Commit 6d76f14f authored by Timothy Andrew's avatar Timothy Andrew

Allow revoking personal access tokens.

parent e2a4051c
......@@ -205,3 +205,6 @@
text-align: center;
}
}
.personal-access-tokens-revoked-label {
color: #bbb;
}
\ No newline at end of file
class Profiles::PersonalAccessTokensController < ApplicationController
def index
@user = current_user
@personal_access_token = current_user.personal_access_tokens.new
# Prefer this to `@user.personal_access_tokens.new`, because it
# litters the view's call to `@user.personal_access_tokens` with
# this stub personal access token.
@personal_access_token = PersonalAccessToken.new(user: @user)
end
def create
......@@ -14,6 +18,16 @@ class Profiles::PersonalAccessTokensController < ApplicationController
end
end
def revoke
@personal_access_token = current_user.personal_access_tokens.find(params[:id])
if @personal_access_token.revoke!
redirect_to profile_personal_access_tokens_path, notice: "Revoked personal access token #{@personal_access_token.name}!"
else
render :index
end
end
private
def personal_access_token_params
......
class PersonalAccessToken < ActiveRecord::Base
belongs_to :user
scope :active, -> { where.not(revoked: true) }
def self.generate(params)
personal_access_token = self.new(params)
personal_access_token.token = Devise.friendly_token(50)
personal_access_token
end
def revoke!
self.revoked = true
self.save
end
end
......@@ -34,11 +34,18 @@
%th Name
%th Token
%th Created At
%th Actions
%tbody
- @user.personal_access_tokens.each do |token|
- @user.personal_access_tokens.order(:revoked).each do |token|
%tr
%td= token.name
%td= token.token
%td= token.created_at
- if token.revoked?
%td
%span.personal-access-tokens-revoked-label Revoked
- else
%td= link_to "Revoke", revoke_profile_personal_access_token_path(token), method: :put, class: "btn btn-danger", data: {confirm: t('profile.personal_access_tokens.revoke.confirmation')}
- else
%span You don't have any tokens yet.
\ No newline at end of file
......@@ -12,3 +12,7 @@ en:
pagination:
previous: "Prev"
next: "Next"
profile:
personal_access_tokens:
revoke:
confirmation: "Are you sure? This cannot be undone."
......@@ -333,7 +333,11 @@ Rails.application.routes.draw do
resources :keys
resources :emails, only: [:index, :create, :destroy]
resource :avatar, only: [:destroy]
resources :personal_access_tokens, only: [:index, :create]
resources :personal_access_tokens, only: [:index, :create] do
member do
put :revoke
end
end
resource :two_factor_auth, only: [:new, :create, :destroy] do
member do
post :codes
......
class AddColumnRevokedToPersonalAccessTokens < ActiveRecord::Migration
def change
add_column :personal_access_tokens, :revoked, :boolean, default: false
end
end
......@@ -15,7 +15,7 @@ module API
def find_user_by_personal_access_token
personal_access_token_string = (params[PERSONAL_ACCESS_TOKEN_PARAM] || env[PERSONAL_ACCESS_TOKEN_HEADER]).to_s
personal_access_token = PersonalAccessToken.find_by_token(personal_access_token_string)
personal_access_token = PersonalAccessToken.active.find_by_token(personal_access_token_string)
personal_access_token.user if personal_access_token
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment