From 541fdbe0361b639af34ce17a67e96d315db66806 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 13 Jan 2022 18:05:10 +0100
Subject: [PATCH 01/24] try with svg_token (wip)

---
 lib/travis/api/app/helpers/respond_with.rb | 15 +++++++++++++++
 lib/travis/model/token.rb                  |  8 ++++++++
 lib/travis/model/user.rb                   | 19 ++++++++++++++++---
 3 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index 2fd5c6f32a..3b14e78165 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -16,6 +16,8 @@ module RespondWith
       }
 
       def respond_with(resource, options = {})
+        halt 403, 'access denied' unless token_proper?(options[:acceptable_tokens])
+
         result = respond(resource, options)
 
         if result && response.content_type =~ /application\/json/
@@ -32,6 +34,19 @@ def body(value = nil, options = {}, &block)
       end
 
       private
+        # def acceptable_tokens(responder)
+        #   case(responder)
+        #   when :atom
+        #   else
+        # end
+
+        def token_proper?(acceptable_tokens)
+          return true unless params[:token] # it means that ScopeCheck granted access basing on other proper token
+
+          acceptable_tokens ||= [:default]
+          token = Token.find_by_token(params[:token])
+          acceptable_tokens.include?(token.try(:type))
+        end
 
         def respond(resource, options)
           resource = apply_service_responder(resource, options)
diff --git a/lib/travis/model/token.rb b/lib/travis/model/token.rb
index 93f45ec9dd..317c9550fa 100644
--- a/lib/travis/model/token.rb
+++ b/lib/travis/model/token.rb
@@ -15,6 +15,14 @@ class Token < Travis::Model
 
   serialize :token, Travis::Model::EncryptedColumn.new(disable: true)
 
+  def type
+    if self.token =~ /svg-/
+      :svg
+    else
+      :default
+    end
+  end
+
   protected
 
     def generate_token
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 970c3c33b2..0da2b99d75 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -15,6 +15,7 @@ class User < Travis::Model
 
   before_create :set_as_recent
   after_create :create_a_token
+  after_create :create_svg_token
   before_save :track_previous_changes
 
   serialize :github_scopes
@@ -40,7 +41,11 @@ def with_email(email_address)
   end
 
   def token
-    tokens.first.try(:token)
+    tokens.find { |t| t.try(:type) == :default}.try(:token)
+  end
+
+  def svg_token
+    tokens.find { |t| t.try(:type) == :svg}.try(:token)
   end
 
   def to_json
@@ -162,8 +167,16 @@ def inspect
     github_oauth_token ? super.gsub(github_oauth_token, '[REDACTED]') : super
   end
 
-  def create_a_token
-    self.tokens.create!
+  def create_a_token(type = :default)
+    token = self.tokens.create!
+    if type == :svg
+      token.token = "svg-#{token.token}"
+      token.save!
+    end
+  end
+
+  def create_svg_token
+    create_a_token(:svg)
   end
 
   protected

From f6111f5056464e2644cb8b4269ca87bebbb0a3cb Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Fri, 14 Jan 2022 13:26:30 +0100
Subject: [PATCH 02/24] svg_token in serialize_user

---
 lib/travis/api/app/endpoint/authorization.rb | 3 ++-
 lib/travis/model/user.rb                     | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 9c53c1fe8a..e2d6a806eb 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -142,7 +142,8 @@ def update_first_login(user)
 
         def serialize_user(user)
           rendered = Travis::Api::Serialize.data(user, version: :v2)
-          rendered['user'].merge('token' => user.tokens.first.try(:token).to_s)
+          rendered['user'].merge('token' => user.default_tokens.first.try(:token).to_s)
+          rendered['user'].merge('svg_token' => user.svg_token.try(:token).to_s)
         end
 
         def oauth_endpoint
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 0da2b99d75..ffc65242f5 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -45,7 +45,11 @@ def token
   end
 
   def svg_token
-    tokens.find { |t| t.try(:type) == :svg}.try(:token)
+    tokens.find { |t| t.try(:type) == :svg}.try(:token) || create_svg_token
+  end
+
+  def default_tokens
+    self.tokens.select { |token| token.try(:type) == :default }
   end
 
   def to_json

From 63e0c8b990b9d97799bbc30375faf41806c7ec0e Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Fri, 21 Jan 2022 10:51:44 +0100
Subject: [PATCH 03/24] fix and puts

