Resolve "Add Last Activity for Personal Access Tokens"
What does this MR do?
Currently, there's no way to identify whether a personal access token is in use, or when it was last used. This makes it difficult to efficiently maintain GitLab as a service.
- Adds a
last_used_atattribute to Personal Access Tokens
- Updates a PAT's
last_used_atwhenever it gets used to make requests to any API endpoint
- Displays how long ago a PAT was last used
$ bundle exec rails db:migrate:up VERSION=20200625113337 == 20200625113337 AddLastUsedToPersonalAccessTokens: migrating ================ -- add_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone) -> 0.0013s == 20200625113337 AddLastUsedToPersonalAccessTokens: migrated (0.0110s) ======= $ bundle exec rails db:migrate:down VERSION=20200625113337 == 20200625113337 AddLastUsedToPersonalAccessTokens: reverting ================ -- remove_column(:personal_access_tokens, :last_used_at, :datetime_with_timezone) -> 0.0009s == 20200625113337 AddLastUsedToPersonalAccessTokens: reverted (0.0038s) =======
Out of scope for this MR
last_used_atin forthcoming personal access tokens API (#17176)
last_used_atto Project access tokens
- Registering Git over HTTP access
Does this MR meet the acceptance criteria?
- Changelog entry
- Documentation (if required)
- Code review guidelines
- Merge request performance guidelines
- Style guides
- Database guides
- Separation of EE specific content
Availability and Testing
- Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- Tested in all supported browsers
- Informed Infrastructure department of a default or new setting change, if applicable per definition of done
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
Label as security and @ mention
- The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- Security reports checked/validated by a reviewer from the AppSec team
Closes #33162 (closed)