diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-05 17:59:16 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-05 17:59:16 +0000 |
commit | 72d5f1f9f81e71a50bed15a960a830be46bbf02f (patch) | |
tree | 17493245e8a8c4ac0ed219c248da35b276ef3a94 | |
parent | 8f841f78f46d462f87aa13fc161f14db8e9b9bc1 (diff) | |
download | gitlab-ce-72d5f1f9f81e71a50bed15a960a830be46bbf02f.tar.gz |
Add latest changes from gitlab-org/gitlab@15-6-stable-ee
-rw-r--r-- | app/controllers/profiles/personal_access_tokens_controller.rb | 6 | ||||
-rw-r--r-- | app/models/application_setting.rb | 4 | ||||
-rw-r--r-- | app/policies/project_policy.rb | 2 | ||||
-rw-r--r-- | app/views/layouts/nav/sidebar/_profile.html.haml | 23 | ||||
-rw-r--r-- | doc/user/group/settings/group_access_tokens.md | 3 | ||||
-rw-r--r-- | doc/user/profile/personal_access_tokens.md | 3 | ||||
-rw-r--r-- | doc/user/project/settings/project_access_tokens.md | 3 | ||||
-rw-r--r-- | spec/controllers/profiles/personal_access_tokens_controller_spec.rb | 16 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/auth_finders_spec.rb | 2 | ||||
-rw-r--r-- | spec/models/application_setting_spec.rb | 6 | ||||
-rw-r--r-- | spec/requests/admin/impersonation_tokens_controller_spec.rb | 12 | ||||
-rw-r--r-- | spec/views/layouts/nav/sidebar/_profile.html.haml_spec.rb | 16 |
12 files changed, 13 insertions, 83 deletions
diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 1663aa61f62..a7c6137f33a 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -5,8 +5,6 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController feature_category :authentication_and_authorization - before_action :check_personal_access_tokens_enabled - def index set_index_vars scopes = params[:scopes].split(',').map(&:squish).select(&:present?).map(&:to_sym) unless params[:scopes].nil? @@ -64,8 +62,4 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController def represent(tokens) ::PersonalAccessTokenSerializer.new.represent(tokens) end - - def check_personal_access_tokens_enabled - render_404 if Gitlab::CurrentSettings.personal_access_tokens_disabled? - end end diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index adbbddd635c..b111df97fec 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -807,10 +807,6 @@ class ApplicationSetting < ApplicationRecord ::AsciidoctorExtensions::Kroki::SUPPORTED_DIAGRAM_NAMES.include?(diagram_type) end - def personal_access_tokens_disabled? - false - end - private def parsed_grafana_url diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index bfeb1a602ab..6701eb4f429 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -805,7 +805,7 @@ class ProjectPolicy < BasePolicy rule { project_bot }.enable :project_bot_access - rule { can?(:read_all_resources) & resource_access_token_feature_available }.enable :read_resource_access_tokens + rule { can?(:read_all_resources) }.enable :read_resource_access_tokens rule { can?(:admin_project) & resource_access_token_feature_available }.policy do enable :read_resource_access_tokens diff --git a/app/views/layouts/nav/sidebar/_profile.html.haml b/app/views/layouts/nav/sidebar/_profile.html.haml index 0e3327935ca..a1393615e69 100644 --- a/app/views/layouts/nav/sidebar/_profile.html.haml +++ b/app/views/layouts/nav/sidebar/_profile.html.haml @@ -51,18 +51,17 @@ = link_to profile_chat_names_path do %strong.fly-out-top-item-name = _('Chat') - - unless Gitlab::CurrentSettings.personal_access_tokens_disabled? - = nav_link(controller: :personal_access_tokens) do - = link_to profile_personal_access_tokens_path do - .nav-icon-container - = sprite_icon('token') - %span.nav-item-name - = _('Access Tokens') - %ul.sidebar-sub-level-items.is-fly-out-only - = nav_link(controller: :personal_access_tokens, html_options: { class: "fly-out-top-item" } ) do - = link_to profile_personal_access_tokens_path do - %strong.fly-out-top-item-name - = _('Access Tokens') + = nav_link(controller: :personal_access_tokens) do + = link_to profile_personal_access_tokens_path do + .nav-icon-container + = sprite_icon('token') + %span.nav-item-name + = _('Access Tokens') + %ul.sidebar-sub-level-items.is-fly-out-only + = nav_link(controller: :personal_access_tokens, html_options: { class: "fly-out-top-item" } ) do + = link_to profile_personal_access_tokens_path do + %strong.fly-out-top-item-name + = _('Access Tokens') = nav_link(controller: :emails) do = link_to profile_emails_path, data: { qa_selector: 'profile_emails_link' } do .nav-icon-container diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md index 158e1654c6e..4806fcec4da 100644 --- a/doc/user/group/settings/group_access_tokens.md +++ b/doc/user/group/settings/group_access_tokens.md @@ -48,9 +48,6 @@ You cannot use group access tokens to create other group, project, or personal a Group access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix) configured for personal access tokens. -NOTE: -Group access tokens are not FIPS compliant and creation and use are disabled when [FIPS mode](../../../development/fips_compliance.md) is enabled. - ## Create a group access token using UI > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214045) in GitLab 14.7. diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md index 507ad6378bc..71a7cc91fab 100644 --- a/doc/user/profile/personal_access_tokens.md +++ b/doc/user/profile/personal_access_tokens.md @@ -45,9 +45,6 @@ For examples of how you can use a personal access token to authenticate with the Alternately, GitLab administrators can use the API to create [impersonation tokens](../../api/index.md#impersonation-tokens). Use impersonation tokens to automate authentication as a specific user. -NOTE: -Personal access tokens are not FIPS compliant and creation and use are disabled when [FIPS mode](../../development/fips_compliance.md) is enabled. - ## Create a personal access token > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/348660) in GitLab 15.3, default expiration of 30 days is populated in the UI. diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md index f27672a1b07..6e312a448c4 100644 --- a/doc/user/project/settings/project_access_tokens.md +++ b/doc/user/project/settings/project_access_tokens.md @@ -48,9 +48,6 @@ You cannot use project access tokens to create other group, project, or personal Project access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix) configured for personal access tokens. -NOTE: -Project access tokens are not FIPS compliant and creation and use are disabled when [FIPS mode](../../../development/fips_compliance.md) is enabled. - ## Create a project access token > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89114) in GitLab 15.1, Owners can select Owner role for project access tokens. diff --git a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb index 044ce8f397a..179e657cb8f 100644 --- a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb +++ b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb @@ -36,14 +36,6 @@ RSpec.describe Profiles::PersonalAccessTokensController do expect(created_token.expires_at).to eq(expires_at) end - it 'does not allow creation when personal access tokens are disabled' do - allow(::Gitlab::CurrentSettings).to receive_messages(personal_access_tokens_disabled?: true) - - post :create, params: { personal_access_token: token_attributes } - - expect(response).to have_gitlab_http_status(:not_found) - end - it_behaves_like "#create access token" do let(:url) { :create } end @@ -92,14 +84,6 @@ RSpec.describe Profiles::PersonalAccessTokensController do ) end - it 'returns 404 when personal access tokens are disabled' do - allow(::Gitlab::CurrentSettings).to receive_messages(personal_access_tokens_disabled?: true) - - get :index - - expect(response).to have_gitlab_http_status(:not_found) - end - it 'returns tokens for json format' do get :index, params: { format: :json } diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb index 9283c31a207..64328d15fd4 100644 --- a/spec/lib/gitlab/auth/auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/auth_finders_spec.rb @@ -189,7 +189,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do end it 'returns nil if valid feed_token and disabled' do - allow(Gitlab::CurrentSettings).to receive_messages(disable_feed_token: true) + stub_application_setting(disable_feed_token: true) set_param(:feed_token, user.feed_token) expect(find_user_from_feed_token(:rss)).to be_nil diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index fd86a784b2d..a46d75d6837 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -1483,10 +1483,4 @@ RSpec.describe ApplicationSetting do expect(setting.personal_access_token_prefix).to eql('glpat-') end end - - describe '.personal_access_tokens_disabled?' do - it 'is false' do - expect(setting.personal_access_tokens_disabled?).to eq(false) - end - end end diff --git a/spec/requests/admin/impersonation_tokens_controller_spec.rb b/spec/requests/admin/impersonation_tokens_controller_spec.rb index ee0e12ad0c0..2017a512bce 100644 --- a/spec/requests/admin/impersonation_tokens_controller_spec.rb +++ b/spec/requests/admin/impersonation_tokens_controller_spec.rb @@ -10,18 +10,6 @@ RSpec.describe Admin::ImpersonationTokensController, :enable_admin_mode do sign_in(admin) end - context 'when impersonation is enabled' do - before do - stub_config_setting(impersonation_enabled: true) - end - - it 'responds ok' do - get admin_user_impersonation_tokens_path(user_id: user.username) - - expect(response).to have_gitlab_http_status(:ok) - end - end - context "when impersonation is disabled" do before do stub_config_setting(impersonation_enabled: false) diff --git a/spec/views/layouts/nav/sidebar/_profile.html.haml_spec.rb b/spec/views/layouts/nav/sidebar/_profile.html.haml_spec.rb index f5a0a7a935c..3d28be68b25 100644 --- a/spec/views/layouts/nav/sidebar/_profile.html.haml_spec.rb +++ b/spec/views/layouts/nav/sidebar/_profile.html.haml_spec.rb @@ -11,20 +11,4 @@ RSpec.describe 'layouts/nav/sidebar/_profile' do it_behaves_like 'has nav sidebar' it_behaves_like 'sidebar includes snowplow attributes', 'render', 'user_side_navigation', 'user_side_navigation' - - it 'has a link to access tokens' do - render - - expect(rendered).to have_link(_('Access Tokens'), href: profile_personal_access_tokens_path) - end - - context 'when personal access tokens are disabled' do - it 'does not have a link to access tokens' do - allow(::Gitlab::CurrentSettings).to receive_messages(personal_access_tokens_disabled?: true) - - render - - expect(rendered).not_to have_link(_('Access Tokens'), href: profile_personal_access_tokens_path) - end - end end |