diff options
Diffstat (limited to 'app/services/personal_access_tokens/revoke_service.rb')
-rw-r--r-- | app/services/personal_access_tokens/revoke_service.rb | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/app/services/personal_access_tokens/revoke_service.rb b/app/services/personal_access_tokens/revoke_service.rb index 5371b6c91ef..bb5edc27340 100644 --- a/app/services/personal_access_tokens/revoke_service.rb +++ b/app/services/personal_access_tokens/revoke_service.rb @@ -4,10 +4,13 @@ module PersonalAccessTokens class RevokeService < BaseService attr_reader :token, :current_user, :group - def initialize(current_user = nil, token: nil, group: nil) + VALID_SOURCES = %w[secret_detection].freeze + + def initialize(current_user = nil, token: nil, group: nil, source: nil) @current_user = current_user @token = token @group = group + @source = source end def execute @@ -15,7 +18,7 @@ module PersonalAccessTokens if token.revoke! log_event - notification_service.access_token_revoked(token.user, token.name) + notification_service.access_token_revoked(token.user, token.name, @source) ServiceResponse.success(message: success_message) else ServiceResponse.error(message: error_message) @@ -33,11 +36,24 @@ module PersonalAccessTokens end def revocation_permitted? - Ability.allowed?(current_user, :revoke_token, token) + if current_user + Ability.allowed?(current_user, :revoke_token, token) + else + source && VALID_SOURCES.include?(source) + end + end + + def source + current_user&.username || @source end def log_event - Gitlab::AppLogger.info("PAT REVOCATION: revoked_by: '#{current_user.username}', revoked_for: '#{token.user.username}', token_id: '#{token.id}'") + Gitlab::AppLogger.info( + class: self.class.name, + message: "PAT Revoked", + revoked_by: source, + revoked_for: token.user.username, + token_id: token.id) end end end |