Add admin API to revoke user support PIN
What does this MR do and why?
This MR adds the ability for administrators to revoke a user's Support PIN before its natural expiration.
What's changed:
- Adds a new API endpoint (
POST /users/:id/support_pin/revoke) that allows administrators to immediately invalidate a user's Support PIN - Implements a RevokeService to handle the Support PIN revocation logic
References
Screenshots or screen recordings
| Before | After |
|---|---|
sequenceDiagram
participant Admin as Administrator
participant API as GitLab API
participant RevokeSvc as RevokeService
participant BaseSvc as BaseService
participant Redis as Redis Cache
Admin->>API: POST /users/:id/support_pin/revoke
Note over API: authenticated_as_admin!
API->>API: Find user by ID
API->>RevokeSvc: new(user).execute
RevokeSvc->>BaseSvc: pin_exists?
BaseSvc->>Redis: exists(pin_key)
Redis-->>BaseSvc: true/false
BaseSvc-->>RevokeSvc: true/false
alt PIN does not exist
RevokeSvc-->>API: {status: :not_found, message: 'Support PIN not found...'}
API-->>Admin: 404 Not Found
else PIN exists
RevokeSvc->>RevokeSvc: revoke_pin
RevokeSvc->>Redis: expire(pin_key, 0)
Redis-->>RevokeSvc: success/failure
alt Revocation successful
RevokeSvc-->>API: {status: :success}
API-->>Admin: 202 Accepted
else Revocation failed
RevokeSvc-->>API: {status: :error, message: 'Failed to revoke...'}
API-->>Admin: 400 Bad Request
end
endHow to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Michael Trainor