Resolve "Add Last Activity for Personal Access Tokens" (!35471) · Merge requests · GitLab.org / GitLab

The 17.0 major release is coming on May 16, 2024! This version brings many exciting improvements to GitLab, but also removes some deprecated features. We are introducing three breaking change windows during which we expect breaking changes to be deployed to GitLab.com. You can read more about it on our blogpost . The third breaking change window begins 2024-05-06 09:00 UTC and ends 2024-05-08 22:00 UTC.

DeAndre Harris requested to merge 33162-add-last-activity-for-personal-access-tokens into master Jun 27, 2020

What does this MR do?

Currently, there's no way to identify whether a personal access token is in use, or when it was last used. This makes it difficult to efficiently maintain GitLab as a service.

Adds a last_used_at attribute to Personal Access Tokens
Updates a PAT's last_used_at whenever it gets used to make requests to any API endpoint
Displays how long ago a PAT was last used

Migrations

$ bundle exec rails db:migrate:up VERSION=20200625113337
== 20200625113337 AddLastUsedToPersonalAccessTokens: migrating ================
-- add_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone)
   -> 0.0013s
== 20200625113337 AddLastUsedToPersonalAccessTokens: migrated (0.0110s) =======

$ bundle exec rails db:migrate:down VERSION=20200625113337
== 20200625113337 AddLastUsedToPersonalAccessTokens: reverting ================
-- remove_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone)
   -> 0.0009s
== 20200625113337 AddLastUsedToPersonalAccessTokens: reverted (0.0038s) =======

Out of scope for this MR

Exposing last_used_at in forthcoming personal access tokens API (#17176 (closed))
Adding last_used_at to Project access tokens
Registering Git over HTTP access

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers
Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Closes #33162 (closed)

Edited Jul 03, 2020 by DeAndre Harris

Admin message

Resolve "Add Last Activity for Personal Access Tokens"