Merge branch 'add_default_ttl_for_personal_access_tokens' into 'main'

Configure a default ttl for personal access tokens Closes #640 See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/736 Merged-by: Igor Drozdov <idrozdov@gitlab.com> Approved-by: James Fargher <proglottis@gmail.com> Approved-by: Igor Drozdov <idrozdov@gitlab.com> Co-authored-by: Joe Woodward <jwoodward@gitlab.com>
author: Igor Drozdov <idrozdov@gitlab.com> 2023-05-12 09:01:58 +0000
committer: Igor Drozdov <idrozdov@gitlab.com> 2023-05-12 09:01:58 +0000
commit: c72ca61ef7402e335d5bea58c0a518af6f4cad92 (patch)
tree: 515ca7aece89bcc4c7648f05590b511a6352ca73
parent: b961dc8ec5cbc6a486ec80b07d40743f67d3a92b (diff)
parent: 51b79bdb4ae60b1850989cca8eb4190d785408b0 (diff)
download: gitlab-shell-c72ca61ef7402e335d5bea58c0a518af6f4cad92.tar.gz
4 files changed, 11 insertions, 13 deletions
diff --git a/cmd/gitlab-sshd/acceptance_test.go b/cmd/gitlab-sshd/acceptance_test.go
index acd6991..1d366ff 100644
--- a/cmd/gitlab-sshd/acceptance_test.go
+++ b/cmd/gitlab-sshd/acceptance_test.go
@@ -357,7 +357,7 @@ func TestPersonalAccessTokenSuccess(t *testing.T) {
 	handler := customHandler{
 		url: "/api/v4/internal/personal_access_token",
 		caller: func(w http.ResponseWriter, _ *http.Request) {
-			fmt.Fprint(w, `{"success": true, "token": "testtoken", "scopes": ["api"], "expires_at": ""}`)
+			fmt.Fprint(w, `{"success": true, "token": "testtoken", "scopes": ["api"], "expires_at": "9001-01-01"}`)
 		},
 	}
 	client := runSSHD(t, successAPI(t, handler))
@@ -368,7 +368,7 @@ func TestPersonalAccessTokenSuccess(t *testing.T) {
 
 	output, err := session.Output("personal_access_token test api")
 	require.NoError(t, err)
-	require.Equal(t, "Token:   testtoken\nScopes:  api\nExpires: never\n", string(output))
+	require.Equal(t, "Token:   testtoken\nScopes:  api\nExpires: 9001-01-01\n", string(output))
 }
 
 func TestTwoFactorAuthRecoveryCodesSuccess(t *testing.T) {
diff --git a/internal/command/personalaccesstoken/personalaccesstoken.go b/internal/command/personalaccesstoken/personalaccesstoken.go
index 2d38774..fcf7dda 100644
--- a/internal/command/personalaccesstoken/personalaccesstoken.go
+++ b/internal/command/personalaccesstoken/personalaccesstoken.go
@@ -51,11 +51,7 @@ func (c *Command) Execute(ctx context.Context) error {
 
 	fmt.Fprint(c.ReadWriter.Out, "Token:   "+response.Token+"\n")
 	fmt.Fprint(c.ReadWriter.Out, "Scopes:  "+strings.Join(response.Scopes, ",")+"\n")
-	if response.ExpiresAt == "" {
-		fmt.Fprint(c.ReadWriter.Out, "Expires: never\n")
-	} else {
-		fmt.Fprint(c.ReadWriter.Out, "Expires: "+response.ExpiresAt+"\n")
-	}
+	fmt.Fprint(c.ReadWriter.Out, "Expires: "+response.ExpiresAt+"\n")
 	return nil
 }
 
@@ -69,6 +65,7 @@ func (c *Command) parseTokenArgs() error {
 	}
 
 	if len(c.Args.SshArgs) < 4 {
+		c.TokenArgs.ExpiresDate = time.Now().AddDate(0, 0, 30).Format(expiresDateFormat)
 		return nil
 	}
 	rawTTL := c.Args.SshArgs[3]
diff --git a/internal/command/personalaccesstoken/personalaccesstoken_test.go b/internal/command/personalaccesstoken/personalaccesstoken_test.go
index 492f745..c3434ce 100644
--- a/internal/command/personalaccesstoken/personalaccesstoken_test.go
+++ b/internal/command/personalaccesstoken/personalaccesstoken_test.go
@@ -111,7 +111,7 @@ func TestExecute(t *testing.T) {
 			},
 			expectedOutput: "Token:   YXuxvUgCEmeePY3G1YAa\n" +
 				"Scopes:  read_api,read_repository\n" +
-				"Expires: never\n",
+				"Expires: 9001-11-17\n",
 		},
 		{
 			desc: "With a ttl argument",
diff --git a/spec/gitlab_shell_personal_access_token_spec.rb b/spec/gitlab_shell_personal_access_token_spec.rb
index 64bc34b..ba528a1 100644
--- a/spec/gitlab_shell_personal_access_token_spec.rb
+++ b/spec/gitlab_shell_personal_access_token_spec.rb
@@ -2,6 +2,7 @@ require_relative 'spec_helper'
 
 require 'json'
 require 'open3'
+require 'date'
 
 describe 'bin/gitlab-shell personal_access_token' do
   include_context 'gitlab shell'
@@ -24,7 +25,7 @@ describe 'bin/gitlab-shell personal_access_token' do
           success: true,
           token: 'aAY1G3YPeemECgUvxuXY',
           scopes: params['scopes'],
-          expires_at: (params['expires_at'] && '9001-12-01')
+          expires_at: params['expires_at']
         }.to_json
       end
     end
@@ -78,23 +79,23 @@ describe 'bin/gitlab-shell personal_access_token' do
     context 'without a ttl argument' do
       let(:args) { 'newtoken api' }
 
-      it 'prints a token without an expiration date' do
+      it 'prints a token with a 30 day expiration date' do
         expect(output).to eq(<<~OUTPUT)
           Token:   aAY1G3YPeemECgUvxuXY
           Scopes:  api
-          Expires: never
+          Expires: #{(Date.today + 30).iso8601}
         OUTPUT
       end
     end
 
     context 'with a ttl argument' do
-      let(:args) { 'newtoken read_api,read_user 30' }
+      let(:args) { 'newtoken read_api,read_user 60' }
 
       it 'prints a token with an expiration date' do
         expect(output).to eq(<<~OUTPUT)
           Token:   aAY1G3YPeemECgUvxuXY
           Scopes:  read_api,read_user
-          Expires: 9001-12-01
+          Expires: #{(Date.today + 61).iso8601}
         OUTPUT
       end
     end
author	Igor Drozdov <idrozdov@gitlab.com>	2023-05-12 09:01:58 +0000
committer	Igor Drozdov <idrozdov@gitlab.com>	2023-05-12 09:01:58 +0000
commit	c72ca61ef7402e335d5bea58c0a518af6f4cad92 (patch)
tree	515ca7aece89bcc4c7648f05590b511a6352ca73
parent	b961dc8ec5cbc6a486ec80b07d40743f67d3a92b (diff)
parent	51b79bdb4ae60b1850989cca8eb4190d785408b0 (diff)
download	gitlab-shell-c72ca61ef7402e335d5bea58c0a518af6f4cad92.tar.gz