Do not allow expired personal access tokens to work (!85399) · Merge requests · GitLab.org / GitLab

Max Woolf requested to merge 351962-enforce-status-of-all-pats into master Apr 19, 2022

What does this MR do and why?

Remove the ability to allow expired Personal Access Tokens to function.
Remove the ability for administrators to make this decision.
Remove the application setting from the database.
Update documentation and specs.

How to set up and validate locally

Create a personal access token for your user account. In the rails console, set the expiration to a date in the past.
Attempt to use this token. It should be unauthorized.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #351962 (closed)

Edited Apr 28, 2022 by Huzaifa Iftikhar

Do not allow expired personal access tokens to work

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports