user can reset his rss token on the account page

5 files changed, 40 insertions, 4 deletions

diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 57e23cea00e..8cd1c47eb3f 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -40,6 +40,14 @@ class ProfilesController < Profiles::ApplicationController
     redirect_to profile_account_path
   end
 
+  def reset_rss_token
+    if current_user.reset_rss_token!
+      flash[:notice] = "RSS token was successfully reset"
+    end
+
+    redirect_to profile_account_path
+  end
+
   def audit_log
     @events = AuditEvent.where(entity_type: "User", entity_id: current_user.id).
       order("created_at DESC").
diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml
index b7da2b80873..26e2a4a7f9e 100644
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -8,11 +8,10 @@
 .row.prepend-top-default
   .col-lg-3.profile-settings-sidebar
     %h4.prepend-top-0
-      = incoming_email_token_enabled? ? "Private Tokens" : "Private Token"
+      Private Tokens
     %p
-      Keep
-      = incoming_email_token_enabled? ? "these tokens" : "this token"
-      secret, anyone with access to them can interact with GitLab as if they were you.
+      Keep these tokens secret, anyone with access to them can interact with
+      GitLab as if they were you.
   .col-lg-9.private-tokens-reset
     .reset-action
       %p.cgray
@@ -23,6 +22,15 @@
       .prepend-top-default
         = link_to 'Reset private token', reset_private_token_profile_path, method: :put, data: { confirm: "Are you sure?" }, class: "btn btn-default private-token"
 
+    .reset-action
+      %p.cgray
+        = label_tag "rss-token", "RSS Token", class: 'label-light'
+        = text_field_tag "rss-token", current_user.rss_token, class: "form-control", readonly: true, onclick: "this.select()"
+      %p.help-block
+        Your RSS token is used to create urls for personalized RSS feeds.
+      .prepend-top-default
+        = link_to 'Reset RSS token', reset_rss_token_profile_path, method: :put, data: { confirm: "Are you sure? This action will invalidate all your existing rss links." }, class: "btn btn-default rss-token"
+
     - if incoming_email_token_enabled?
       .reset-action
         %p.cgray
diff --git a/config/routes/profile.rb b/config/routes/profile.rb
index 07c341999ea..3dc890e5785 100644
--- a/config/routes/profile.rb
+++ b/config/routes/profile.rb
@@ -5,6 +5,7 @@ resource :profile, only: [:show, :update] do
 
     put :reset_private_token
     put :reset_incoming_email_token
+    put :reset_rss_token
     put :update_username
   end
 
diff --git a/spec/features/profile_spec.rb b/spec/features/profile_spec.rb
index e63feb14b7e..7df628fd7a0 100644
--- a/spec/features/profile_spec.rb
+++ b/spec/features/profile_spec.rb
@@ -47,6 +47,21 @@ describe 'Profile account page', feature: true do
     end
   end
 
+  describe 'when I reset RSS token' do
+    before do
+      visit profile_account_path
+    end
+
+    it 'resets RSS token' do
+      previous_token = find("#rss-token").value
+
+      click_link('Reset RSS token')
+
+      expect(page).to have_content 'RSS token was successfully reset'
+      expect(find('#rss-token').value).not_to eq(previous_token)
+    end
+  end
+
   describe 'when I reset incoming email token' do
     before do
       allow(Gitlab.config.incoming_email).to receive(:enabled).and_return(true)
diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb
index abacc50a371..a62af13cf0c 100644
--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@@ -151,6 +151,10 @@ describe ProfilesController, "routing" do
     expect(put("/profile/reset_private_token")).to route_to('profiles#reset_private_token')
   end
 
+  it "to #reset_rss_token" do
+    expect(put("/profile/reset_rss_token")).to route_to('profiles#reset_rss_token')
+  end
+
   it "to #show" do
     expect(get("/profile")).to route_to('profiles#show')
   end