, current_user, deploy_token_params).execute
+        @new_deploy_token = result[:deploy_token]

-        if @new_deploy_token.persisted?
+        if result[:status] == :success
+          respond_to do |format|
+            format.json do
+              # IMPORTANT: It's a security risk to expose the token value more than just once here!
+              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
+              render json: json, status: result[:http_status]
+            end
+            format.html do
              flash.now[:notice] = s_('DeployTokens|Your new group deploy token has been created.')
+              render :show
+            end
+          end
+        else
+          respond_to do |format|
+            format.json { render json: { message: result[:message] }, status: result[:http_status] }
+            format.html do
+              flash.now[:alert] = result[:message]
+              render :show
+            end
+          end
        end
-
-        render 'show'
      end

      private

--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -7,6 +7,7 @@ module Projects
      before_action :define_variables
      before_action do
        push_frontend_feature_flag(:new_variables_ui, @project)
+        push_frontend_feature_flag(:ajax_new_deploy_token, @project)
      end

      def show
@@ -47,13 +48,30 @@ module Projects
      end

      def create_deploy_token
-        @new_deploy_token = Projects::DeployTokens::CreateService.new(@project, current_user, deploy_token_params).execute
+        result = Projects::DeployTokens::CreateService.new(@project, current_user, deploy_token_params).execute
+        @new_deploy_token = result[:deploy_token]

-        if @new_deploy_token.persisted?
+        if result[:status] == :success
+          respond_to do |format|
+            format.json do
+              # IMPORTANT: It's a security risk to expose the token value more than just once here!
+              json = API::Entities::DeployTokenWithToken.represent(@new_deploy_token).as_json
+              render json: json, status: result[:http_status]
+            end
+            format.html do
              flash.now[:notice] = s_('DeployTokens|Your new project deploy token has been created.')
+              render :show
+            end
+          end
+        else
+          respond_to do |format|
+            format.json { render json: { message: result[:message] }, status: result[:http_status] }
+            format.html do
+              flash.now[:alert] = result[:message]
+              render :show
+            end
+          end
        end
-
-        render 'show'
      end

      private

--- a/app/services/groups/deploy_tokens/create_service.rb
+++ b/app/services/groups/deploy_tokens/create_service.rb
@@ -6,7 +6,13 @@ module Groups
      include DeployTokenMethods

      def execute
-        create_deploy_token_for(@group, params)
+        deploy_token = create_deploy_token_for(@group, params)
+
+        if deploy_token.persisted?
+          success(deploy_token: deploy_token, http_status: :ok)
+        else
+          error(deploy_token.errors.full_messages.to_sentence, :bad_request)
+        end
      end
    end
  end

--- a/app/services/projects/deploy_tokens/create_service.rb
+++ b/app/services/projects/deploy_tokens/create_service.rb
@@ -6,7 +6,13 @@ module Projects
      include DeployTokenMethods

      def execute
-        create_deploy_token_for(@project, params)
+        deploy_token = create_deploy_token_for(@project, params)
+
+        if deploy_token.persisted?
+          success(deploy_token: deploy_token, http_status: :ok)
+        else
+          error(deploy_token.errors.full_messages.to_sentence, :bad_request)
+        end
      end
    end
  end

--- a/app/views/shared/deploy_tokens/_form.html.haml
+++ b/app/views/shared/deploy_tokens/_form.html.haml
 %p.profile-settings-content
  = s_("DeployTokens|Pick a name for the application, and we'll give you a unique deploy token.")

-= form_for token, url: create_deploy_token_path(group_or_project, anchor: 'js-deploy-tokens'), method: :post do |f|
+= form_for token, url: create_deploy_token_path(group_or_project, anchor: 'js-deploy-tokens'), method: :post, remote: Feature.enabled?(:ajax_new_deploy_token, group_or_project) do |f|
  = form_errors(token)

  .form-group

--- a/lib/api/deploy_tokens.rb
+++ b/lib/api/deploy_tokens.rb
@@ -65,11 +65,15 @@ module API
      post ':id/deploy_tokens' do
        authorize!(:create_deploy_token, user_project)

-        deploy_token = ::Projects::DeployTokens::CreateService.new(
+        result = ::Projects::DeployTokens::CreateService.new(
          user_project, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
        ).execute

-        present deploy_token, with: Entities::DeployTokenWithToken
+        if result[:status] == :success
+          present result[:deploy_token], with: Entities::DeployTokenWithToken
+        else
+          render_api_error!(result[:message], result[:http_status])
+        end
      end

      desc 'Delete a project deploy token' do
@@ -126,11 +130,15 @@ module API
      post ':id/deploy_tokens' do
        authorize!(:create_deploy_token, user_group)

-        deploy_token = ::Groups::DeployTokens::CreateService.new(
+        result = ::Groups::DeployTokens::CreateService.new(
          user_group, current_user, scope_params.merge(declared(params, include_missing: false, include_parent_namespaces: false))
        ).execute

-        present deploy_token, with: Entities::DeployTokenWithToken
+        if result[:status] == :success
+          present result[:deploy_token], with: Entities::DeployTokenWithToken
+        else
+          render_api_error!(result[:message], result[:http_status])
+        end
      end

      desc 'Delete a group deploy token' do

--- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
@@ -212,13 +212,85 @@ describe Groups::Settings::CiCdController do
  end

  describe 'POST create_deploy_token' do
+    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
+      before do
+        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: group })
+        entity.add_owner(user)
+      end
+
      it_behaves_like 'a created deploy token' do
        let(:entity) { group }
        let(:create_entity_params) { { group_id: group } }
        let(:deploy_token_type) { DeployToken.deploy_token_types[:group_type] }
+      end
+    end
+
+    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
+      let(:good_deploy_token_params) do
+        {
+          name: 'name',
+          expires_at: 1.day.from_now.to_s,
+          username: 'deployer',
+          read_repository: '1',
+          deploy_token_type: DeployToken.deploy_token_types[:group_type]
+        }
+      end
+      let(:request_params) do
+        {
+          group_id: group.to_param,
+          deploy_token: deploy_token_params
+        }
+      end

      before do
-        entity.add_owner(user)
+        group.add_owner(user)
+      end
+
+      subject { post :create_deploy_token, params: request_params, format: :json }
+
+      context('a good request') do
+        let(:deploy_token_params) { good_deploy_token_params }
+        let(:expected_response) do
+          {
+            'id' => be_a(Integer),
+            'name' => deploy_token_params[:name],
+            'username' => deploy_token_params[:username],
+            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
+            'token' => be_a(String),
+            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
+              key, value = kv
+              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
+            end
+          }
+        end
+
+        it 'creates the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to match_response_schema('public_api/v4/deploy_token')
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('a bad request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
+        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
+
+        it 'does not create the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('an invalid request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
+
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
+        end
      end
    end
  end

--- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb
@@ -249,10 +249,82 @@ describe Projects::Settings::CiCdController do
  end

