Do not allow expired personal access tokens to work
What does this MR do and why?
- Remove the ability to allow expired Personal Access Tokens to function.
- Remove the ability for administrators to make this decision.
- Remove the application setting from the database.
- Update documentation and specs.
How to set up and validate locally
- Create a personal access token for your user account. In the rails console, set the expiration to a date in the past.
- Attempt to use this token. It should be unauthorized.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #351962 (closed)
Edited by Huzaifa Iftikhar