---
 lib/travis/api/app/endpoint/authorization.rb | 9 +++++++--
 lib/travis/model/user.rb                     | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index e2d6a806eb..39d3bfe1a9 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -142,8 +142,13 @@ def update_first_login(user)
 
         def serialize_user(user)
           rendered = Travis::Api::Serialize.data(user, version: :v2)
-          rendered['user'].merge('token' => user.default_tokens.first.try(:token).to_s)
-          rendered['user'].merge('svg_token' => user.svg_token.try(:token).to_s)
+          rendered['user'].merge!('token' => user.default_tokens.first.try(:token).to_s)
+          rendered['user'].merge!('svg_token' => user.svg_token.try(:token).to_s)
+          puts '-------1----------'
+          puts user.svg_token
+          puts '-------x2----------'
+          puts rendered['user']
+          rendered['user']
         end
 
         def oauth_endpoint
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index ffc65242f5..748a60f19c 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -177,6 +177,7 @@ def create_a_token(type = :default)
       token.token = "svg-#{token.token}"
       token.save!
     end
+    token
   end
 
   def create_svg_token

From c19a5daed94916d4674aba3e8385c5cf29e11bc4 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Tue, 25 Jan 2022 16:02:30 +0100
Subject: [PATCH 04/24] debugging

---
 lib/travis/api/app/endpoint/authorization.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 39d3bfe1a9..ab5bf9e8a6 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -147,6 +147,8 @@ def serialize_user(user)
           puts '-------1----------'
           puts user.svg_token
           puts '-------x2----------'
+          puts user.svg_token.try(:token).to_s
+          puts '-------x3----------'
           puts rendered['user']
           rendered['user']
         end

From d2a2da68d7322cb5492c29bf71e2d163330473ca Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Tue, 25 Jan 2022 21:37:04 +0100
Subject: [PATCH 05/24] fix

---
 lib/travis/api/app/endpoint/authorization.rb | 4 +---
 lib/travis/model/user.rb                     | 3 ++-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index ab5bf9e8a6..a22d6a1e45 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -143,12 +143,10 @@ def update_first_login(user)
         def serialize_user(user)
           rendered = Travis::Api::Serialize.data(user, version: :v2)
           rendered['user'].merge!('token' => user.default_tokens.first.try(:token).to_s)
-          rendered['user'].merge!('svg_token' => user.svg_token.try(:token).to_s)
+          rendered['user'].merge!('svg_token' => user.svg_token.to_s)
           puts '-------1----------'
           puts user.svg_token
           puts '-------x2----------'
-          puts user.svg_token.try(:token).to_s
-          puts '-------x3----------'
           puts rendered['user']
           rendered['user']
         end
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 748a60f19c..4783169e9f 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -45,7 +45,8 @@ def token
   end
 
   def svg_token
-    tokens.find { |t| t.try(:type) == :svg}.try(:token) || create_svg_token
+    token = tokens.find { |t| t.try(:type) == :svg} || create_svg_token
+    token.try(:token)
   end
 
   def default_tokens

From aae16fc1af6facff4d06c97e237bddb028927795 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Wed, 26 Jan 2022 20:39:29 +0100
Subject: [PATCH 06/24] debugging

---
 lib/travis/model/user.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 4783169e9f..23f546ec5f 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -41,6 +41,7 @@ def with_email(email_address)
   end
 
   def token
+    puts '---token in user.rb---'
     tokens.find { |t| t.try(:type) == :default}.try(:token)
   end
 

From 5e59b42d307fefd946e876a909648a4e75ed0ebd Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 13:11:29 +0100
Subject: [PATCH 07/24] debugging

