From 762e8768f22e5120b295c83ddfc23179b2fc66cc Mon Sep 17 00:00:00 2001 From: Eugie Limpin Date: Mon, 15 Dec 2025 11:23:32 +0800 Subject: [PATCH] Return token string value instead of object Change personalAccessTokenCreate mutation to return the actual token string value rather than the token object. This provides the raw token value needed by clients for authentication. --- .../users/personal_access_tokens/create.rb | 4 ++-- doc/api/graphql/reference/_index.md | 2 +- .../users/personal_access_tokens/create_spec.rb | 13 ++++++++----- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/app/graphql/mutations/users/personal_access_tokens/create.rb b/app/graphql/mutations/users/personal_access_tokens/create.rb index d6e05019ea6131..8765c23cf7e431 100644 --- a/app/graphql/mutations/users/personal_access_tokens/create.rb +++ b/app/graphql/mutations/users/personal_access_tokens/create.rb @@ -7,7 +7,7 @@ class Create < BaseMutation graphql_name 'PersonalAccessTokenCreate' description 'Creates a personal access token for the current user.' - field :token, Types::Authz::PersonalAccessTokens::PersonalAccessTokenType, + field :token, GraphQL::Types::String, null: true, description: 'Created personal access token.' @@ -52,7 +52,7 @@ def resolve(**args) return { errors: Array(response.message) } if response.error? - { token: token, errors: [] } + { token: token.token, errors: [] } end private diff --git a/doc/api/graphql/reference/_index.md b/doc/api/graphql/reference/_index.md index 5f83dcda500369..5fc38d10cc3193 100644 --- a/doc/api/graphql/reference/_index.md +++ b/doc/api/graphql/reference/_index.md @@ -10342,7 +10342,7 @@ Input type: `PersonalAccessTokenCreateInput` | ---- | ---- | ----------- | | `clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. | | `errors` | [`[String!]!`](#string) | Errors encountered during the mutation. | -| `token` | [`PersonalAccessToken`](#personalaccesstoken) | Created personal access token. | +| `token` | [`String`](#string) | Created personal access token. | ### `Mutation.pipelineCancel` diff --git a/spec/requests/api/graphql/mutations/users/personal_access_tokens/create_spec.rb b/spec/requests/api/graphql/mutations/users/personal_access_tokens/create_spec.rb index 8d6802f89b81e6..b6409450028115 100644 --- a/spec/requests/api/graphql/mutations/users/personal_access_tokens/create_spec.rb +++ b/spec/requests/api/graphql/mutations/users/personal_access_tokens/create_spec.rb @@ -35,19 +35,22 @@ let(:mutation_request) { post_graphql_mutation(mutation, current_user:, token:) } shared_examples 'creates a personal access token and granular scopes with correct attributes' do - specify do + specify :aggregate_failures do expect { mutation_request }.to change { current_user.personal_access_tokens.count }.by(1) expect(graphql_errors).to be_nil - expect(graphql_data_at(:personalAccessTokenCreate, :token)).to include( + created_token = current_user.personal_access_tokens.last + + expect(graphql_data_at(:personalAccessTokenCreate, :token)).to be_present + + created_token_attributes = created_token.attributes + expect(created_token_attributes).to include( 'name' => input['name'], 'description' => input['description'], - 'expiresAt' => input['expiresAt'], 'granular' => true ) - - created_token = current_user.personal_access_tokens.last + expect(created_token_attributes['expires_at'].to_s).to eq input['expiresAt'] expect(created_token.granular_scopes.count).to eq(expected_granular_scope_attrs.size) expect(created_token.granular_scopes.map(&:attributes)).to include( *expected_granular_scope_attrs.map { |attrs| a_hash_including(attrs.stringify_keys) } -- GitLab