Adds a service to reset a User's feed token
What does this MR do and why?
Adds a service to reset a User's feed token
User feed tokens allow access to RSS feeds and Calendar feeds. See https://docs.gitlab.com/ee/security/token_overview.html#feed-token
The feed token can be reset if a user suspects it has leaked. This MR introduces a dedicated Service class to perform this action. It introduces logging when the reset occurs.
The Service is being added to support work planned in
#468599 (closed). The service
follows the code patterns established by
PersonalAccessTokens::RevokeService
. Feed tokens can't be revoked, but
they can be reset / rotated.
Aside from new logging, no behavioral changes should be present.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Check out
master
locally - Log in
- Navigate to
/-/user_settings/personal_access_tokens
- Under "Feed token" click the eyeball to observe the plaintext
- Click "reset this token"
- Click the eyeball again to observe the plaintext has changed
- Check out
468599-feed-token-reset-service
- Perform steps 3-6 to validate that resetting the feed token still works
- Look at
log/application_json.log
to observe the new log item:==> log/application_json.log <== {"severity":"INFO","time":"2024-07-31T22:08:25.892Z","correlation_id":"01J45DCP9040CSDMHEXBPKYXNY","meta.caller_id":"ProfilesController#reset_feed_token","meta.remote_ip":"172.16.123.1","meta.feature_category":"user_profile","meta.user":"nm","meta.user_id":22,"meta.client_id":"user/22","class":"Users::ResetFeedTokenService","message":"User Feed Token Reset","source":"self","reset_by":"nm","reset_for":"nm","user_id":22}
Related to #468599 (closed)