---
 lib/travis/api/app/endpoint/authorization.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index a22d6a1e45..5e3283fdaa 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -148,6 +148,8 @@ def serialize_user(user)
           puts user.svg_token
           puts '-------x2----------'
           puts rendered['user']
+          puts '-------x3----------'
+          puts Token.all.map(&:token)
           rendered['user']
         end
 

From 8c44b96b08f8a20d7917cfcf4bd0a782a751f2b3 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 14:27:15 +0100
Subject: [PATCH 08/24] proper token checking in respond_with

---
 lib/travis/api/app/helpers/respond_with.rb | 27 ++++++++++++++--------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index 3b14e78165..c6585d6c20 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -16,7 +16,7 @@ module RespondWith
       }
 
       def respond_with(resource, options = {})
-        halt 403, 'access denied' unless token_proper?(options[:acceptable_tokens])
+        # halt 403, 'access denied' unless token_proper?(options[:acceptable_tokens])
 
         result = respond(resource, options)
 
@@ -34,18 +34,19 @@ def body(value = nil, options = {}, &block)
       end
 
       private
-        # def acceptable_tokens(responder)
-        #   case(responder)
-        #   when :atom
-        #   else
-        # end
+        def acceptable_tokens(responder)
+          case(responder.class)
+          when Responders::Badge then [:svg]
+          else [:default]
+          end
+        end
 
-        def token_proper?(acceptable_tokens)
+        def token_proper?(responder)
           return true unless params[:token] # it means that ScopeCheck granted access basing on other proper token
 
-          acceptable_tokens ||= [:default]
+          acceptable = acceptable_tokens(responder)
           token = Token.find_by_token(params[:token])
-          acceptable_tokens.include?(token.try(:type))
+          acceptable.include?(token.try(:type))
         end
 
         def respond(resource, options)
@@ -56,7 +57,13 @@ def respond(resource, options)
           acceptable_formats.find do |accept|
             responders.find do |const|
               responder = const.new(self, resource, options.dup.merge(accept: accept))
-              response = responder.apply if responder.apply?
+              if responder.apply?
+                if token_proper?(responder)
+                  response = responder.apply
+                else
+                  halt 403, 'access denied'
+                end
+              end
             end
           end
 

From 100c82363b5efb481e4999d850e78e0004c30f04 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 14:30:05 +0100
Subject: [PATCH 09/24] debugging

---
 lib/travis/api/app/helpers/respond_with.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index c6585d6c20..591800737f 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -35,6 +35,8 @@ def body(value = nil, options = {}, &block)
 
       private
         def acceptable_tokens(responder)
+          puts '---acceptable_tokens---'
+          puts responder.class
           case(responder.class)
           when Responders::Badge then [:svg]
           else [:default]
@@ -50,6 +52,7 @@ def token_proper?(responder)
         end
 
         def respond(resource, options)
+          puts '---respond---'
           resource = apply_service_responder(resource, options)
           response = nil
           responders = responders_for(options)

From 083f804d45832f9d8501b887d4678a73ff06441d Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 14:32:33 +0100
Subject: [PATCH 10/24] debugging

---
 lib/travis/api/app/helpers/respond_with.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index 591800737f..d3300a8ca6 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -47,7 +47,11 @@ def token_proper?(responder)
           return true unless params[:token] # it means that ScopeCheck granted access basing on other proper token
 
           acceptable = acceptable_tokens(responder)
+          puts '---'
+          puts acceptable
           token = Token.find_by_token(params[:token])
+          puts token
+          puts token.try(:type)
           acceptable.include?(token.try(:type))
         end
 

From def21aab3662b6dffce9856061414d4e010febf1 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 14:34:11 +0100
Subject: [PATCH 11/24] fix

---
 lib/travis/api/app/helpers/respond_with.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index d3300a8ca6..b8a2aa3377 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -38,7 +38,7 @@ def acceptable_tokens(responder)
           puts '---acceptable_tokens---'
           puts responder.class
           case(responder.class)
-          when Responders::Badge then [:svg]
+          when Travis::Api::App::Responders::Badge then [:svg]
           else [:default]
           end
         end

