Add ability for user to test personal access token

Add ability for user to test personal access token in settings authorization flow

Perhaps we should test when we save the token?

mentioned in merge request !5 (merged)

mentioned in merge request !7 (merged)

We should not only test the token, but also validate the URL that was passed as the API endpoint before using the token.

Is there some sort of API ping/pong response story that we can use to validate the endpoint?

Also, we need to enforce https before sending any request that contains the personal access token, otherwise we may inadvertently expose it in plain text if the user happens to type a URL with http:// in it.

Perhaps we can add a prefix to the input box with https://?

What if someone is running their own gitlab instance without SSL (probably bad idea on their part)? But what if? Should we let that be a restriction of using this power up?

changed milestone to %1.0

mentioned in merge request !27 (merged)

I’m inclined to think that we should try to protect the user from themselves here. Allowing them to send an API key over an unsecured connection is a bad idea.

But we can't stop a user from setting up their gitlab instance without SSL @mikegreiling