  describe 'POST create_deploy_token' do
+    context 'when ajax_new_deploy_token feature flag is disabled for the project' do
+      before do
+        stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
+      end
+
      it_behaves_like 'a created deploy token' do
        let(:entity) { project }
        let(:create_entity_params) { { namespace_id: project.namespace, project_id: project } }
        let(:deploy_token_type) { DeployToken.deploy_token_types[:project_type] }
      end
    end
+
+    context 'when ajax_new_deploy_token feature flag is enabled for the project' do
+      let(:good_deploy_token_params) do
+        {
+          name: 'name',
+          expires_at: 1.day.from_now.to_s,
+          username: 'deployer',
+          read_repository: '1',
+          deploy_token_type: DeployToken.deploy_token_types[:project_type]
+        }
+      end
+      let(:request_params) do
+        {
+          namespace_id: project.namespace.to_param,
+          project_id: project.to_param,
+          deploy_token: deploy_token_params
+        }
+      end
+
+      subject { post :create_deploy_token, params: request_params, format: :json }
+
+      context('a good request') do
+        let(:deploy_token_params) { good_deploy_token_params }
+        let(:expected_response) do
+          {
+            'id' => be_a(Integer),
+            'name' => deploy_token_params[:name],
+            'username' => deploy_token_params[:username],
+            'expires_at' => Time.parse(deploy_token_params[:expires_at]),
+            'token' => be_a(String),
+            'scopes' => deploy_token_params.inject([]) do |scopes, kv|
+              key, value = kv
+              key.to_s.start_with?('read_') && !value.to_i.zero? ? scopes << key.to_s : scopes
+            end
+          }
+        end
+
+        it 'creates the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to match_response_schema('public_api/v4/deploy_token')
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('a bad request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:read_repository) }
+        let(:expected_response) { { 'message' => "Scopes can't be blank" } }
+
+        it 'does not create the deploy token' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response).to match(expected_response)
+        end
+      end
+
+      context('an invalid request') do
+        let(:deploy_token_params) { good_deploy_token_params.except(:name) }
+
+        it 'raises a validation error' do
+          expect { subject }.to raise_error(ActiveRecord::StatementInvalid)
+        end
+      end
+    end
+  end
 end
--- a/spec/features/projects/settings/ci_cd_settings_spec.rb
+++ b/spec/features/projects/settings/ci_cd_settings_spec.rb
@@ -14,6 +14,7 @@ describe 'Projects > Settings > CI / CD settings' do
      project.add_role(user, role)
      sign_in(user)
      stub_container_registry_config(enabled: true)
+      stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
      visit project_settings_ci_cd_path(project)
    end


--- a/spec/features/projects/settings/user_sees_revoke_deploy_token_modal_spec.rb
+++ b/spec/features/projects/settings/user_sees_revoke_deploy_token_modal_spec.rb
@@ -11,6 +11,7 @@ describe 'Repository Settings > User sees revoke deploy token modal', :js do
  before do
    project.add_role(user, role)
    sign_in(user)
+    stub_feature_flags(ajax_new_deploy_token: { enabled: false, thing: project })
    visit(project_settings_ci_cd_path(project))
    click_link('Revoke')
  end

--- a/spec/support/services/deploy_token_shared_examples.rb
+++ b/spec/support/services/deploy_token_shared_examples.rb
@@ -17,7 +17,7 @@ RSpec.shared_examples 'a deploy token creation service' do
      end

      it 'returns a DeployToken' do
-        expect(subject).to be_an_instance_of DeployToken
+        expect(subject[:deploy_token]).to be_an_instance_of DeployToken
      end
    end

@@ -25,7 +25,7 @@ RSpec.shared_examples 'a deploy token creation service' do
      let(:deploy_token_params) { attributes_for(:deploy_token, expires_at: '') }

      it 'sets Forever.date' do
-        expect(subject.read_attribute(:expires_at)).to eq(Forever.date)
+        expect(subject[:deploy_token].read_attribute(:expires_at)).to eq(Forever.date)
      end
    end

@@ -33,7 +33,7 @@ RSpec.shared_examples 'a deploy token creation service' do
      let(:deploy_token_params) { attributes_for(:deploy_token, username: '') }

      it 'converts it to nil' do
-        expect(subject.read_attribute(:username)).to be_nil
+        expect(subject[:deploy_token].read_attribute(:username)).to be_nil
      end
    end

@@ -41,7 +41,7 @@ RSpec.shared_examples 'a deploy token creation service' do
      let(:deploy_token_params) { attributes_for(:deploy_token, username: 'deployer') }

      it 'keeps the provided username' do
-        expect(subject.read_attribute(:username)).to eq('deployer')
+        expect(subject[:deploy_token].read_attribute(:username)).to eq('deployer')
      end
    end