From 5cacf982464dc90a936a379bcf69809ec2812e21 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 14:40:15 +0100
Subject: [PATCH 12/24] fix

---
 lib/travis/api/app/helpers/respond_with.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index b8a2aa3377..dabf37f68c 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -37,7 +37,7 @@ def body(value = nil, options = {}, &block)
         def acceptable_tokens(responder)
           puts '---acceptable_tokens---'
           puts responder.class
-          case(responder.class)
+          case(responder)
           when Travis::Api::App::Responders::Badge then [:svg]
           else [:default]
           end

From b475a04389bf4519e3e6d14bac6c43e373e7270c Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 16:45:51 +0100
Subject: [PATCH 13/24] refactoring

---
 lib/travis/api/app/endpoint/authorization.rb |  6 ---
 lib/travis/api/app/helpers/respond_with.rb   | 44 ++++++++------------
 lib/travis/model/user.rb                     |  1 -
 3 files changed, 17 insertions(+), 34 deletions(-)

diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 5e3283fdaa..8c126eab29 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -144,12 +144,6 @@ def serialize_user(user)
           rendered = Travis::Api::Serialize.data(user, version: :v2)
           rendered['user'].merge!('token' => user.default_tokens.first.try(:token).to_s)
           rendered['user'].merge!('svg_token' => user.svg_token.to_s)
-          puts '-------1----------'
-          puts user.svg_token
-          puts '-------x2----------'
-          puts rendered['user']
-          puts '-------x3----------'
-          puts Token.all.map(&:token)
           rendered['user']
         end
 
diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index dabf37f68c..252a05c2b9 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -34,29 +34,7 @@ def body(value = nil, options = {}, &block)
       end
 
       private
-        def acceptable_tokens(responder)
-          puts '---acceptable_tokens---'
-          puts responder.class
-          case(responder)
-          when Travis::Api::App::Responders::Badge then [:svg]
-          else [:default]
-          end
-        end
-
-        def token_proper?(responder)
-          return true unless params[:token] # it means that ScopeCheck granted access basing on other proper token
-
-          acceptable = acceptable_tokens(responder)
-          puts '---'
-          puts acceptable
-          token = Token.find_by_token(params[:token])
-          puts token
-          puts token.try(:type)
-          acceptable.include?(token.try(:type))
-        end
-
         def respond(resource, options)
-          puts '---respond---'
           resource = apply_service_responder(resource, options)
           response = nil
           responders = responders_for(options)
@@ -65,11 +43,8 @@ def respond(resource, options)
             responders.find do |const|
               responder = const.new(self, resource, options.dup.merge(accept: accept))
               if responder.apply?
-                if token_proper?(responder)
-                  response = responder.apply
-                else
-                  halt 403, 'access denied'
-                end
+                response = responder.apply
+                halt 403, 'access denied' unless token_proper?(responder)
               end
             end
           end
@@ -77,6 +52,21 @@ def respond(resource, options)
           response || (resource ? error(406) : error(404))
         end
 
+        def token_proper?(responder)
+          return true unless params[:token] # it means that ScopeCheck granted access basing on other proper token
+
+          acceptable = acceptable_tokens(responder)
+          token = Token.find_by_token(params[:token])
+          acceptable.include?(token.try(:type))
+        end
+
+        def acceptable_tokens(responder)
+          case(responder)
+          when Travis::Api::App::Responders::Badge then [:svg]
+          else [:default]
+          end
+        end
+
         def prettify_result?
           !params[:pretty].nil? && (params[:pretty].downcase == 'true' || params[:pretty].to_i > 0)
         end
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 23f546ec5f..4783169e9f 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -41,7 +41,6 @@ def with_email(email_address)
   end
 
   def token
-    puts '---token in user.rb---'
     tokens.find { |t| t.try(:type) == :default}.try(:token)
   end
 

From 995c1d5ba73f9f076bef91ddcf0e688fd157ac81 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 16:46:34 +0100
Subject: [PATCH 14/24] comment removed

