Page MenuHomePhabricator

Make temporary token storage/schema more flexible

Authored by epriestley on Mar 16 2016, 1:14 PM.
Referenced Files
Unknown Object (File)
Mon, Jun 27, 11:22 AM
Unknown Object (File)
Sat, Jun 25, 11:25 AM
Unknown Object (File)
Fri, Jun 17, 3:03 AM
Unknown Object (File)
Wed, Jun 8, 6:02 AM
Unknown Object (File)
May 25 2022, 9:11 AM
Unknown Object (File)
Apr 15 2017, 3:13 PM
Unknown Object (File)
Apr 13 2017, 6:12 AM
Unknown Object (File)
Mar 12 2017, 11:22 AM



Ref T10603. This makes minor updates to temporary tokens:

  • Rename objectPHID (which is sometimes used to store some other kind of identifier instead of a PHID) to tokenResource (i.e., which resource does this token permit access to?).
  • Add a userPHID column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user.
  • Add a properties column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly).
Test Plan
  • Ran bin/storage upgrade -f, got a clean upgrade.
  • Viewed one-time tokens.
  • Revoked one token.
  • Revoked all tokens.
  • Performed a one-time login.
  • Performed a password reset.
  • Added an MFA token.
  • Removed an MFA token.
  • Used a file token to view a file.
  • Verified file token was removed after viewing file.
  • Linked my account to an OAuth1 account (Twitter).

Diff Detail

rP Phabricator
Lint Not Applicable
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Make temporary token storage/schema more flexible.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Mar 16 2016, 3:17 PM
This revision was automatically updated to reflect the committed changes.