Admin Token API: Revoke Incoming Email Tokens

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This MR adds support for revocation of incoming email tokens to the Admin token API.

Issue: #517677 (closed)

🛠️ with ❤️ at Siemens

References

• Epic
• Issue
• Admin token API documentation

MR acceptance checklist

checklist

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

How to set up and validate locally

1. Enable the feature flag with rails c:

Feature.enable(:api_admin_token_revoke)

2. You'll need to create a personal access token to access the token and get an incoming mail token token that you'd like to revoke:
   1. Create a personal access token with admin_mode and api capabilities. Preferences > Access Tokens > Add a new token
   2. You'll need an incoming email token of a user. If you've seeded the GDK, you can get a token from an existing user in the rails console:

User.last.incoming_email_token

2. Now you can retrieve information about this token:

curl -k --request POST \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token from Step 2.>' \
--header 'Content-Type: application/json' \
--data '{"token": "glimt-token-from-step-2-2"}'

4. Now, revoke the token:

curl -k --request DELETE \
--url 'https://gdk.test:3443/api/v4/admin/token \       
--header 'Authorization: Bearer <Admin Token from Step 1.>' \
--header 'Content-Type: application/json' \
--data '{"token": "glimt-token-from-step-2-2"}'

5. Query the token again - you should now see that the status changed to Not Found, as the incoming email token has changed. You can also use rails cto query the user again and check the token.

Related to #517677 (closed)