Specifying timestamps when creating tokens in rails console

grove · July 26, 2023, 2:21pm

I would like to specify an expiration time when creating a token through rails

gitlab-rails runner 'User.admins.first.personal_access_tokens.create(name: "testtoken1", token_digest: Gitlab::CryptoHelper.sha256("foo"), scopes: [:api])'

works fine,

gitlab-rails runner 'User.admins.first.personal_access_tokens.create(name: "testtoken11", token_digest: Gitlab::CryptoHelper.sha256("bar"), expires_at: "2023-07-26 13:32", scopes: [:api])'

partially works, it only picks up the date part of the specified time, as can be seen in a rails console (on the same machine):

=> 
[#<PersonalAccessToken:0x00007fe492a5c098
  id: 17,
  user_id: 1,
  name: "testtoken11",
  revoked: false,
  expires_at: Wed, 26 Jul 2023,
  created_at: Wed, 26 Jul 2023 13:31:34.350502000 UTC +00:00,
  updated_at: Wed, 26 Jul 2023 13:31:34.350502000 UTC +00:00,
  scopes: [:api, "admin_mode"],
  impersonation: false,
  token_digest: "q1KMz3Fn+Q0RnZdDjd9lEoKhsp5vgk1toe58o1L2O+I=",
  expire_notification_delivered: false,
  last_used_at: nil,
  after_expiry_notification_delivered: false>]

I’ve also tried copying the timestamp for created_at (and changing the time so it would be a bit into the future), with the same result. How do I specify a timestamp so the time part is understood?

dnsmichi · July 26, 2023, 9:09pm

Untested - I think that the ISO 8601 format (2019-03-15T08:00:00Z ) would work, since it is also an expected input for API fields (Releases API | GitLab - released_at).

grove · July 27, 2023, 8:50am

No, just tested twice, both attempts gave the same result as in the reported.

The command

gitlab-rails runner 'User.admins.first.personal_access_tokens.create(name: "testtoken2", token_digest: Gitlab::CryptoHelper.sha256("baz"), expires_at: "2023-07-27T08:40:00Z", scopes: [:api])'

results in:

  id: 3,
  user_id: 1,
  name: "testtoken2",
  revoked: false,
  expires_at: Thu, 27 Jul 2023,
  created_at: Thu, 27 Jul 2023 08:39:00.719468000 UTC +00:00,
  updated_at: Thu, 27 Jul 2023 08:39:00.719468000 UTC +00:00,
  scopes: [:api, "admin_mode"],
  impersonation: false,
  token_digest: "n+EUhE0psYJrcMrkIbW+BADlqjEGHLTWrBi4sOo5kNM=",
  expire_notification_delivered: false,
  last_used_at: nil,
  after_expiry_notification_delivered: false>]

tachyons-gitlab · August 1, 2023, 12:26am

expires_at is a date field, it can not support date time which includes timestamp.

grove · August 1, 2023, 8:58am

Checking on another instance that has users+tokens I have not played with, I can see that expires_at never has a timestamp, so it would seem you’re right. I was probably just hoping it would look like the created_at and updated_at fields right below.