Skip to content

Token prefixes: add support for path dependent feed tokens

Nicholas Wittstruckrequested to merge
gitlab-community/gitlab-org/gitlab:388379-nwittstruck-enable-feed-prefix-for-path-dependent-tokens into master

What does this MR do and why?

This MR adds the instance wide token prefix to path dependent feed tokens.

E.g. for path dependent feed tokens, we'd get: #{instance_prefix}-glft-HMAC-user_id. By default, this is the current token prefix glft-. However, we can now customize the instance prefix to create a new prefix: companyglft-.

With this custom prefix, it is easier to identify leaked tokens, because we can now look for tokens starting with company. 🛠️ with ❤️ at Siemens

References

How to set up and validate locally

  1. Enable feature flag via rails c:
Feature.enable(:custom_prefix_for_all_token_types)
  1. Generate a path dependent feed token. To do so:
  • Go to project issues. For the GDK: https://gdk.test:3443/toolbox/demo-project/-/issues
  • In the upper right corner, click the dots and select Subscribe to RSS feed. This should give you a link like this: https://gdk.test:3443/toolbox/demo-project/-/issues.atom?feed_token=glft-abc-1

  1. Now, change the instance wide token prefix: Admin area > General > Account and limit > Instance token prefix, e.g. to mycustomprefix

  2. Go back to the issues and generate a new subscription link. It might take a few seconds for the new prefix to get picked up. It should now look like this: https://gdk.test:3443/toolbox/demo-project/-/issues.atom?feed_token=mycustomprefix-glft-abc-1

  3. Both links should work and return an atom file with the issues.

MR acceptance checklist

checklist

Related to #388379

Edited by Nicholas Wittstruck

Merge request reports