Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
GitLab Bot
parent
8b769ec85e
commit
628f2eef70
|
|
@ -63,12 +63,7 @@ class PersonalAccessToken < ApplicationRecord
|
|||
# existing PATs and we can add a validation
|
||||
# https://gitlab.com/gitlab-org/gitlab/-/issues/369123
|
||||
def expires_at=(value)
|
||||
datetime = if Feature.enabled?(:default_pat_expiration)
|
||||
value.presence || MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
|
||||
else
|
||||
value
|
||||
end
|
||||
|
||||
datetime = value.presence || MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
|
||||
super(datetime)
|
||||
end
|
||||
|
||||
|
|
@ -125,7 +120,6 @@ class PersonalAccessToken < ApplicationRecord
|
|||
end
|
||||
|
||||
def expires_at_before_instance_max_expiry_date
|
||||
return unless Feature.enabled?(:default_pat_expiration)
|
||||
return unless expires_at
|
||||
|
||||
if expires_at > MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
|
||||
|
|
|
|||
|
|
@ -104,11 +104,7 @@ module ResourceAccessTokens
|
|||
end
|
||||
|
||||
def default_pat_expiration
|
||||
if Feature.enabled?(:default_pat_expiration)
|
||||
params[:expires_at].presence || PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
|
||||
else
|
||||
params[:expires_at]
|
||||
end
|
||||
params[:expires_at].presence || PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
|
||||
end
|
||||
|
||||
def log_event(token)
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
name: default_pat_expiration
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/120213
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/410440
|
||||
milestone: '16.0'
|
||||
type: development
|
||||
group: group::authentication and authorization
|
||||
default_enabled: true
|
||||
|
|
@ -1883,6 +1883,12 @@ msgstr ""
|
|||
msgid "AI| %{link_start}What are Experiment features?%{link_end}"
|
||||
msgstr ""
|
||||
|
||||
msgid "AI|AI generated explanations will appear here."
|
||||
msgstr ""
|
||||
|
||||
msgid "AI|Ask a question"
|
||||
msgstr ""
|
||||
|
||||
msgid "AI|Autocomplete"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
|||
|
|
@ -271,34 +271,20 @@ RSpec.describe PersonalAccessToken, feature_category: :system_access do
|
|||
context 'validates expires_at' do
|
||||
let(:max_expiration_date) { described_class::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now }
|
||||
|
||||
context 'when default_pat_expiration feature flag is true' do
|
||||
context 'when expires_in is less than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do
|
||||
it 'is valid' do
|
||||
personal_access_token.expires_at = max_expiration_date - 1.day
|
||||
context 'when expires_in is less than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do
|
||||
it 'is valid' do
|
||||
personal_access_token.expires_at = max_expiration_date - 1.day
|
||||
|
||||
expect(personal_access_token).to be_valid
|
||||
end
|
||||
end
|
||||
|
||||
context 'when expires_in is more than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do
|
||||
it 'is invalid' do
|
||||
personal_access_token.expires_at = max_expiration_date + 1.day
|
||||
|
||||
expect(personal_access_token).not_to be_valid
|
||||
expect(personal_access_token.errors[:expires_at].first).to eq('must expire in 365 days')
|
||||
end
|
||||
expect(personal_access_token).to be_valid
|
||||
end
|
||||
end
|
||||
|
||||
context 'when default_pat_expiration feature flag is false' do
|
||||
before do
|
||||
stub_feature_flags(default_pat_expiration: false)
|
||||
end
|
||||
|
||||
it 'allows any expires_at value' do
|
||||
context 'when expires_in is more than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do
|
||||
it 'is invalid' do
|
||||
personal_access_token.expires_at = max_expiration_date + 1.day
|
||||
|
||||
expect(personal_access_token).to be_valid
|
||||
expect(personal_access_token).not_to be_valid
|
||||
expect(personal_access_token.errors[:expires_at].first).to eq('must expire in 365 days')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -466,32 +452,18 @@ RSpec.describe PersonalAccessToken, feature_category: :system_access do
|
|||
describe '#expires_at=' do
|
||||
let(:personal_access_token) { described_class.new }
|
||||
|
||||
context 'when default_pat_expiration feature flag is true' do
|
||||
context 'expires_at set to empty value' do
|
||||
[nil, ""].each do |expires_in_value|
|
||||
it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do
|
||||
personal_access_token.expires_at = expires_in_value
|
||||
context 'expires_at set to empty value' do
|
||||
[nil, ""].each do |expires_in_value|
|
||||
it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do
|
||||
personal_access_token.expires_at = expires_in_value
|
||||
|
||||
freeze_time do
|
||||
expect(personal_access_token.expires_at).to eq(
|
||||
PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now.to_date
|
||||
)
|
||||
end
|
||||
freeze_time do
|
||||
expect(personal_access_token.expires_at).to eq(
|
||||
PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now.to_date
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when default_pat_expiration feature flag is false' do
|
||||
before do
|
||||
stub_feature_flags(default_pat_expiration: false)
|
||||
end
|
||||
|
||||
it 'does not set a default' do
|
||||
personal_access_token.expires_at = nil
|
||||
|
||||
expect(personal_access_token.expires_at).to eq(nil)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -217,47 +217,22 @@ RSpec.describe API::Internal::Base, feature_category: :system_access do
|
|||
end
|
||||
end
|
||||
|
||||
context 'when default_pat_expiration feature flag is true' do
|
||||
