Resolve "Add Last Activity for Personal Access Tokens"
What does this MR do?
Currently, there's no way to identify whether a personal access token is in use, or when it was last used. This makes it difficult to efficiently maintain GitLab as a service.
- Adds a
last_used_at
attribute to Personal Access Tokens - Updates a PAT's
last_used_at
whenever it gets used to make requests to any API endpoint - Displays how long ago a PAT was last used
Migrations
$ bundle exec rails db:migrate:up VERSION=20200625113337
== 20200625113337 AddLastUsedToPersonalAccessTokens: migrating ================
-- add_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone)
-> 0.0013s
== 20200625113337 AddLastUsedToPersonalAccessTokens: migrated (0.0110s) =======
$ bundle exec rails db:migrate:down VERSION=20200625113337
== 20200625113337 AddLastUsedToPersonalAccessTokens: reverting ================
-- remove_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone)
-> 0.0009s
== 20200625113337 AddLastUsedToPersonalAccessTokens: reverted (0.0038s) =======
Out of scope for this MR
- Exposing
last_used_at
in forthcoming personal access tokens API (#17176 (closed)) - Adding
last_used_at
to Project access tokens - Registering Git over HTTP access
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Closes #33162 (closed)
Edited by DeAndre Harris