GitLab tokens with unset expiration are quietly set to expire in 365 days

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Summary

When creating a new access token with no expiration set. The UI does not provide any indication that a non-expiring token is not supported. The expiration date field shows no warning or error. After clicking submit, no expiration date is shown. The user is left to assume that the token will not expire, when in fact the token's expiration date has been set to 365 days.

Reproduction steps are for group access token, but I believe this also applies to project and personal access tokens.

Steps to reproduce

  1. From the Group > Settings > Access Tokens > Add new token
  2. Set token name "example"
  3. Click the X button to remove the Expiration date
  4. Click Create group access token

Example Project

N/A

What is the current bug behavior?

Token is created with 365 day expiration and no messaging is provided during or after token creation that an expiration was set.

What is the expected correct behavior?

UI should be clear that the 365 day expiration is set before and after token creation.

Relevant logs and/or screenshots

Screenshot_2024-05-21_at_8.59.49_AM

Token has expiration: Screenshot_2024-05-21_at_9.00.01_AM

Output of checks

Results of GitLab environment info

GitLab self-managed v16.9.8-ee

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

Edited by 🤖 GitLab Bot 🤖