[dashboard,papi] allow no expiration date PAT

Author: mustard-mh

components/dashboard/src/user-settings/PersonalAccessTokens.tsx

@@ -47,13 +47,23 @@ export enum TokenAction {
     Delete = "DELETE",
 }
 
+export const TokenExpirationForever = "EXPIRATION_FOREVER";
 export const TokenExpirationDays = [
     { value: "7", label: "7 Days" },
     { value: "30", label: "30 Days" },
     { value: "60", label: "60 Days" },
     { value: "180", label: "180 Days" },
+    // TODO: show warning for it?
+    { value: TokenExpirationForever, label: "No expiration" },
 ];
 
+export function getTokenExpirationDescription(date?: Date | null) {
+    if (!date) {
+        return "The token will never expire!";
+    }
+    return `The token will expire on ${dayjs(date).format("MMM D, YYYY")}`;
+}
+
 export const AllPermissions: PermissionDetail[] = [
     {
         name: "Full Access",

components/dashboard/src/user-settings/PersonalAccessTokensCreateView.tsx

@@ -5,15 +5,21 @@
  */
 
 import { PersonalAccessToken } from "@gitpod/public-api/lib/gitpod/experimental/v1/tokens_pb";
-import dayjs from "dayjs";
 import { useEffect, useState } from "react";
 import { Redirect, useHistory, useParams } from "react-router";
 import Alert from "../components/Alert";
 import DateSelector from "../components/DateSelector";
 import { SpinnerOverlayLoader } from "../components/Loader";
 import { personalAccessTokensService } from "../service/public-api";
 import { PageWithSettingsSubMenu } from "./PageWithSettingsSubMenu";
-import { AllPermissions, TokenAction, TokenExpirationDays, TokenInfo } from "./PersonalAccessTokens";
+import {
+    AllPermissions,
+    TokenAction,
+    TokenExpirationDays,
+    TokenExpirationForever,
+    TokenInfo,
+    getTokenExpirationDescription,
+} from "./PersonalAccessTokens";
 import { settingsPathPersonalAccessTokens } from "./settings.routes";
 import ShowTokenModal from "./ShowTokenModal";
 import { Timestamp } from "@bufbuild/protobuf";
@@ -27,7 +33,7 @@ import { TextInputField } from "../components/forms/TextInputField";
 interface EditPATData {
     name: string;
     expirationDays: string;
-    expirationDate: Date;
+    expirationDate: Date | null;
     scopes: Set<string>;
 }
 
@@ -84,7 +90,9 @@ function PersonalAccessTokenCreateView() {
     }, []);
 
     const update = (change: Partial<EditPATData>, addScopes?: string[], removeScopes?: string[]) => {
-        if (change.expirationDays) {
+        if (change.expirationDays === TokenExpirationForever) {
+            change.expirationDate = null;
+        } else {
             change.expirationDate = new Date(Date.now() + Number(change.expirationDays) * 24 * 60 * 60 * 1000);
         }
         const data = { ...token, ...change };
@@ -98,11 +106,11 @@ function PersonalAccessTokenCreateView() {
         setToken(data);
     };
 
-    const handleRegenerate = async (tokenId: string, expirationDate: Date) => {
+    const handleRegenerate = async (tokenId: string, expirationDate: Date | null) => {
         try {
             const resp = await personalAccessTokensService.regeneratePersonalAccessToken({
                 id: tokenId,
-                expirationTime: Timestamp.fromDate(expirationDate),
+                expirationTime: expirationDate ? Timestamp.fromDate(expirationDate) : undefined,
             });
             backToListView({ method: TokenAction.Regenerate, data: resp.token! });
         } catch (e) {
@@ -134,7 +142,7 @@ function PersonalAccessTokenCreateView() {
                 : await personalAccessTokensService.createPersonalAccessToken({
                       token: {
                           name: token.name,
-                          expirationTime: Timestamp.fromDate(token.expirationDate),
+                          expirationTime: token.expirationDate ? Timestamp.fromDate(token.expirationDate) : undefined,
                           scopes: Array.from(token.scopes),
                       },
                   });
@@ -218,9 +226,7 @@ function PersonalAccessTokenCreateView() {
                             {!isEditing && (
                                 <DateSelector
                                     title="Expiration Date"
-                                    description={`The token will expire on ${dayjs(token.expirationDate).format(
-                                        "MMM D, YYYY",
-                                    )}`}
+                                    description={getTokenExpirationDescription(token.expirationDate)}
                                     options={TokenExpirationDays}
                                     value={TokenExpirationDays.find((i) => i.value === token.expirationDays)?.value}
                                     onChange={(value) => {

components/dashboard/src/user-settings/ShowTokenModal.tsx

@@ -5,11 +5,10 @@
  */
 
 import { PersonalAccessToken } from "@gitpod/public-api/lib/gitpod/experimental/v1/tokens_pb";
-import dayjs from "dayjs";
 import { useState } from "react";
 import DateSelector from "../components/DateSelector";
 import Modal, { ModalBody, ModalFooter, ModalHeader } from "../components/Modal";
-import { TokenExpirationDays } from "./PersonalAccessTokens";
+import { TokenExpirationDays, TokenExpirationForever, getTokenExpirationDescription } from "./PersonalAccessTokens";
 import { Button } from "@podkit/buttons/Button";
 
 interface TokenModalProps {
@@ -19,12 +18,12 @@ interface TokenModalProps {
     descriptionImportant: string;
     actionDescription: string;
     showDateSelector?: boolean;
-    onSave: (data: { expirationDate: Date }) => void;
+    onSave: (data: { expirationDate: Date | null }) => void;
     onClose: () => void;
 }
 
 function ShowTokenModal(props: TokenModalProps) {
-    const [expiration, setExpiration] = useState({
+    const [expiration, setExpiration] = useState<{ expirationDays: string; expirationDate: Date | null }>({
         expirationDays: "30",
         expirationDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000),
     });
@@ -44,24 +43,29 @@ function ShowTokenModal(props: TokenModalProps) {
                 <div className="p-4 mt-2 rounded-xl bg-gray-50 dark:bg-gray-800">
                     <div className="font-semibold text-gray-700 dark:text-gray-200">{props.token.name}</div>
                     <div className="font-medium text-gray-400 dark:text-gray-300">
-                        Expires on {dayjs(props.token.expirationTime!.toDate()).format("MMM D, YYYY")}
+                        {getTokenExpirationDescription(props.token.expirationTime?.toDate())}
                     </div>
                 </div>
                 <div className="mt-4">
                     {props.showDateSelector && (
                         <DateSelector
                             title="Expiration Date"
-                            description={`The token will expire on ${dayjs(expiration.expirationDate).format(
-                                "MMM D, YYYY",
-                            )}`}
+                            description={getTokenExpirationDescription(expiration.expirationDate)}
                             options={TokenExpirationDays}
                             value={TokenExpirationDays.find((i) => i.value === expiration.expirationDays)?.value}
-                            onChange={(value) =>
+                            onChange={(value) => {
+                                if (value === TokenExpirationForever) {
+                                    setExpiration({
+                                        expirationDays: value,
+                                        expirationDate: null,
+                                    });
+                                    return;
+                                }
                                 setExpiration({
                                     expirationDays: value,
                                     expirationDate: new Date(Date.now() + Number(value) * 24 * 60 * 60 * 1000),
-                                })
-                            }
+                                });
+                            }}
                         />
                     )}
                 </div>

components/gitpod-db/go/personal_access_token.go

@@ -17,14 +17,14 @@ import (
 )
 