---
 lib/travis/api/app/helpers/respond_with.rb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index 252a05c2b9..61f671beb3 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -16,8 +16,6 @@ module RespondWith
       }
 
       def respond_with(resource, options = {})
-        # halt 403, 'access denied' unless token_proper?(options[:acceptable_tokens])
-
         result = respond(resource, options)
 
         if result && response.content_type =~ /application\/json/

From 88e614819a4d8f7f9473f20fb28f3038116d6bbe Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 17:01:25 +0100
Subject: [PATCH 15/24] narrowed rspec

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index a33322fa3e..7358c251a2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,7 +4,7 @@ sudo: false
 
 rvm: 2.4.2
 
-script: "bundle exec rake knapsack:rspec"
+script: "bundle exec rake knapsack:rspec ./spec/auth/v2/jobs_spec.rb"
 env:
   global:
     - RUBY_GC_MALLOC_LIMIT=90000000

From 34f30f1bd446dea03ca9f1bff31343f0498e8c3e Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 17:11:15 +0100
Subject: [PATCH 16/24] debugging

---
 lib/travis/api/app/helpers/respond_with.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index 61f671beb3..26cce400df 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -55,6 +55,10 @@ def token_proper?(responder)
 
           acceptable = acceptable_tokens(responder)
           token = Token.find_by_token(params[:token])
+          puts '--'
+          puts token
+          puts '--'
+          puts acceptable
           acceptable.include?(token.try(:type))
         end
 

From d0b18f2e8805a64555de592c6e25b5eef096a470 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 17:23:05 +0100
Subject: [PATCH 17/24] debugging

---
 lib/travis/api/app/helpers/respond_with.rb | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index 26cce400df..f459d83872 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -41,8 +41,13 @@ def respond(resource, options)
             responders.find do |const|
               responder = const.new(self, resource, options.dup.merge(accept: accept))
               if responder.apply?
-                response = responder.apply
-                halt 403, 'access denied' unless token_proper?(responder)
+                # response = responder.apply
+                # halt 403, 'access denied' unless token_proper?(responder)
+                if token_proper?(responder)
+                  response = responder.apply
+                else
+                  halt 403, 'access denied'
+                end
               end
             end
           end
@@ -55,10 +60,6 @@ def token_proper?(responder)
 
           acceptable = acceptable_tokens(responder)
           token = Token.find_by_token(params[:token])
-          puts '--'
-          puts token
-          puts '--'
-          puts acceptable
           acceptable.include?(token.try(:type))
         end
 

From 9425929e049c843fc01f5361fa27988c928d8b95 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 17:45:07 +0100
Subject: [PATCH 18/24] tests changed

---
 spec/auth/v2.1/repo_status_spec.rb | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/spec/auth/v2.1/repo_status_spec.rb b/spec/auth/v2.1/repo_status_spec.rb
index d01221709c..3b7bed1d19 100644
--- a/spec/auth/v2.1/repo_status_spec.rb
+++ b/spec/auth/v2.1/repo_status_spec.rb
@@ -79,13 +79,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -184,13 +184,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
@@ -289,13 +289,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -400,13 +400,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -505,13 +505,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end

From 4b6c9ec568cdc183566e1802915f4b1f2e9d8459 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Thu, 27 Jan 2022 18:01:51 +0100
Subject: [PATCH 19/24] tests changed

---
 spec/auth/v1/repo_status_spec.rb | 20 ++++++++++----------
 spec/auth/v2/repo_status_spec.rb | 20 ++++++++++----------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/spec/auth/v1/repo_status_spec.rb b/spec/auth/v1/repo_status_spec.rb
index d0be340b21..696312c374 100644
--- a/spec/auth/v1/repo_status_spec.rb
+++ b/spec/auth/v1/repo_status_spec.rb
@@ -79,13 +79,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -184,13 +184,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
@@ -289,13 +289,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -400,13 +400,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -505,13 +505,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
diff --git a/spec/auth/v2/repo_status_spec.rb b/spec/auth/v2/repo_status_spec.rb
index e15f59b49c..75342dd26c 100644
--- a/spec/auth/v2/repo_status_spec.rb
+++ b/spec/auth/v2/repo_status_spec.rb
@@ -79,13 +79,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -184,13 +184,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
@@ -289,13 +289,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -400,13 +400,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'unknown.svg' }
     end
@@ -505,13 +505,13 @@
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.png' }
     end
 
