Skip to content

Add a mechanism to remind users to rotate personal auth tokens #23172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 32 commits into from
Apr 14, 2025
Merged

Add a mechanism to remind users to rotate personal auth tokens #23172

merged 32 commits into from
Apr 14, 2025
+768 −8

Conversation

michalkleiner
Copy link
Contributor

@michalkleiner michalkleiner commented Mar 26, 2025
edited
Loading

Description:

The PR adds a scheduled task, new config and a mechanism to send notification email to users when their tokens haven't been rotated over the configured number of days.

Review

Sorry, something went wrong.

@michalkleiner
Add initial code for a mechanism to remind users to rotate personal a…
Loading
Loading status checks…
dab3b6c 
…uth tokens
@michalkleiner
Fix CS

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
Loading
Loading status checks…
738b03c
sgiehl
sgiehl requested changes Mar 27, 2025
View reviewed changes
Copy link
Member

@sgiehl sgiehl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good approach. Left some high level comments for possible improvements/changes.

@michalkleiner
Adjust token provider interface, make it more reusable, adjust respon…
Loading
Loading status checks…
e45fcf2 
…sibilities
@michalkleiner
Mark class as final
Loading
Loading status checks…
8860c8a
@michalkleiner
Copy link
Contributor Author

@sgiehl I've changed the responsibilities a bit, added new interface for the token notification and made it all a bit more reusable and extendable. Please have another look.

@michalkleiner michalkleiner marked this pull request as ready for review March 28, 2025 11:55
@michalkleiner michalkleiner requested a review from sgiehl March 28, 2025 12:39
@michalkleiner michalkleiner added Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. labels Mar 28, 2025
@michalkleiner michalkleiner added this to the 5.4.0 milestone Mar 28, 2025
@michalkleiner
Rework responsibilities, abstract token notification for allow other …
d279dd4 
…types other than email, simplify token provider, remove callbacks
@michalkleiner
Merge branch '5.x-dev' into dev-18658
Loading
Loading status checks…
a2ccb88
@michalkleiner
Remove unnecessary use statement
Loading
Loading status checks…
68fa801
@michalkleiner michalkleiner requested a review from mneudert April 4, 2025 12:31
@michalkleiner
Copy link
Contributor Author

Thanks for your feedback @mneudert, all should be addressed.

@michalkleiner michalkleiner changed the title Add initial code for a mechanism to remind users to rotate personal auth tokens Add a mechanism to remind users to rotate personal auth tokens Apr 7, 2025
@michalkleiner michalkleiner requested a review from sgiehl April 7, 2025 12:36
mneudert
mneudert reviewed Apr 10, 2025
View reviewed changes
@michalkleiner michalkleiner requested a review from mneudert April 11, 2025 08:49
@michalkleiner
Exclude anonymous user by login
Loading
Loading status checks…
4913893
@michalkleiner michalkleiner requested a review from mneudert April 11, 2025 15:26
@michalkleiner
Copy link
Contributor Author

Thanks for the reviews everyone! I'll leave the branch open until internal QA is done on it.

@michalkleiner michalkleiner dismissed sgiehl’s stale review April 14, 2025 10:34

Marc approved and QA tested

@michalkleiner michalkleiner merged commit 191d36d into 5.x-dev Apr 14, 2025
25 of 27 checks passed
@michalkleiner michalkleiner deleted the dev-18658 branch April 14, 2025 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caddoo caddoo

@mneudert mneudert

@sgiehl sgiehl

Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
5.4.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@michalkleiner @mneudert @caddoo @sgiehl