MokoConsulting/MokoGitea-Fork
1
0
Fork 0
Code Issues 157 Pull Requests 1 Releases 96 Wiki Activity

feat: add ability to edit API token scopes #699

Merged
jmiller merged 2 commits from feature/edit-token-scopes into main 2026-06-25 15:00:25 +00:00
Conversation 0 Commits 2 Files Changed 8
+250 -1
jmiller commented 2026-06-25 14:52:47 +00:00
Owner
Copy Link
Copy Source

Summary

  • Add PATCH /users/{username}/tokens/{id} API endpoint to edit token name and scopes
  • Add edit button + modal in web UI (User Settings > Applications)
  • Modal pre-populates with current token scopes for easy modification
  • Model layer UpdateAccessToken() already existed — this exposes it through API and UI

Closes #697 (partially — licensing scope was PR #698, this adds editability)

Changes

  • modules/structs/user_app.go: New EditAccessTokenOption struct
  • routers/api/v1/user/app.go: New UpdateAccessToken() handler with swagger docs
  • routers/api/v1/api.go: PATCH route on /tokens/{id}
  • routers/web/user/setting/applications.go: New EditApplication() handler
  • routers/web/web.go: POST /edit route
  • templates/user/settings/applications.tmpl: Edit button + scope modal with JS
  • options/locale/locale_en-US.json: New locale strings

Test plan

  • API: PATCH token with new scopes returns 200 with updated scopes
  • API: PATCH token with invalid scope returns 400
  • API: PATCH token with empty scopes returns 400
  • API: PATCH nonexistent token returns 404
  • API: PATCH another user's token returns 404 (ownership check)
  • Web UI: Edit button appears next to each token
  • Web UI: Modal opens with current scopes pre-selected
  • Web UI: Saving updates scopes and shows success flash
  • Existing all scoped tokens are unaffected
## Summary - Add PATCH `/users/{username}/tokens/{id}` API endpoint to edit token name and scopes - Add edit button + modal in web UI (User Settings > Applications) - Modal pre-populates with current token scopes for easy modification - Model layer `UpdateAccessToken()` already existed — this exposes it through API and UI Closes #697 (partially — licensing scope was PR #698, this adds editability) ## Changes - `modules/structs/user_app.go`: New `EditAccessTokenOption` struct - `routers/api/v1/user/app.go`: New `UpdateAccessToken()` handler with swagger docs - `routers/api/v1/api.go`: PATCH route on `/tokens/{id}` - `routers/web/user/setting/applications.go`: New `EditApplication()` handler - `routers/web/web.go`: POST `/edit` route - `templates/user/settings/applications.tmpl`: Edit button + scope modal with JS - `options/locale/locale_en-US.json`: New locale strings ## Test plan - [ ] API: PATCH token with new scopes returns 200 with updated scopes - [ ] API: PATCH token with invalid scope returns 400 - [ ] API: PATCH token with empty scopes returns 400 - [ ] API: PATCH nonexistent token returns 404 - [ ] API: PATCH another user's token returns 404 (ownership check) - [ ] Web UI: Edit button appears next to each token - [ ] Web UI: Modal opens with current scopes pre-selected - [ ] Web UI: Saving updates scopes and shows success flash - [ ] Existing `all` scoped tokens are unaffected
jmiller added 2 commits 2026-06-25 14:59:00 +00:00
feat: add ability to edit API token scopes (#697) d2d7c0a762 
Add PATCH /users/{username}/tokens/{id} API endpoint and web UI edit
button so token scopes can be modified after creation without having
to delete and recreate the token.
fix: reject empty token update requests with 400
Universal: PR Check / Branch Policy (pull_request) Failing after 3s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Generic: Repo Health / Access control (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 11s
Details
Universal: Auto Version Bump / Version Bump (push) Successful in 17s
Details
PR RC Release / Build RC Release (pull_request) Failing after 1m5s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 1m7s
Details
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Details
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Details
Universal: Build & Release / Promote to RC (pull_request) Has been skipped
Details
Universal: Build & Release / Build & Release Pipeline (pull_request) Failing after 57s
Details
Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 3m52s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
f7c2b205c5
jmiller force-pushed feature/edit-token-scopes from 9a418d40f5 to f7c2b205c5 2026-06-25 14:59:00 +00:00 Compare
jmiller merged commit 2708388542 into main 2026-06-25 15:00:25 +00:00
jmiller deleted branch feature/edit-token-scopes 2026-06-25 15:00:26 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
breaking-change
Breaking API or behavior change
 ci-cd
CI/CD pipeline changes
 config
Configuration changes
 dependencies
Dependency updates
 deploy-failure
Deployment failed
 docker
Docker/container changes
 documentation
Documentation changes
 feature: wiki
Wiki system enhancements
 good first issue
Good for newcomers
 health-check
Repo health check result
 help wanted
Extra attention needed
 mokostandards
Related to MokoStandards framework
 push-failure
Git push operation failed
 security
Security vulnerability or hardening
 size/l
200-500 lines changed
 size/m
50-200 lines changed
 size/s
10-50 lines changed
 size/xl
500+ lines changed
 size/xs
< 10 lines changed
 standards-drift
Deviates from MokoStandards
 standards-update
MokoStandards compliance update
 sync-failure
Sync or mirror failed
 tech-debt
Technical debt and TODO/FIXME items
 upstream
upstream
Inherited from upstream Gitea
 work-in-progress
Draft or incomplete work
No labels
Priority -
Type -
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-Fork#699
Delete Branch "feature/edit-token-scopes"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?