Skip to content

Re-run background migration for PersonalAccessToken#expires_at

Jessie Young requested to merge jy-re-run-pat-expires-at-script into master

What does this MR do and why?

  • V1 was added and run as part of 16.0: !120239 (merged)
  • We had logic to ensure that no new tokens were generated with a nil expires_at: !120213 (merged)
  • But there was a bypass available: #413289 (closed)
  • That bypass was patched via !121370 (merged)
  • If we re-run this migration, we should once again and henceforth have zero PATs with a nil expires_at value

Screenshots or screen recordings

How to set up and validate locally

  • Create a personal access token with a nil expires at value (needs to be done before migration in !121370 (merged) is run)
  • Run this background migration
  • All PATs should have expires_at set

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jessie Young

Merge request reports