View-related (and other minor) changes to !5951 based on @rymai's review.

- The `scopes_form` partial can be used in the `admin/applications` view as well - Don't allow partials to access instance variables directly. Instead, pass in the instance variables as local variables, and use `local_assigns.fetch` to assert that the variables are passed in as expected. - Change a few instances of `render :partial` to `render` - Remove an instance of `required: false` in a view, since this is the default - Inline many instances of a local variable (`ip = 'ip'`) in `auth_spec`

View-related (and other minor) changes to !5951 based on @rymai's review.
f706a973 · Timothy Andrew · f14d423d · f706a973 · f706a973 · f706a973
Commit f706a973 authored Dec 05, 2016 by Timothy Andrew
9 changed files
--- a/app/views/admin/applications/_form.html.haml
+++ b/app/views/admin/applications/_form.html.haml
@@ -22,11 +22,7 @@
  .form-group
    = f.label :scopes, class: 'col-sm-2 control-label'
    .col-sm-10
-      - @scopes.each do |scope|
-        %fieldset
-          = check_box_tag 'doorkeeper_application[scopes][]', scope, application.scopes.include?(scope), id: "doorkeeper_application_scopes_#{scope}"
-          = label_tag "doorkeeper_application_scopes_#{scope}", scope
-          %span= "(#{t(scope, scope: [:doorkeeper, :scopes])})"
+      = render 'shared/tokens/scopes_form', prefix: 'doorkeeper_application', token: application, scopes: @scopes

  .form-actions
    = f.submit 'Submit', class: "btn btn-save wide"

--- a/app/views/admin/applications/show.html.haml
+++ b/app/views/admin/applications/show.html.haml
@@ -23,7 +23,7 @@
          %div
            %span.monospace= uri

-    = render partial: "shared/tokens/scopes_list"
+    = render "shared/tokens/scopes_list", token: @application

 .form-actions
  = link_to 'Edit', edit_admin_application_path(@application), class: 'btn btn-primary wide pull-left'

--- a/app/views/doorkeeper/applications/_form.html.haml
+++ b/app/views/doorkeeper/applications/_form.html.haml
@@ -19,7 +19,7 @@

  .form-group
    = f.label :scopes, class: 'label-light'
-    = render partial: 'shared/tokens/scopes_form', locals: { prefix: 'doorkeeper_application', token: application }
+    = render 'shared/tokens/scopes_form', prefix: 'doorkeeper_application', token: application, scopes: @scopes

  .prepend-top-default
    = f.submit 'Save application', class: "btn btn-create"
--- a/app/views/doorkeeper/applications/show.html.haml
+++ b/app/views/doorkeeper/applications/show.html.haml
@@ -23,7 +23,7 @@
          %div
            %span.monospace= uri

-    = render partial: "shared/tokens/scopes_list"
+    = render "shared/tokens/scopes_list", token: @application

 .form-actions
  = link_to 'Edit', edit_oauth_application_path(@application), class: 'btn btn-primary wide pull-left'

--- a/app/views/profiles/personal_access_tokens/_form.html.haml
+++ b/app/views/profiles/personal_access_tokens/_form.html.haml
-= form_for [:profile, @personal_access_token], method: :post, html: { class: 'js-requires-input' } do |f|
+- personal_access_token = local_assigns.fetch(:personal_access_token)
+- scopes = local_assigns.fetch(:scopes)

-  = form_errors(@personal_access_token)
+= form_for [:profile, personal_access_token], method: :post, html: { class: 'js-requires-input' } do |f|
+
+  = form_errors(personal_access_token)

  .form-group
    = f.label :name, class: 'label-light'
@@ -8,11 +11,11 @@

  .form-group
    = f.label :expires_at, class: 'label-light'
-    = f.text_field :expires_at, class: "datepicker form-control", required: false
+    = f.text_field :expires_at, class: "datepicker form-control"

  .form-group
    = f.label :scopes, class: 'label-light'
-    = render partial: 'shared/tokens/scopes_form', locals: { prefix: 'personal_access_token', token: @personal_access_token }
+    = render 'shared/tokens/scopes_form', prefix: 'personal_access_token', token: personal_access_token, scopes: scopes

  .prepend-top-default
    = f.submit 'Create Personal Access Token', class: "btn btn-create"
--- a/app/views/profiles/personal_access_tokens/index.html.haml
+++ b/app/views/profiles/personal_access_tokens/index.html.haml
@@ -29,7 +29,7 @@
    %p.profile-settings-content
      Pick a name for the application, and we'll give you a unique token.

