[ENG-2224] Access Token Edit Scopes

[chth0n1x]

• Ticket: https://openscience.atlassian.net/browse/ENG-2224
• GitHub branch: access-token-edit-scopes

Purpose

The purpose of these changes is to have the edit token page and its scopes properly displayed following new access token creation.

Summary of Changes

• The access token value is now cleared when the 'Edit scopes' button is pressed following token creation

Screenshot(s)

Figure 1: Initial access token scope selection

Figure 2: Display of a new access token if the token value is present

Figure 3: Scopes properly display when clicking the 'Edit scopes' button

Figure 4: Saving the changes results in the token's scopes being updated

Figure 5: Clicking on the access token within the list view properly displays updated scopes

Figure 6: Deletion of token following clicking the 'Edit token' button

Side Effects

There should be no side effects.

QA Notes

• Upon clicking the 'Edit scopes' button following new access token creation, do the previously-selected scopes properly display?
• Can you add/remove scopes?
• Can you save the token?
• Can you view the token when clicking on its link in the list view?

[coveralls]

Pull Request Test Coverage Report for Build 6584020659

• 0 of 2 (0.0%) changed or added relevant lines in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.005%) to 71.162%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
app/settings/tokens/-components/edit-form/component.ts	0	2	0.0%

Totals
Change from base Build 6552310919:	-0.005%
Covered Lines:	5941
Relevant Lines:	8133

---

💛 - Coveralls

[adlius]

Checked this out locally. When I try to delete the token after hitting Edit scopes the modal freezes and it toasts an error even though the deletion succeeds.
Apart from the buggy behavior when deleting, this fix introduces a security problem. The personal access token should only be viewable once. Setting the tokenValue on the token model to undefined will bring back the edit form for sure, but the model's tokenValue can easily be found by calling rollbackAttributes on the model, therefore revealing the tokenValue again. That is why we need to invoke clearTokenValue() when we go back to edit the scopes to unload the token model from store and reload from the BE.

[chth0n1x]

Checked this out locally. When I try to delete the token after hitting Edit scopes the modal freezes and it toasts an error even though the deletion succeeds. Apart from the buggy behavior when deleting, this fix introduces a security problem. The personal access token should only be viewable once. Setting the tokenValue on the token model to undefined will bring back the edit form for sure, but the model's tokenValue can easily be found by calling rollbackAttributes on the model, therefore revealing the tokenValue again. That is why we need to invoke clearTokenValue() when we go back to edit the scopes to unload the token model from store and reload from the BE.

Hi @adlius the changes for the token value are now persisted with save(). The buggy behavior with the delete button has been mitigated but from local testing may still not be fully awaiting. An await has been added to the delete's save which seemed to improve the delete's functionality.

[futa-ikeda]

One last minor thing, otherwise, looks good!

[futa-ikeda]

Sorry I'm catching this after an initial approval! It looks like the deleteToken action in the edit-form component should do this.token.deleteRecord(); followed by an await this.token.save();, instead of the await this.token!.destroyRecord(); that's in there right now. Not 100% sure why the delete and save works but the destroy does not, but it was correct in being there 🙇

[chth0n1x]

Sorry I'm catching this after an initial approval! It looks like the deleteToken action in the edit-form component should do this.token.deleteRecord(); followed by an await this.token.save();, instead of the await this.token!.destroyRecord(); that's in there right now. Not 100% sure why the delete and save works but the destroy does not, but it was correct in being there 🙇

Thank you and understood. They have been re-added. If you would also like to see validation for the token in an if statement, just let me know. Currently, it is using the ! syntax for the token that was previously in place.