 type PersonalAccessToken struct {
-	ID             uuid.UUID `gorm:"primary_key;column:id;type:varchar;size:255;" json:"id"`
-	UserID         uuid.UUID `gorm:"column:userId;type:varchar;size:255;" json:"userId"`
-	Hash           string    `gorm:"column:hash;type:varchar;size:255;" json:"hash"`
-	Name           string    `gorm:"column:name;type:varchar;size:255;" json:"name"`
-	Scopes         Scopes    `gorm:"column:scopes;type:text;size:65535;" json:"scopes"`
-	ExpirationTime time.Time `gorm:"column:expirationTime;type:timestamp;" json:"expirationTime"`
-	CreatedAt      time.Time `gorm:"column:createdAt;type:timestamp;default:CURRENT_TIMESTAMP(6);" json:"createdAt"`
-	LastModified   time.Time `gorm:"column:_lastModified;type:timestamp;default:CURRENT_TIMESTAMP(6);" json:"_lastModified"`
+	ID             uuid.UUID  `gorm:"primary_key;column:id;type:varchar;size:255;" json:"id"`
+	UserID         uuid.UUID  `gorm:"column:userId;type:varchar;size:255;" json:"userId"`
+	Hash           string     `gorm:"column:hash;type:varchar;size:255;" json:"hash"`
+	Name           string     `gorm:"column:name;type:varchar;size:255;" json:"name"`
+	Scopes         Scopes     `gorm:"column:scopes;type:text;size:65535;" json:"scopes"`
+	ExpirationTime *time.Time `gorm:"column:expirationTime;type:timestamp;" json:"expirationTime"`
+	CreatedAt      time.Time  `gorm:"column:createdAt;type:timestamp;default:CURRENT_TIMESTAMP(6);" json:"createdAt"`
+	LastModified   time.Time  `gorm:"column:_lastModified;type:timestamp;default:CURRENT_TIMESTAMP(6);" json:"_lastModified"`
 
 	// deleted is reserved for use by periodic deleter.
 	_ bool `gorm:"column:deleted;type:tinyint;default:0;" json:"deleted"`
@@ -72,9 +72,6 @@ func CreatePersonalAccessToken(ctx context.Context, conn *gorm.DB, req PersonalA
 	if req.Name == "" {
 		return PersonalAccessToken{}, fmt.Errorf("Token name required")
 	}
-	if req.ExpirationTime.IsZero() {
-		return PersonalAccessToken{}, fmt.Errorf("Expiration time required")
-	}
 
 	now := time.Now().UTC()
 	token := PersonalAccessToken{
@@ -96,7 +93,7 @@ func CreatePersonalAccessToken(ctx context.Context, conn *gorm.DB, req PersonalA
 	return token, nil
 }
 
-func UpdatePersonalAccessTokenHash(ctx context.Context, conn *gorm.DB, tokenID uuid.UUID, userID uuid.UUID, hash string, expirationTime time.Time) (PersonalAccessToken, error) {
+func UpdatePersonalAccessTokenHash(ctx context.Context, conn *gorm.DB, tokenID uuid.UUID, userID uuid.UUID, hash string, expirationTime *time.Time) (PersonalAccessToken, error) {
 	if tokenID == uuid.Nil {
 		return PersonalAccessToken{}, fmt.Errorf("Invalid or empty tokenID")
 	}
@@ -106,9 +103,6 @@ func UpdatePersonalAccessTokenHash(ctx context.Context, conn *gorm.DB, tokenID u
 	if hash == "" {
 		return PersonalAccessToken{}, fmt.Errorf("Token hash required")
 	}
-	if expirationTime.IsZero() {
-		return PersonalAccessToken{}, fmt.Errorf("Expiration time required")
-	}
 
 	db := conn.WithContext(ctx)
 

components/public-api-server/pkg/apiv1/tokens.go

@@ -11,6 +11,7 @@ import (
 	"regexp"
 	"sort"
 	"strings"
+	"time"
 
 	connect "github.com/bufbuild/connect-go"
 	"github.com/gitpod-io/gitpod/common-go/experiments"
@@ -54,9 +55,9 @@ func (s *TokensService) CreatePersonalAccessToken(ctx context.Context, req *conn
 		return nil, err
 	}
 
