Display impersonation token value only after creationif-53347_fix_impersonation_tokens

Since we migrated all PersonlAccessTokens to store only its hash in the DB, the token value can no longer be shown to the user.
author: Imre Farkas <ifarkas@gitlab.com> 2018-11-08 16:03:56 +0100
committer: Imre Farkas <ifarkas@gitlab.com> 2018-11-12 12:16:25 +0100
commit: f3cd24a9f3f581488d621475e55e3a81bbd9e67c (patch)
tree: 66266d4ae8b2864a2e8423f7e8022483c357ccb9 /spec
parent: 369631c84195f6b8b26624d5647ae994e64b77e8 (diff)
download: gitlab-ce-f3cd24a9f3f581488d621475e55e3a81bbd9e67c.tar.gz
4 files changed, 16 insertions, 2 deletions
diff --git a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb
index ed08a4c1bf2..f5860d4296b 100644
--- a/spec/controllers/profiles/personal_access_tokens_controller_spec.rb
+++ b/spec/controllers/profiles/personal_access_tokens_controller_spec.rb
@@ -39,8 +39,10 @@ describe Profiles::PersonalAccessTokensController do
     let!(:active_personal_access_token) { create(:personal_access_token, user: user) }
     let!(:inactive_personal_access_token) { create(:personal_access_token, :revoked, user: user) }
     let!(:impersonation_personal_access_token) { create(:personal_access_token, :impersonation, user: user) }
+    let(:token_value) { 's3cr3t' }
 
     before do
+      PersonalAccessToken.redis_store!(user.id, token_value)
       get :index
     end
 
@@ -56,5 +58,9 @@ describe Profiles::PersonalAccessTokensController do
       expect(assigns(:active_personal_access_tokens)).not_to include(impersonation_personal_access_token)
       expect(assigns(:inactive_personal_access_tokens)).not_to include(impersonation_personal_access_token)
     end
+
+    it "retrieves newly created personal access token value" do
+      expect(assigns(:new_personal_access_token)).to eql(token_value)
+    end
   end
 end
diff --git a/spec/features/admin/admin_users_impersonation_tokens_spec.rb b/spec/features/admin/admin_users_impersonation_tokens_spec.rb
index e16eae219a4..c7860bebb06 100644
--- a/spec/features/admin/admin_users_impersonation_tokens_spec.rb
+++ b/spec/features/admin/admin_users_impersonation_tokens_spec.rb
@@ -12,6 +12,10 @@ describe 'Admin > Users > Impersonation Tokens', :js do
     find(".settings-message")
   end
 
+  def created_impersonation_token
+    find("#created-personal-access-token").value
+  end
+
   before do
     sign_in(admin)
   end
@@ -39,6 +43,7 @@ describe 'Admin > Users > Impersonation Tokens', :js do
       expect(active_impersonation_tokens).to have_text('api')
       expect(active_impersonation_tokens).to have_text('read_user')
       expect(PersonalAccessTokensFinder.new(impersonation: true).execute.count).to equal(1)
+      expect(created_impersonation_token).not_to be_empty
     end
   end
 
diff --git a/spec/features/profiles/personal_access_tokens_spec.rb b/spec/features/profiles/personal_access_tokens_spec.rb
index 8461cd0027c..dee213a11d4 100644
--- a/spec/features/profiles/personal_access_tokens_spec.rb
+++ b/spec/features/profiles/personal_access_tokens_spec.rb
@@ -43,10 +43,12 @@ describe 'Profile > Personal Access Tokens', :js do
       check "read_user"
 
       click_on "Create personal access token"
+
       expect(active_personal_access_tokens).to have_text(name)
       expect(active_personal_access_tokens).to have_text('In')
       expect(active_personal_access_tokens).to have_text('api')
       expect(active_personal_access_tokens).to have_text('read_user')
+      expect(created_personal_access_token).not_to be_empty
     end
 
     context "when creation fails" do
@@ -57,6 +59,7 @@ describe 'Profile > Personal Access Tokens', :js do
 
         expect { click_on "Create personal access token" }.not_to change { PersonalAccessToken.count }
         expect(page).to have_content("Name cannot be nil")
+        expect(page).not_to have_selector("#created-personal-access-token")
       end
     end
   end
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index e6d01c9689f..bb913ae0e79 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -2018,11 +2018,11 @@ describe API::Users do
       expect(json_response['message']).to eq('403 Forbidden')
     end
 
-    it 'returns a personal access token' do
+    it 'returns an impersonation token' do
       get api("/users/#{user.id}/impersonation_tokens/#{impersonation_token.id}", admin)
 
       expect(response).to have_gitlab_http_status(200)
-      expect(json_response['token']).to be_present
+      expect(json_response['token']).not_to be_present
       expect(json_response['impersonation']).to be_truthy
     end
   end
author	Imre Farkas <ifarkas@gitlab.com>	2018-11-08 16:03:56 +0100
committer	Imre Farkas <ifarkas@gitlab.com>	2018-11-12 12:16:25 +0100
commit	f3cd24a9f3f581488d621475e55e3a81bbd9e67c (patch)
tree	66266d4ae8b2864a2e8423f7e8022483c357ccb9 /spec
parent	369631c84195f6b8b26624d5647ae994e64b77e8 (diff)
download	gitlab-ce-f3cd24a9f3f581488d621475e55e3a81bbd9e67c.tar.gz