change personal access token rotate endpoint to use configured ApplicationSettings#max_personal_access_token_lifetime instead of static 1.week
Summary
when calling the rotate endpoint for a personal access token, if the instance has a ApplicationSettings#max_personal_access_token_lifetime of less than 1 week, we cannot use the rotate endpoint
Steps to reproduce
Set the "Maximum allowable lifetime for access tokens (Days)" field in the Account and limit section of the admin area to 1 Day.
hit the rotate endpoint:
curl -XPOST --header "PRIVATE-TOKEN: glpat-YourPrivateTokenWhoseIdIs20" "https://gitlab.example.com/api/v4/personal_access_tokens/20/rotate"
What is the current bug behavior?
the personal access token is not rotated because the expiration date is not valid. The expiration date is set too far in the future
What is the expected correct behavior?
The personal access token is rotated at either the maximum allowable frequency (in the case of one day) or one week, depending on the configured ApplicationSettings#max_personal_access_token_lifetime