diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-07-02 10:55:29 +0000 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-07-02 10:55:29 +0000 |
commit | 7c42aaa5763e6028e6c004fa7f90a3c9b2d27ccc (patch) | |
tree | a60fa4d6b3b37d4beae65db02b4db0435e809c35 /app | |
parent | 7a94a46c3006385d2b9215dd2fb0197a8c21a304 (diff) | |
parent | cd5e79e98b7f08a6fa6999d25e158073fee03048 (diff) | |
download | gitlab-ce-7c42aaa5763e6028e6c004fa7f90a3c9b2d27ccc.tar.gz |
Merge branch 'anonymous-applications' into 'master'
Correctly show anonymous authorized applications under Profile > Applications.
Fixes #1907.
Access tokens that were created using the ["Resource Owner Password Credentials" flow](http://doc.gitlab.com/ce/api/oauth2.html#resource-owner-password-credentials) by the user entering their username and password don't have a connected application, so the Profile > Applications page used to crash. These tokens are now rendered as "Anonymous" and can be revoked.
![Screen_Shot_2015-07-02_at_11.53.55](https://gitlab.com/gitlab-org/gitlab-ce/uploads/0fb044ce1fbf5d5e2825c3abee7763ee/Screen_Shot_2015-07-02_at_11.53.55.png)
See merge request !924
Diffstat (limited to 'app')
4 files changed, 24 insertions, 4 deletions
diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb index 3ab6def511c..4193ac11399 100644 --- a/app/controllers/oauth/authorized_applications_controller.rb +++ b/app/controllers/oauth/authorized_applications_controller.rb @@ -4,7 +4,12 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio layout 'profile' def destroy - Doorkeeper::AccessToken.revoke_all_for(params[:id], current_resource_owner) + if params[:token_id].present? + current_resource_owner.oauth_authorized_tokens.find(params[:token_id]).revoke + else + Doorkeeper::AccessToken.revoke_all_for(params[:id], current_resource_owner) + end + redirect_to applications_profile_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy]) end end diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index b4af9e490ed..5382a6cf6ac 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -11,7 +11,8 @@ class ProfilesController < Profiles::ApplicationController def applications @applications = current_user.oauth_applications @authorized_tokens = current_user.oauth_authorized_tokens - @authorized_apps = @authorized_tokens.map(&:application).uniq + @authorized_anonymous_tokens = @authorized_tokens.reject(&:application) + @authorized_apps = @authorized_tokens.map(&:application).uniq - [nil] end def update diff --git a/app/views/doorkeeper/authorized_applications/_delete_form.html.haml b/app/views/doorkeeper/authorized_applications/_delete_form.html.haml index 4bba72167e3..bfa95ce79a7 100644 --- a/app/views/doorkeeper/authorized_applications/_delete_form.html.haml +++ b/app/views/doorkeeper/authorized_applications/_delete_form.html.haml @@ -1,4 +1,9 @@ - submit_btn_css ||= 'btn btn-link btn-remove' -= form_tag oauth_authorized_application_path(application) do +- if defined?(token) + - path = oauth_authorized_application_path(0, token_id: token) +- else + - path = oauth_authorized_application_path(application) + += form_tag path do %input{:name => "_method", :type => "hidden", :value => "delete"}/ - = submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: 'btn btn-link btn-remove btn-sm'
\ No newline at end of file + = submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: 'btn btn-link btn-remove btn-sm' diff --git a/app/views/profiles/applications.html.haml b/app/views/profiles/applications.html.haml index 2c4f0804f0b..d2fad31eca2 100644 --- a/app/views/profiles/applications.html.haml +++ b/app/views/profiles/applications.html.haml @@ -56,5 +56,14 @@ %td= token.created_at %td= token.scopes %td= render 'doorkeeper/authorized_applications/delete_form', application: app + - @authorized_anonymous_tokens.each do |token| + %tr + %td + Anonymous + %div.help-block + %em Authorization was granted by entering your username and password in the application. + %td= token.created_at + %td= token.scopes + %td= render 'doorkeeper/authorized_applications/delete_form', token: token - else %p.light You dont have any authorized applications |