-    = render "form"
+    = render "form", personal_access_token: @personal_access_token, scopes: @scopes

    %hr


--- a/app/views/shared/tokens/_scopes_form.html.haml
+++ b/app/views/shared/tokens/_scopes_form.html.haml
- @scopes.each do |scope|
+- scopes = local_assigns.fetch(:scopes)
+- prefix = local_assigns.fetch(:prefix)
+- token = local_assigns.fetch(:token)
+
+- scopes.each do |scope|
  %fieldset
    = check_box_tag "#{prefix}[scopes][]", scope, token.scopes.include?(scope), id: "#{prefix}_scopes_#{scope}"
    = label_tag "#{prefix}_scopes_#{scope}", scope

--- a/app/views/shared/tokens/_scopes_list.html.haml
+++ b/app/views/shared/tokens/_scopes_list.html.haml
- if @application.scopes.present?
-  %tr
-    %td
-      Scopes
-    %td
-      %ul.scopes-list.append-bottom-0
-        - @application.scopes.each do |scope|
-          %li
-            %span.scope-name= scope
-            = "(#{t(scope, scope: [:doorkeeper, :scopes])})"
+- token = local_assigns.fetch(:token)
+
+- return unless token.scopes.present?
+
+%tr
+  %td
+    Scopes
+  %td
+    %ul.scopes-list.append-bottom-0
+      - token.scopes.each do |scope|
+        %li
+          %span.scope-name= scope
+          = "(#{t(scope, scope: [:doorkeeper, :scopes])})"
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -47,36 +47,31 @@ describe Gitlab::Auth, lib: true do
      project.create_drone_ci_service(active: true)
      project.drone_ci_service.update(token: 'token')

-      ip = 'ip'
-
-      expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'drone-ci-token')
-      expect(gl_auth.find_for_git_client('drone-ci-token', 'token', project: project, ip: ip)).to eq(Gitlab::Auth::Result.new(nil, project, :ci, build_authentication_abilities))
+      expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: 'drone-ci-token')
+      expect(gl_auth.find_for_git_client('drone-ci-token', 'token', project: project, ip: 'ip')).to eq(Gitlab::Auth::Result.new(nil, project, :ci, build_authentication_abilities))
    end

    it 'recognizes master passwords' do
      user = create(:user, password: 'password')
-      ip = 'ip'

-      expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
-      expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
+      expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: user.username)
+      expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities))
    end

    it 'recognizes user lfs tokens' do
      user = create(:user)
-      ip = 'ip'
      token = Gitlab::LfsToken.new(user).token

-      expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
-      expect(gl_auth.find_for_git_client(user.username, token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :lfs_token, full_authentication_abilities))
+      expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: user.username)
+      expect(gl_auth.find_for_git_client(user.username, token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :lfs_token, full_authentication_abilities))
    end

    it 'recognizes deploy key lfs tokens' do
      key = create(:deploy_key)
-      ip = 'ip'
      token = Gitlab::LfsToken.new(key).token

-      expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs+deploy-key-#{key.id}")
-      expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, nil, :lfs_deploy_token, read_authentication_abilities))
+      expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: "lfs+deploy-key-#{key.id}")
+      expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(key, nil, :lfs_deploy_token, read_authentication_abilities))
    end

    context "while using OAuth tokens as passwords" do
@@ -84,20 +79,18 @@ describe Gitlab::Auth, lib: true do
        user = create(:user)
        application = Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user)
        token = Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: "api")
-        ip = 'ip'

-        expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: 'oauth2')
-        expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities))
+        expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: 'oauth2')
+        expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities))
      end

      it 'fails for OAuth tokens with other scopes' do
        user = create(:user)
        application = Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user)
        token = Doorkeeper::AccessToken.create!(application_id: application.id, resource_owner_id: user.id, scopes: "read_user")
-        ip = 'ip'

-        expect(gl_auth).to receive(:rate_limit!).with(ip, success: false, login: 'oauth2')
-        expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(nil, nil))
+        expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: 'oauth2')
+        expect(gl_auth.find_for_git_client("oauth2", token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(nil, nil))
      end
    end

@@ -105,28 +98,25 @@ describe Gitlab::Auth, lib: true do
      it 'succeeds for personal access tokens with the `api` scope' do
        user = create(:user)
        personal_access_token = create(:personal_access_token, user: user, scopes: ['api'])
-        ip = 'ip'

-        expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.email)
-        expect(gl_auth.find_for_git_client(user.email, personal_access_token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, nil, :personal_token, full_authentication_abilities))
+        expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: user.email)
+        expect(gl_auth.find_for_git_client(user.email, personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :personal_token, full_authentication_abilities))
      end

      it 'fails for personal access tokens with other scopes' do
        user = create(:user)
        personal_access_token = create(:personal_access_token, user: user, scopes: ['read_user'])
-        ip = 'ip'

-        expect(gl_auth).to receive(:rate_limit!).with(ip, success: false, login: user.email)
-        expect(gl_auth.find_for_git_client(user.email, personal_access_token.token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(nil, nil))
+        expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: user.email)
+        expect(gl_auth.find_for_git_client(user.email, personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(nil, nil))
      end
    end

    it 'returns double nil for invalid credentials' do
      login = 'foo'
-      ip = 'ip'

-      expect(gl_auth).to receive(:rate_limit!).with(ip, success: false, login: login)
-      expect(gl_auth.find_for_git_client(login, 'bar', project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new)
+      expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: login)
+      expect(gl_auth.find_for_git_client(login, 'bar', project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new)
    end
  end