[NEW] Personal access tokens for users to create API tokens#11638
[NEW] Personal access tokens for users to create API tokens#11638sampaiodiego merged 11 commits intodevelopfrom
Conversation
Add possibility to user generate personal access tokens(without expiration) to use with REST API.
fix tests in personal access tokens endpoints
| throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken'}); | ||
| } | ||
| if (!RocketChat.settings.get('API_Enable_Personal_Access_Tokens')) { | ||
| throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken'}); |
There was a problem hiding this comment.
the error description here could say Personal Access Tokens are currently disabled. what do do you think?
| this.ready = new ReactiveVar(true); | ||
|
|
||
| this.autorun(() => { | ||
| const subscription = this.subscribe('personalAccessTokens'); |
There was a problem hiding this comment.
the subcribe command should be done outside the autorun block.
meteor is smart on this case because it knows you're not subscribing to a different thing, but still having it outside the autorun is a better pattern
| }); | ||
|
|
||
| Template.personalAccessTokens.onCreated(function() { | ||
| this.tokens = new ReactiveVar(); |
There was a problem hiding this comment.
you don't need this reactive var. instead you should be using the collection on the helpers
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| {{#unless hasTokens}} |
There was a problem hiding this comment.
you can replace this #unless block by a {{else}} block on {{#each}} command, like this:
{{#each tokens}}
... show tokens ...
{{else}}
... no tokens
{{/each}}
| "API_Personal_Access_Tokens_To_REST_API": "Personal access tokens to REST API", | ||
| "API_Personal_Access_Tokens_Remove_Modal": "Are you sure you wish to remove this personal access token?", | ||
| "API_Personal_Access_Token_Generated": "Personal Access Token successfully generated", | ||
| "API_Personal_Access_Token_Generated_Text_Token_s_UserId_s": "Please save your token carefully as you will no longer be able to view it afterwards. <br/>Token: <strong>%s</strong><br/>Your user Id: <strong>%s</strong>", |
There was a problem hiding this comment.
please use named variables instead of %s, in this case, something like (look at __token__ and __user_id__):
"API_Personal_Access_Token_Generated_Text_Token_s_UserId_s": "Please save your token carefully as you will no longer be able to view it afterwards. <br/>Token: <strong>__token__</strong><br/>Your user Id: <strong>__user_id__</strong>",
| {{/if}} | ||
| {{/if}} | ||
| </form> | ||
| {{> personalAccessTokens }} |
There was a problem hiding this comment.
instead of adding this at Security page, I think it should have its own sub-menu.
this would also allow not writing it as a package, but as a meteor module
Change personal access tokens from package to module, and create an individual section on sidebar
add more tests cases, mainly when the personal access tokens setting is disabled.
sampaiodiego
changed the title
4 participants
Closes #7289