Token prefixes: Add support for incoming email tokens

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This MR adds support for instance wide token prefixes to Incoming Mail Tokens.

Instance wide token prefix have been added with !179852 (merged)

The new prefix format is: #{instance_prefix}#{token_type_prefix}. E.g. for incoming mail tokens, we'd get: #{instance_prefix}imt-. By default, this is the current token prefix glimt-. However, we can now customize the instance prefix to create a new prefix: my-company-name-imt-.

With this custom prefix, it is easier to identify leaked tokens, because we can now skip all leaked tokens that start with gl. Now, we only need to look at tokens starting with my-company-name-.

🛠️ with ❤️ at Siemens

References

• Previous MR that adds support for Feed Tokens
• Issue

How to set up and validate locally

1. Enable feature flag via rails c:

Feature.enable(:custom_prefix_for_all_token_types)

2. You'll need to create a personal access token to access the token and get an incoming mail token token that you'd like to query:
   1. Create a personal access token with admin_mode and api capabilities. Preferences > Access Tokens > Add a new token
   2. You'll need an incoming email token of a user. If you've seeded the GDK, you can get a token from an existing user in the rails console:

User.first.incoming_email_token

3. Now, change the instance wide token prefix: Admin area > General > Account and limit > Instance token prefix, e.g. to my-custom-prefix

4. Get an incoming email token from another user and reset it, so that it now follows the new format:

u = User.last
u.reset_incoming_email_token!
u.incoming_email_token

5. You can test that both tokens can be found with the Token Information API or you can use the incoming email token as usual if you have the email setup configured:

curl -k --request POST \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token you just created>' \
--header 'Content-Type: application/json' \
--data '{"token": "<token>"}'

MR acceptance checklist

MR Checklist ( @nwittstruck)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

Related to #388379