-
Notifications
You must be signed in to change notification settings - Fork 10.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NEW] Personal access tokens for users to create API tokens #11638
Conversation
…ation) to use with REST API.
throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken'}); | ||
} | ||
if (!RocketChat.settings.get('API_Enable_Personal_Access_Tokens')) { | ||
throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken'}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the error description here could say Personal Access Tokens are currently disabled
. what do do you think?
this.ready = new ReactiveVar(true); | ||
|
||
this.autorun(() => { | ||
const subscription = this.subscribe('personalAccessTokens'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the subcribe
command should be done outside the autorun
block.
meteor is smart on this case because it knows you're not subscribing to a different thing, but still having it outside the autorun
is a better pattern
}); | ||
|
||
Template.personalAccessTokens.onCreated(function() { | ||
this.tokens = new ReactiveVar(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you don't need this reactive var. instead you should be using the collection on the helpers
</tr> | ||
</thead> | ||
<tbody> | ||
{{#unless hasTokens}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can replace this #unless
block by a {{else}}
block on {{#each}}
command, like this:
{{#each tokens}}
... show tokens ...
{{else}}
... no tokens
{{/each}}
"API_Personal_Access_Tokens_To_REST_API": "Personal access tokens to REST API", | ||
"API_Personal_Access_Tokens_Remove_Modal": "Are you sure you wish to remove this personal access token?", | ||
"API_Personal_Access_Token_Generated": "Personal Access Token successfully generated", | ||
"API_Personal_Access_Token_Generated_Text_Token_s_UserId_s": "Please save your token carefully as you will no longer be able to view it afterwards. <br/>Token: <strong>%s</strong><br/>Your user Id: <strong>%s</strong>", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please use named variables instead of %s
, in this case, something like (look at __token__
and __user_id__
):
"API_Personal_Access_Token_Generated_Text_Token_s_UserId_s": "Please save your token carefully as you will no longer be able to view it afterwards. <br/>Token: <strong>__token__</strong><br/>Your user Id: <strong>__user_id__</strong>",
@@ -45,6 +45,7 @@ <h1>{{_ "Backup_codes"}}</h1> | |||
{{/if}} | |||
{{/if}} | |||
</form> | |||
{{> personalAccessTokens }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of adding this at Security
page, I think it should have its own sub-menu.
this would also allow not writing it as a package, but as a meteor module
…ndividual section on sidebar
Closes #7289