Push notification when PAT / SSH key is revoked / deleted by an admin
Release notes
Problem to solve
In #214811 (closed), we introduced the ability for administrators to Revoke a PAT. On similar grounds, #225248 (closed) adds ability for administrators to Delete SSH keys. Both actions will cause the token/key to be unusable effective immediately.
To make the effect less drastic as a user of the token/key, this issue aims to send an email notification to the user when a deletion/revocation action is performed.
Intended users
- Sidney (Systems Administrator)
- User of the GitLab application
User experience goal
Less friction when a destructive action is performed by a non-owner of the token/key.
Proposal
Email content
Subject: Your Personal Access Token was revoked
The following Personal Access Token was revoked by an administrator, .
<token_name>
Created on Jan 1, 20202
Last used 5 hours ago
Scopes: read_user, read_api, read_repository, read_registry
You can create a new Personal Access Token.
Implementation breakdown
This will primarily be a backend issue, frontend changes only including the email template HAML/ERB changes.
backend - 2
- Create a mailer file for CredentialInventory in
ee/app/mailers
- Define a method each for PAT revocation and Key deletion in the mailer
- Trigger the email notification methods in the
revoke
action in CredentialInventoryAction controller
frontend - 1
- Add
haml
andtext.erb
email templates in the view section:ee/app/views/notify/
Documentation
Include the documentation for email notification under Revoke action in the Credential Management Admin section.
Edited by Max Woolf