it 'returns token with expiry as PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do
|
||||
freeze_time do
|
||||
token_size = (PersonalAccessToken.token_prefix || '').size + 20
|
||||
|
||||
post api('/internal/personal_access_token'),
|
||||
params: {
|
||||
key_id: key.id,
|
||||
name: 'newtoken',
|
||||
scopes: %w(read_api read_repository)
|
||||
},
|
||||
headers: gitlab_shell_internal_api_request_header
|
||||
|
||||
expect(json_response['success']).to be_truthy
|
||||
expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
|
||||
expect(json_response['scopes']).to match_array(%w(read_api read_repository))
|
||||
expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when default_pat_expiration feature flag is false' do
|
||||
before do
|
||||
stub_feature_flags(default_pat_expiration: false)
|
||||
end
|
||||
|
||||
it 'uses nil expiration value' do
|
||||
it 'returns token with expiry as PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do
|
||||
freeze_time do
|
||||
token_size = (PersonalAccessToken.token_prefix || '').size + 20
|
||||
|
||||
post api('/internal/personal_access_token'),
|
||||
params: {
|
||||
key_id: key.id,
|
||||
name: 'newtoken',
|
||||
scopes: %w(read_api read_repository)
|
||||
},
|
||||
headers: gitlab_shell_internal_api_request_header
|
||||
params: {
|
||||
key_id: key.id,
|
||||
name: 'newtoken',
|
||||
scopes: %w(read_api read_repository)
|
||||
},
|
||||
headers: gitlab_shell_internal_api_request_header
|
||||
|
||||
expect(json_response['success']).to be_truthy
|
||||
expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
|
||||
expect(json_response['scopes']).to match_array(%w(read_api read_repository))
|
||||
expect(json_response['expires_at']).to be_nil
|
||||
expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -336,32 +336,15 @@ RSpec.describe API::ResourceAccessTokens, feature_category: :system_access do
|
|||
context "when 'expires_at' is not set" do
|
||||
let(:expires_at) { nil }
|
||||
|
||||
context 'when default_pat_expiration feature flag is true' do
|
||||
it "creates a #{source_type} access token with the default expires_at value", :aggregate_failures do
|
||||
freeze_time do
|
||||
create_token
|
||||
expires_at = PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
|
||||
|
||||
expect(response).to have_gitlab_http_status(:created)
|
||||
expect(json_response["name"]).to eq("test")
|
||||
expect(json_response["scopes"]).to eq(["api"])
|
||||
expect(json_response["expires_at"]).to eq(expires_at.to_date.iso8601)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when default_pat_expiration feature flag is false' do
|
||||
before do
|
||||
stub_feature_flags(default_pat_expiration: false)
|
||||
end
|
||||
|
||||
it "creates a #{source_type} access token with the params", :aggregate_failures do
|
||||
it "creates a #{source_type} access token with the default expires_at value", :aggregate_failures do
|
||||
freeze_time do
|
||||
create_token
|
||||
expires_at = PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
|
||||
|
||||
expect(response).to have_gitlab_http_status(:created)
|
||||
expect(json_response["name"]).to eq("test")
|
||||
expect(json_response["scopes"]).to eq(["api"])
|
||||
expect(json_response["expires_at"]).to eq(nil)
|
||||
expect(json_response["expires_at"]).to eq(expires_at.to_date.iso8601)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -188,51 +188,26 @@ RSpec.describe ResourceAccessTokens::CreateService, feature_category: :system_ac
|
|||
|
||||
context 'expires_at' do
|
||||
context 'when no expiration value is passed' do
|
||||
context 'when default_pat_expiration feature flag is true' do
|
||||
it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do
|
||||
freeze_time do
|
||||
response = subject
|
||||
access_token = response.payload[:access_token]
|
||||
|
||||
expect(access_token.expires_at).to eq(
|
||||
max_pat_access_token_lifetime.to_date
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'expiry of the project bot member' do
|
||||
it 'project bot membership does not expire' do
|
||||
response = subject
|
||||
access_token = response.payload[:access_token]
|
||||
project_bot = access_token.user
|
||||
|
||||
expect(resource.members.find_by(user_id: project_bot.id).expires_at).to eq(
|
||||
max_pat_access_token_lifetime.to_date
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when default_pat_expiration feature flag is false' do
|
||||
before do
|
||||
stub_feature_flags(default_pat_expiration: false)
|
||||
end
|
||||
|
||||
it 'uses nil expiration value' do
|
||||
it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do
|
||||
freeze_time do
|
||||
response = subject
|
||||
access_token = response.payload[:access_token]
|
||||
|
||||
expect(access_token.expires_at).to eq(nil)
|
||||
expect(access_token.expires_at).to eq(
|
||||
max_pat_access_token_lifetime.to_date
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'expiry of the project bot member' do
|
||||
it 'project bot membership expires' do
|
||||
response = subject
|
||||
access_token = response.payload[:access_token]
|
||||
project_bot = access_token.user
|
||||
context 'expiry of the project bot member' do
|
||||
it 'project bot membership does not expire' do
|
||||
response = subject
|
||||
access_token = response.payload[:access_token]
|
||||
project_bot = access_token.user
|
||||
|
||||
expect(resource.members.find_by(user_id: project_bot.id).expires_at).to eq(nil)
|
||||
end
|
||||
expect(resource.members.find_by(user_id: project_bot.id).expires_at).to eq(
|
||||
max_pat_access_token_lifetime.to_date
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue