Skip to content

Adds a service to reset a User's feed token

Nick Malcolm requested to merge 468599-feed-token-reset-service into master

What does this MR do and why?

Adds a service to reset a User's feed token

User feed tokens allow access to RSS feeds and Calendar feeds. See https://docs.gitlab.com/ee/security/token_overview.html#feed-token

The feed token can be reset if a user suspects it has leaked. This MR introduces a dedicated Service class to perform this action. It introduces logging when the reset occurs.

The Service is being added to support work planned in #468599 (closed). The service follows the code patterns established by PersonalAccessTokens::RevokeService. Feed tokens can't be revoked, but they can be reset / rotated.

Aside from new logging, no behavioral changes should be present.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Check out master locally
  2. Log in
  3. Navigate to /-/user_settings/personal_access_tokens
  4. Under "Feed token" click the eyeball to observe the plaintext
  5. Click "reset this token"
  6. Click the eyeball again to observe the plaintext has changed
  7. Check out 468599-feed-token-reset-service
  8. Perform steps 3-6 to validate that resetting the feed token still works
  9. Look at log/application_json.log to observe the new log item:
    ==> log/application_json.log <==
    {"severity":"INFO","time":"2024-07-31T22:08:25.892Z","correlation_id":"01J45DCP9040CSDMHEXBPKYXNY","meta.caller_id":"ProfilesController#reset_feed_token","meta.remote_ip":"172.16.123.1","meta.feature_category":"user_profile","meta.user":"nm","meta.user_id":22,"meta.client_id":"user/22","class":"Users::ResetFeedTokenService","message":"User Feed Token Reset","source":"self","reset_by":"nm","reset_for":"nm","user_id":22}

Related to #468599 (closed)

Merge request reports

Loading