-	expiry := tokenReq.GetExpirationTime()
-	if !expiry.IsValid() {
-		return nil, connect.NewError(connect.CodeInvalidArgument, errors.New("Received invalid Expiration Time, it is a required parameter."))
+	expirationTime, err := validateNullableExpirationTime(req.Msg.GetExpirationTime())
+	if err != nil {
+		return nil, err
 	}
 
 	scopes, err := validateScopes(tokenReq.GetScopes())
@@ -86,7 +87,7 @@ func (s *TokensService) CreatePersonalAccessToken(ctx context.Context, req *conn
 		Hash:           pat.ValueHash(),
 		Name:           name,
 		Scopes:         scopes,
-		ExpirationTime: expiry.AsTime().UTC(),
+		ExpirationTime: expirationTime,
 	})
 	if err != nil {
 		log.Extract(ctx).WithError(err).Errorf("Failed to store personal access token for user %s", userID.String())
@@ -154,9 +155,9 @@ func (s *TokensService) RegeneratePersonalAccessToken(ctx context.Context, req *
 		return nil, err
 	}
 
-	expiry := req.Msg.GetExpirationTime()
-	if !expiry.IsValid() {
-		return nil, connect.NewError(connect.CodeInvalidArgument, errors.New("Received invalid Expiration Time, it is a required parameter."))
+	expirationTime, err := validateNullableExpirationTime(req.Msg.GetExpirationTime())
+	if err != nil {
+		return nil, err
 	}
 
 	conn, err := getConnection(ctx, s.connectionPool)
@@ -175,7 +176,7 @@ func (s *TokensService) RegeneratePersonalAccessToken(ctx context.Context, req *
 	}
 
 	hash := pat.ValueHash()
-	token, err := db.UpdatePersonalAccessTokenHash(ctx, s.dbConn, tokenID, userID, hash, expiry.AsTime().UTC())
+	token, err := db.UpdatePersonalAccessTokenHash(ctx, s.dbConn, tokenID, userID, hash, expirationTime)
 	if err != nil {
 		if errors.Is(err, db.ErrorNotFound) {
 			return nil, connect.NewError(connect.CodeNotFound, fmt.Errorf("Personal Access Token with ID %s for User %s does not exist", tokenID.String(), userID.String()))
@@ -363,15 +364,18 @@ func personalAccessTokensToAPI(ts []db.PersonalAccessToken) []*v1.PersonalAccess
 }
 
 func personalAccessTokenToAPI(t db.PersonalAccessToken, value string) *v1.PersonalAccessToken {
-	return &v1.PersonalAccessToken{
+	tkn := &v1.PersonalAccessToken{
 		Id: t.ID.String(),
 		// value is only present when the token is first created, or regenerated. It's empty for all subsequent requests.
-		Value:          value,
-		Name:           t.Name,
-		Scopes:         t.Scopes,
-		ExpirationTime: timestamppb.New(t.ExpirationTime),
-		CreatedAt:      timestamppb.New(t.CreatedAt),
+		Value:     value,
+		Name:      t.Name,
+		Scopes:    t.Scopes,
+		CreatedAt: timestamppb.New(t.CreatedAt),
+	}
+	if t.ExpirationTime != nil {
+		tkn.ExpirationTime = timestamppb.New(*t.ExpirationTime)
 	}
+	return tkn
 }
 
 var (
@@ -415,3 +419,15 @@ func validateScopes(scopes []string) ([]string, error) {
 
 	return nil, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("Tokens can currently only have no scopes (empty), or all scopes represented as [%s, %s]", allFunctionsScope, defaultResourceScope))
 }
+
+func validateNullableExpirationTime(expiry *timestamppb.Timestamp) (*time.Time, error) {
+	if expiry != nil && !expiry.IsValid() {
+		return nil, connect.NewError(connect.CodeInvalidArgument, errors.New("Received invalid Expiration Time."))
+	}
+	var expirationTime *time.Time = nil
+	if expiry != nil {
+		tmp := expiry.AsTime().UTC()
+		expirationTime = &tmp
+	}
+	return expirationTime, nil
+}

components/public-api/gitpod/experimental/v1/tokens.proto

@@ -25,6 +25,7 @@ message PersonalAccessToken {
 
   // expiration_time is the time when the token expires
   // Read only.
+  // Null means no expiration_time
   google.protobuf.Timestamp expiration_time = 4;
 
   // scopes are the permission scopes attached to this token.