-    describe 'GET /repos/%{repo.slug}?token=%{user.token} Accept image/svg+xml' do
+    describe 'GET /repos/%{repo.slug}?token=%{user.svg_token} Accept image/svg+xml' do
       let(:accept) { 'image/svg+xml' }
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end
 
-    describe 'GET /repos/%{repo.slug}.svg?token=%{user.token}' do
+    describe 'GET /repos/%{repo.slug}.svg?token=%{user.svg_token}' do
       it(:with_permission)    { should auth status: 200, type: :img, file: 'passing.svg' }
       it(:without_permission) { should auth status: 200, type: :img, file: 'passing.svg' }
     end

From 235f71606ae640d913a271afa6335dc93d4ad350 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Fri, 4 Feb 2022 02:20:37 +0100
Subject: [PATCH 20/24] change in .travis.yml removed

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 7358c251a2..a33322fa3e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,7 +4,7 @@ sudo: false
 
 rvm: 2.4.2
 
-script: "bundle exec rake knapsack:rspec ./spec/auth/v2/jobs_spec.rb"
+script: "bundle exec rake knapsack:rspec"
 env:
   global:
     - RUBY_GC_MALLOC_LIMIT=90000000

From e43d77256337607044db866f682b9b9f223c1b7a Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Fri, 4 Feb 2022 02:27:09 +0100
Subject: [PATCH 21/24] token type in db

---
 lib/travis/api/app/helpers/respond_with.rb |  4 +---
 lib/travis/model/token.rb                  |  8 ++------
 lib/travis/model/user.rb                   | 12 +++++-------
 3 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index f459d83872..21e0258590 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -41,8 +41,6 @@ def respond(resource, options)
             responders.find do |const|
               responder = const.new(self, resource, options.dup.merge(accept: accept))
               if responder.apply?
-                # response = responder.apply
-                # halt 403, 'access denied' unless token_proper?(responder)
                 if token_proper?(responder)
                   response = responder.apply
                 else
@@ -60,7 +58,7 @@ def token_proper?(responder)
 
           acceptable = acceptable_tokens(responder)
           token = Token.find_by_token(params[:token])
-          acceptable.include?(token.try(:type))
+          acceptable.include?(token.try(:type_symbol))
         end
 
         def acceptable_tokens(responder)
diff --git a/lib/travis/model/token.rb b/lib/travis/model/token.rb
index 317c9550fa..f446f3cbf6 100644
--- a/lib/travis/model/token.rb
+++ b/lib/travis/model/token.rb
@@ -15,12 +15,8 @@ class Token < Travis::Model
 
   serialize :token, Travis::Model::EncryptedColumn.new(disable: true)
 
-  def type
-    if self.token =~ /svg-/
-      :svg
-    else
-      :default
-    end
+  def type_symbol
+    type.to_sym
   end
 
   protected
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 4783169e9f..a51b63aa7c 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -41,16 +41,16 @@ def with_email(email_address)
   end
 
   def token
-    tokens.find { |t| t.try(:type) == :default}.try(:token)
+    tokens.find { |t| t.try(:type_symbol) == :default}.try(:token)
   end
 
   def svg_token
-    token = tokens.find { |t| t.try(:type) == :svg} || create_svg_token
+    token = tokens.find { |t| t.try(:type_symbol) == :svg} || create_svg_token
     token.try(:token)
   end
 
   def default_tokens
-    self.tokens.select { |token| token.try(:type) == :default }
+    self.tokens.select { |token| token.try(:type_symbol) == :default }
   end
 
   def to_json
@@ -174,10 +174,8 @@ def inspect
 
   def create_a_token(type = :default)
     token = self.tokens.create!
-    if type == :svg
-      token.token = "svg-#{token.token}"
-      token.save!
-    end
+    token.type = type.to_s
+    token.save!
     token
   end
 

