[I] No "Revoke All Tokens for ALL Users" Global Capability (tooling-trusted-releases)

Fri, 03 Apr 2026 12:49:27 -0700 


asf-tooling opened a new issue, #1112:
URL: https://github.com/apache/tooling-trusted-releases/issues/1112

   **ASVS Level(s):** L2
   
   **Description:**
   
   ### Summary
   The admin can revoke PATs for a single user at a time via 
`revoke_all_user_tokens()`. In a security incident affecting all users (e.g., 
PAT hash algorithm weakness), there's no single action to revoke all PATs for 
all users. The JWT key rotation covers JWTs but PATs themselves remain valid 
(and could be exchanged for new JWTs after key rotation). In a mass security 
incident, admin must individually revoke tokens for each user shown on the 
revoke page, which is slow and error-prone.
   
   ### Details
   In `atr/storage/writers/tokens.py` at line 163, the 
`revoke_all_user_tokens()` function only handles single-user revocation. No 
global revocation capability exists in `atr/admin/__init__.py`.
   
   ### Recommended Remediation
   Add a `revoke_all_tokens_globally()` method to 
`atr/storage/writers/tokens.py` that queries all PersonalAccessToken records, 
deletes them, and logs the global revocation to audit. Add a corresponding 
admin route (RevokeAllTokensGloballyForm and revoke_all_tokens_globally_post) 
to `atr/admin/__init__.py` with confirmation string 'REVOKE ALL TOKENS' and 
strong warning message about impact.
   
   ### Acceptance Criteria
   - [ ] Global revocation method implemented
   - [ ] Admin route with strong confirmation added
   - [ ] Audit logging for global revocation
   - [ ] Unit tests verify global revocation logic
   
   ### References
   - Source reports: L2:7.4.5.md
   - Related findings: FINDING-037, FINDING-132
   - ASVS sections: 7.4.5
   
   ### Priority
   Low
   
   ---
   
   ---
   
   **Triage notes:** very-low


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to