Log user last activity on in GraphQL
What does this MR do?
Related to #195990 (closed)
It updates the User#last_activity_on field on every GraphQL request when user is logged in and last_activity_on was earlier than today. I added the same to the REST API (!21725 (merged)). It was behind a feature flag because there were some performance concerns. If a user does the first request on a day, it would trigger one additional SQL query. This might cause spikes on the beginning of the day. But rolling out the feauture flag showed that it didn't have a visible effect. I expect a low impact on GraphQL too because it's mainly used on frontend and in this case the user would be already logged in and have last_activity_on updated.
How to test on Staging
- Create a test user on staging with an API token
- Wait until the next day.
- Go to staging.gitlab.com/admin/users
- Search for the test user
- Make sure Last activity is not the date of today
- Make a GraphQL call with the test user token
curl --location --request POST 'https://staging.gitlab.com/api/graphql' --header 'Authorization: Bearer TEST_USER_TOKEN' --header 'Content-Type: application/json' --data-raw '{"query":"query{project(fullPath:\"gitlab-org/gitlab\"){name issues {nodes {title}}}}","variables":{}}' - Reload the admin users page and check that Last activity was updated to the date of today
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team