From edbd5f64fda7439704bc5b795d5ef07e2cdd7e7a Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Fri, 4 Feb 2022 02:30:46 +0100
Subject: [PATCH 22/24] default type autofill

---
 lib/travis/model/token.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/travis/model/token.rb b/lib/travis/model/token.rb
index f446f3cbf6..a201968998 100644
--- a/lib/travis/model/token.rb
+++ b/lib/travis/model/token.rb
@@ -16,7 +16,7 @@ class Token < Travis::Model
   serialize :token, Travis::Model::EncryptedColumn.new(disable: true)
 
   def type_symbol
-    type.to_sym
+    type.to_sym || :default
   end
 
   protected

From 974e348072fdfe7466d43a0a2a25106a43b4ac68 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Fri, 4 Feb 2022 02:40:49 +0100
Subject: [PATCH 23/24] fix

---
 lib/travis/model/token.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/travis/model/token.rb b/lib/travis/model/token.rb
index a201968998..e7fd058855 100644
--- a/lib/travis/model/token.rb
+++ b/lib/travis/model/token.rb
@@ -16,7 +16,7 @@ class Token < Travis::Model
   serialize :token, Travis::Model::EncryptedColumn.new(disable: true)
 
   def type_symbol
-    type.to_sym || :default
+    type.try(:to_sym) || :default
   end
 
   protected

From bcbae44d7a5194b4495004eee9023bafe79f4579 Mon Sep 17 00:00:00 2001
From: Karol Selak Travis <karol@travis-ci.org>
Date: Fri, 4 Feb 2022 03:04:34 +0100
Subject: [PATCH 24/24] type -> purpose

---
 lib/travis/api/app/helpers/respond_with.rb |  2 +-
 lib/travis/model/token.rb                  |  4 ++--
 lib/travis/model/user.rb                   | 10 +++++-----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/travis/api/app/helpers/respond_with.rb b/lib/travis/api/app/helpers/respond_with.rb
index 21e0258590..d7d8ce0eab 100644
--- a/lib/travis/api/app/helpers/respond_with.rb
+++ b/lib/travis/api/app/helpers/respond_with.rb
@@ -58,7 +58,7 @@ def token_proper?(responder)
 
           acceptable = acceptable_tokens(responder)
           token = Token.find_by_token(params[:token])
-          acceptable.include?(token.try(:type_symbol))
+          acceptable.include?(token.try(:purpose_symbol))
         end
 
         def acceptable_tokens(responder)
diff --git a/lib/travis/model/token.rb b/lib/travis/model/token.rb
index e7fd058855..50ce804178 100644
--- a/lib/travis/model/token.rb
+++ b/lib/travis/model/token.rb
@@ -15,8 +15,8 @@ class Token < Travis::Model
 
   serialize :token, Travis::Model::EncryptedColumn.new(disable: true)
 
-  def type_symbol
-    type.try(:to_sym) || :default
+  def purpose_symbol
+    purpose.try(:to_sym) || :default
   end
 
   protected
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index a51b63aa7c..4e79d09f82 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -41,16 +41,16 @@ def with_email(email_address)
   end
 
   def token
-    tokens.find { |t| t.try(:type_symbol) == :default}.try(:token)
+    tokens.find { |t| t.try(:purpose_symbol) == :default}.try(:token)
   end
 
   def svg_token
-    token = tokens.find { |t| t.try(:type_symbol) == :svg} || create_svg_token
+    token = tokens.find { |t| t.try(:purpose_symbol) == :svg} || create_svg_token
     token.try(:token)
   end
 
   def default_tokens
-    self.tokens.select { |token| token.try(:type_symbol) == :default }
+    self.tokens.select { |token| token.try(:purpose_symbol) == :default }
   end
 
   def to_json
@@ -172,9 +172,9 @@ def inspect
     github_oauth_token ? super.gsub(github_oauth_token, '[REDACTED]') : super
   end
 
-  def create_a_token(type = :default)
+  def create_a_token(purpose = :default)
     token = self.tokens.create!
-    token.type = type.to_s
+    token.purpose = purpose.to_s
     token.save!
     token
   end