Adds Personal Access Tokens for API access (fixes #541) #1075
Conversation
The tests mock the mogoose User model and the express Response model which isn't good. We should find a solution that makes use of the actual model object.
andrewn
changed the title
This ensures it's not accidentally exposed to the client when returning the key metadata
andrewn
changed the title
| } | ||
|
|
||
| tbody tr:nth-child(odd) { | ||
| background-color: #f2f2f2; |
There was a problem hiding this comment.
could this use a color in the theme map rather than a raw color value?
There was a problem hiding this comment.
The account page doesn't respect the theme, but it probably should?
There was a problem hiding this comment.
Ok, I've started work on this in #1080.
|
Some other stuff I noticed:
|
|
but i ran through your test plan and it's working for me! |
I know, I'm not very happy with the layout of the page. There's a design for it in #392 but I'm not convinced that it improves things much as none of the fields look editable. The tabs here don't really work in the full-width page, but we could adopt a side-navigation like GitHub does?
|
This is until this page's components are made theme-aware
There's duplication in the user and session endpoints that all return the same shaped user model data. The new helper should keep them consistent when new properties need to be exposed.
|
@catarak, I made those fixes so this is ready for a re-review.
I fixed this in 5777be3 by ensuring the API consistently returns
Added some padding around the button. |
|
I was just thinking about merging this to master and then this being available in production—maybe it makes sense to merge it to another branch until this is built out more? Maybe it could be visible by a secret url or something? It's hard since this project doesn't have a staging deployment, though it could! |
|
one option for the design, that would keep the tabs at the top, would be to wrap the settings container in a box (e.g. like the login design here) so that the tab strip wouldn't be floating. |
That's a very good point. I've created a new branch I'll create a new PR for merging It'd be great to have a deployment of this branch for testing. How much effort is that do you think? Alternatively, we could deploy to production and hide behind feature flags. |
I think, with the power of CI/CD and Kubernetes, it's not too hard. What I'd need to do:
I might wait to start on this until we merge in your |
|
Now that #1081 is merged, this is ready too. 👍 |
great, i can work on setting up the staging deployment this week! |
|
Whatever happened to the API access features? Is there any plan to implement them? |
|
@trych the API has been implemented but it hasn't been released yet, but there are plans for this soon. Stay tuned :) |
|
One more question regarding the API: Is this something that could/would be solved by the API? As in: I would be able to access the sketch height via the API? Or are there even any other solutions for that, that I am missing? (I could also open a separate issue for that, if that helps) |
|
@trych great question! I think this is a separate issue, so I'm going to open one and answer your question there 😄 |
Implements Personal Access Tokens for API access. This builds on top of the excellent work in #731 to allow access tokens to be created by users and used to authenticate instead of a password.
I plan on making the following changes from #731:
I have verified that this pull request:
npm run lint)Fixes #123UI
I've added tabs to the Account screen. The Access Tokens tab allow tokens to be created and deleted.
Automated testing
I've written tests for the controller endpoints but created Mongoose model mocks by hand. This isn't ideal so I'd like to re-visit these in a future PR once we've figured out a good way forward for testing.
Manual test plan
curlto access the test endpoint:curl -X GET --user <username>:<access-token> -i localhost:8000/api/auth/access-checkIf successful, the user's session data should be returned and Last used time in UI should update.