Push notification when PAT / SSH key is revoked / deleted by an admin
Problem to solve
In #214811, we introduced the ability for administrators to Revoke a PAT. On similar grounds, #225248 (closed) adds ability for administrators to Delete SSH keys. Both actions will cause the token/key to be unusable effective immediately.
To make the effect less drastic as a user of the token/key, this issue aims to send an email notification to the user when a deletion/revocation action is performed.
- Sidney (Systems Administrator)
- User of the GitLab application
User experience goal
Less friction when a destructive action is performed by a non-owner of the token/key.
Subject: Your Personal Access Token was revoked The following Personal Access Token was revoked by an administrator, . <token_name> Created on Jan 1, 20202 Last used 5 hours ago Scopes: read_user, read_api, read_repository, read_registry You can create a new Personal Access Token.
- Create a mailer file for CredentialInventory in
- Define a method each for PAT revocation and Key deletion in the mailer
- Trigger the email notification methods in the
revokeaction in CredentialInventoryAction controller
text.erbemail templates in the view section:
Include the documentation for email notification under Revoke action in the Credential Management Admin section.