Extend group and project "expired" tokens to resource owners/maintainers

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Group and project tokens expired today will be notified to the same group and project owners/maintainers that currently received notification of tokens expiring within 7 days.

Problem to solve

There is an inconsistency between the PersonalAccessTokens::ExpiringWorker and the PersonalAccessTokens::ExpiredNotificationWorker with regard to the users notified.

The ExpiringWorker will presently notify direct group owners for group access tokens and direct project owners and maintainers for tokens expiring within 7 days.

It does so by identifying the owners/maintainers of the expiring token's resource (group/project). However, when the token has finally expired, the ExpiredNotificationWorker attempts to email only the owner of the token. In the case of a group/project access token, the user created for the token will have an undeliverable email address, thus attempting notification is pointless.

Proposal

The ExpiredNotificationWorker should behave similarly to the ExpiringWorker and determine the resource owners of expired tokens. This would provide a more consistent experience for token management and avoid confusion and the potential for missing the expiry of a token.

Related links

Documentation: Notification events