diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb index 75afff6a2fa..be6c6021c88 100644 --- a/app/models/personal_access_token.rb +++ b/app/models/personal_access_token.rb @@ -63,12 +63,7 @@ class PersonalAccessToken < ApplicationRecord # existing PATs and we can add a validation # https://gitlab.com/gitlab-org/gitlab/-/issues/369123 def expires_at=(value) - datetime = if Feature.enabled?(:default_pat_expiration) - value.presence || MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now - else - value - end - + datetime = value.presence || MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now super(datetime) end @@ -125,7 +120,6 @@ class PersonalAccessToken < ApplicationRecord end def expires_at_before_instance_max_expiry_date - return unless Feature.enabled?(:default_pat_expiration) return unless expires_at if expires_at > MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb index 553315f08f9..e6f6f63a116 100644 --- a/app/services/resource_access_tokens/create_service.rb +++ b/app/services/resource_access_tokens/create_service.rb @@ -104,11 +104,7 @@ module ResourceAccessTokens end def default_pat_expiration - if Feature.enabled?(:default_pat_expiration) - params[:expires_at].presence || PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now - else - params[:expires_at] - end + params[:expires_at].presence || PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now end def log_event(token) diff --git a/config/feature_flags/development/default_pat_expiration.yml b/config/feature_flags/development/default_pat_expiration.yml deleted file mode 100644 index b48d6a02723..00000000000 --- a/config/feature_flags/development/default_pat_expiration.yml +++ /dev/null @@ -1,7 +0,0 @@ -name: default_pat_expiration -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/120213 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/410440 -milestone: '16.0' -type: development -group: group::authentication and authorization -default_enabled: true diff --git a/locale/gitlab.pot b/locale/gitlab.pot index b40f3a090b6..9ec1207980f 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -1883,6 +1883,12 @@ msgstr "" msgid "AI| %{link_start}What are Experiment features?%{link_end}" msgstr "" +msgid "AI|AI generated explanations will appear here." +msgstr "" + +msgid "AI|Ask a question" +msgstr "" + msgid "AI|Autocomplete" msgstr "" diff --git a/spec/models/personal_access_token_spec.rb b/spec/models/personal_access_token_spec.rb index bd6a7c156c4..75d380c39ad 100644 --- a/spec/models/personal_access_token_spec.rb +++ b/spec/models/personal_access_token_spec.rb @@ -271,34 +271,20 @@ RSpec.describe PersonalAccessToken, feature_category: :system_access do context 'validates expires_at' do let(:max_expiration_date) { described_class::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now } - context 'when default_pat_expiration feature flag is true' do - context 'when expires_in is less than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do - it 'is valid' do - personal_access_token.expires_at = max_expiration_date - 1.day + context 'when expires_in is less than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do + it 'is valid' do + personal_access_token.expires_at = max_expiration_date - 1.day - expect(personal_access_token).to be_valid - end - end - - context 'when expires_in is more than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do - it 'is invalid' do - personal_access_token.expires_at = max_expiration_date + 1.day - - expect(personal_access_token).not_to be_valid - expect(personal_access_token.errors[:expires_at].first).to eq('must expire in 365 days') - end + expect(personal_access_token).to be_valid end end - context 'when default_pat_expiration feature flag is false' do - before do - stub_feature_flags(default_pat_expiration: false) - end - - it 'allows any expires_at value' do + context 'when expires_in is more than MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS days' do + it 'is invalid' do personal_access_token.expires_at = max_expiration_date + 1.day - expect(personal_access_token).to be_valid + expect(personal_access_token).not_to be_valid + expect(personal_access_token.errors[:expires_at].first).to eq('must expire in 365 days') end end end @@ -466,32 +452,18 @@ RSpec.describe PersonalAccessToken, feature_category: :system_access do describe '#expires_at=' do let(:personal_access_token) { described_class.new } - context 'when default_pat_expiration feature flag is true' do - context 'expires_at set to empty value' do - [nil, ""].each do |expires_in_value| - it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do - personal_access_token.expires_at = expires_in_value + context 'expires_at set to empty value' do + [nil, ""].each do |expires_in_value| + it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do + personal_access_token.expires_at = expires_in_value - freeze_time do - expect(personal_access_token.expires_at).to eq( - PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now.to_date - ) - end + freeze_time do + expect(personal_access_token.expires_at).to eq( + PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now.to_date + ) end end end end - - context 'when default_pat_expiration feature flag is false' do - before do - stub_feature_flags(default_pat_expiration: false) - end - - it 'does not set a default' do - personal_access_token.expires_at = nil - - expect(personal_access_token.expires_at).to eq(nil) - end - end end end diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb index d1a0ad57a84..76172cf482d 100644 --- a/spec/requests/api/internal/base_spec.rb +++ b/spec/requests/api/internal/base_spec.rb @@ -217,47 +217,22 @@ RSpec.describe API::Internal::Base, feature_category: :system_access do end end - context 'when default_pat_expiration feature flag is true' do - it 'returns token with expiry as PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do - freeze_time do - token_size = (PersonalAccessToken.token_prefix || '').size + 20 - - post api('/internal/personal_access_token'), - params: { - key_id: key.id, - name: 'newtoken', - scopes: %w(read_api read_repository) - }, - headers: gitlab_shell_internal_api_request_header - - expect(json_response['success']).to be_truthy - expect(json_response['token']).to match(/\A\S{#{token_size}}\z/) - expect(json_response['scopes']).to match_array(%w(read_api read_repository)) - expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601) - end - end - end - - context 'when default_pat_expiration feature flag is false' do - before do - stub_feature_flags(default_pat_expiration: false) - end - - it 'uses nil expiration value' do + it 'returns token with expiry as PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do + freeze_time do token_size = (PersonalAccessToken.token_prefix || '').size + 20 post api('/internal/personal_access_token'), - params: { - key_id: key.id, - name: 'newtoken', - scopes: %w(read_api read_repository) - }, - headers: gitlab_shell_internal_api_request_header + params: { + key_id: key.id, + name: 'newtoken', + scopes: %w(read_api read_repository) + }, + headers: gitlab_shell_internal_api_request_header expect(json_response['success']).to be_truthy expect(json_response['token']).to match(/\A\S{#{token_size}}\z/) expect(json_response['scopes']).to match_array(%w(read_api read_repository)) - expect(json_response['expires_at']).to be_nil + expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601) end end end diff --git a/spec/requests/api/resource_access_tokens_spec.rb b/spec/requests/api/resource_access_tokens_spec.rb index ce05fa2b383..dcb6572d413 100644 --- a/spec/requests/api/resource_access_tokens_spec.rb +++ b/spec/requests/api/resource_access_tokens_spec.rb @@ -336,32 +336,15 @@ RSpec.describe API::ResourceAccessTokens, feature_category: :system_access do context "when 'expires_at' is not set" do let(:expires_at) { nil } - context 'when default_pat_expiration feature flag is true' do - it "creates a #{source_type} access token with the default expires_at value", :aggregate_failures do - freeze_time do - create_token - expires_at = PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now - - expect(response).to have_gitlab_http_status(:created) - expect(json_response["name"]).to eq("test") - expect(json_response["scopes"]).to eq(["api"]) - expect(json_response["expires_at"]).to eq(expires_at.to_date.iso8601) - end - end - end - - context 'when default_pat_expiration feature flag is false' do - before do - stub_feature_flags(default_pat_expiration: false) - end - - it "creates a #{source_type} access token with the params", :aggregate_failures do + it "creates a #{source_type} access token with the default expires_at value", :aggregate_failures do + freeze_time do create_token + expires_at = PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now expect(response).to have_gitlab_http_status(:created) expect(json_response["name"]).to eq("test") expect(json_response["scopes"]).to eq(["api"]) - expect(json_response["expires_at"]).to eq(nil) + expect(json_response["expires_at"]).to eq(expires_at.to_date.iso8601) end end end diff --git a/spec/services/resource_access_tokens/create_service_spec.rb b/spec/services/resource_access_tokens/create_service_spec.rb index 59d582f038a..31e4e008d4f 100644 --- a/spec/services/resource_access_tokens/create_service_spec.rb +++ b/spec/services/resource_access_tokens/create_service_spec.rb @@ -188,51 +188,26 @@ RSpec.describe ResourceAccessTokens::CreateService, feature_category: :system_ac context 'expires_at' do context 'when no expiration value is passed' do - context 'when default_pat_expiration feature flag is true' do - it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do - freeze_time do - response = subject - access_token = response.payload[:access_token] - - expect(access_token.expires_at).to eq( - max_pat_access_token_lifetime.to_date - ) - end - end - - context 'expiry of the project bot member' do - it 'project bot membership does not expire' do - response = subject - access_token = response.payload[:access_token] - project_bot = access_token.user - - expect(resource.members.find_by(user_id: project_bot.id).expires_at).to eq( - max_pat_access_token_lifetime.to_date - ) - end - end - end - - context 'when default_pat_expiration feature flag is false' do - before do - stub_feature_flags(default_pat_expiration: false) - end - - it 'uses nil expiration value' do + it 'defaults to PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do + freeze_time do response = subject access_token = response.payload[:access_token] - expect(access_token.expires_at).to eq(nil) + expect(access_token.expires_at).to eq( + max_pat_access_token_lifetime.to_date + ) end + end - context 'expiry of the project bot member' do - it 'project bot membership expires' do - response = subject - access_token = response.payload[:access_token] - project_bot = access_token.user + context 'expiry of the project bot member' do + it 'project bot membership does not expire' do + response = subject + access_token = response.payload[:access_token] + project_bot = access_token.user - expect(resource.members.find_by(user_id: project_bot.id).expires_at).to eq(nil) - end + expect(resource.members.find_by(user_id: project_bot.id).expires_at).to eq( + max_pat_access_token_lifetime.to_date + ) end end end