Skip to content

Resolve "Add Last Activity for Personal Access Tokens"

What does this MR do?

Currently, there's no way to identify whether a personal access token is in use, or when it was last used. This makes it difficult to efficiently maintain GitLab as a service.

  1. Adds a last_used_at attribute to Personal Access Tokens
  2. Updates a PAT's last_used_at whenever it gets used to make requests to any API endpoint
  3. Displays how long ago a PAT was last used

Migrations

$ bundle exec rails db:migrate:up VERSION=20200625113337
== 20200625113337 AddLastUsedToPersonalAccessTokens: migrating ================
-- add_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone)
   -> 0.0013s
== 20200625113337 AddLastUsedToPersonalAccessTokens: migrated (0.0110s) =======

$ bundle exec rails db:migrate:down VERSION=20200625113337
== 20200625113337 AddLastUsedToPersonalAccessTokens: reverting ================
-- remove_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone)
   -> 0.0009s
== 20200625113337 AddLastUsedToPersonalAccessTokens: reverted (0.0038s) =======

Out of scope for this MR

  1. Exposing last_used_at in forthcoming personal access tokens API (#17176 (closed))
  2. Adding last_used_at to Project access tokens
  3. Registering Git over HTTP access

Screenshots

Screen_Shot_2020-06-25_at_15.10.30

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Closes #33162 (closed)

Edited by DeAndre Harris

Merge request reports

Loading