manage personal_access_tokens through api

author: Simon Vocella <voxsim@gmail.com> 2016-12-27 17:26:57 +0100
committer: Tiago Botelho <tiagonbotelho@hotmail.com> 2017-02-28 22:15:39 +0000
commit: 81246e5649a8fb9e73369cbd117505a546d7e807 (patch)
tree: fa51d0a0d504f25bf1151db6f115e3c8a4ec8ad4 /lib
parent: 4c4810b35b3b1729865640382b4c7e593f8b876d (diff)
download: gitlab-ce-81246e5649a8fb9e73369cbd117505a546d7e807.tar.gz
4 files changed, 133 insertions, 0 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb
index b27ac3f1d15..a2ce03a901c 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -93,6 +93,7 @@ module API
     mount ::API::Namespaces
     mount ::API::Notes
     mount ::API::NotificationSettings
+    mount ::API::PersonalAccessTokens
     mount ::API::Pipelines
     mount ::API::ProjectHooks
     mount ::API::Projects
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index a99d9cadc8a..211353ef2a9 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -696,5 +696,17 @@ module API
       expose :id, :message, :starts_at, :ends_at, :color, :font
       expose :active?, as: :active
     end
+
+    class BasicPersonalAccessToken < Grape::Entity
+      expose :id, :name, :revoked, :created_at, :scopes
+      expose :active?, as: :active
+      expose :expires_at do |personal_access_token|
+        personal_access_token.expires_at ? personal_access_token.expires_at.strftime("%Y-%m-%d") : nil
+      end
+    end
+
+    class PersonalAccessToken < BasicPersonalAccessToken
+      expose :token
+    end
   end
 end
diff --git a/lib/api/personal_access_tokens.rb b/lib/api/personal_access_tokens.rb
new file mode 100644
index 00000000000..56797ddcf74
--- /dev/null
+++ b/lib/api/personal_access_tokens.rb
@@ -0,0 +1,56 @@
+module API
+  class PersonalAccessTokens < Grape::API
+    before { authenticate! }
+
+    resource :personal_access_tokens do
+      desc 'Retrieve personal access tokens'
+      params do
+        optional :state, type: String, default: 'all', values: %w[all active inactive], desc: 'Filters (all|active|inactive) personal_access_tokens'
+      end
+      get do
+        personal_access_tokens = current_user.personal_access_tokens
+
+        case params[:state]
+        when "active"
+          personal_access_tokens = personal_access_tokens.active
+        when "inactive"
+          personal_access_tokens = personal_access_tokens.inactive
+        end
+
+        present personal_access_tokens, with: Entities::BasicPersonalAccessToken
+      end
+
+      desc 'Create a personal access token'
+      params do
+        requires :name, type: String, desc: 'The name of the personal access token'
+        optional :expires_at, type: Date, desc: 'The expiration date in the format YEAR-MONTH-DAY of the personal access token'
+        optional :scopes, type: Array, desc: 'The array of scopes of the personal access token'
+      end
+      post do
+        parameters = declared_params(include_missing: false)
+        parameters[:user_id] = current_user.id
+
+        personal_access_token = PersonalAccessToken.generate(parameters)
+
+        if personal_access_token.save
+          present personal_access_token, with: Entities::PersonalAccessToken
+        else
+          render_validation_error!(personal_access_token)
+        end
+      end
+
+      desc 'Revoke a personal access token'
+      params do
+        requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
+      end
+      delete ':personal_access_token_id' do
+        personal_access_token = PersonalAccessToken.find_by(id: params[:personal_access_token_id], user_id: current_user.id)
+        not_found!('PersonalAccessToken') unless personal_access_token
+
+        personal_access_token.revoke!
+
+        present personal_access_token, with: Entities::BasicPersonalAccessToken
+      end
+    end
+  end
+end
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 7bb4b76f830..450d678061e 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -362,6 +362,70 @@ module API
 
         present paginate(events), with: Entities::Event
       end
+
+      desc 'Retrieve personal access tokens. Available only for admins.'
+      params do
+        requires :user_id, type: Integer
+        optional :state, type: String, default: 'all', values: %w[all active inactive], desc: 'Filters (all|active|inactive) personal_access_tokens'
+      end
+      get ':user_id/personal_access_tokens' do
+        authenticated_as_admin!
+
+        user = User.find_by(id: params[:user_id])
+        not_found!('User') unless user
+
+        personal_access_tokens = user.personal_access_tokens
+
+        case params[:state]
+        when "active"
+          personal_access_tokens = personal_access_tokens.active
+        when "inactive"
+          personal_access_tokens = personal_access_tokens.inactive
+        end
+
+        present personal_access_tokens, with: Entities::PersonalAccessToken
+      end
+
+      desc 'Create a personal access token. Available only for admins.'
+      params do
+        requires :user_id, type: Integer, desc: 'The ID of the user'
+        requires :name, type: String, desc: 'The name of the personal access token'
+        optional :expires_at, type: Date, desc: 'The expiration date in the format YEAR-MONTH-DAY of the personal access token'
+        optional :scopes, type: Array, desc: 'The array of scopes of the personal access token'
+      end
+      post ':user_id/personal_access_tokens' do
+        authenticated_as_admin!
+
+        user = User.find_by(id: params[:user_id])
+        not_found!('User') unless user
+
+        personal_access_token = PersonalAccessToken.generate(declared_params(include_missing: false))
+
+        if personal_access_token.save
+          present personal_access_token, with: Entities::PersonalAccessToken
+        else
+          render_validation_error!(personal_access_token)
+        end
+      end
+
+      desc 'Revoke a personal access token. Available only for admins.'
+      params do
+        requires :user_id, type: Integer, desc: 'The ID of the user'
+        requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
+      end
+      delete ':user_id/personal_access_tokens/:personal_access_token_id' do
+        authenticated_as_admin!
+
+        user = User.find_by(id: params[:user_id])
+        not_found!('User') unless user
+
+        personal_access_token = PersonalAccessToken.find_by(id: params[:personal_access_token_id])
+        not_found!('PersonalAccessToken') unless personal_access_token
+
+        personal_access_token.revoke!
+
+        present personal_access_token, with: Entities::PersonalAccessToken
+      end
     end
 
     resource :user do
author	Simon Vocella <voxsim@gmail.com>	2016-12-27 17:26:57 +0100
committer	Tiago Botelho <tiagonbotelho@hotmail.com>	2017-02-28 22:15:39 +0000
commit	81246e5649a8fb9e73369cbd117505a546d7e807 (patch)
tree	fa51d0a0d504f25bf1151db6f115e3c8a4ec8ad4 /lib
parent	4c4810b35b3b1729865640382b4c7e593f8b876d (diff)
download	gitlab-ce-81246e5649a8fb9e73369cbd117505a546d7e807.tar.gz