show when token expired

mawinter69 · mawinter69 · commit 5d18201877b1 · 2025-11-26T19:45:15.000+01:00
diff --git a/core/src/main/java/jenkins/security/ApiTokenProperty.java b/core/src/main/java/jenkins/security/ApiTokenProperty.java
@@ -257,13 +257,16 @@ public static class TokenInfoAndStats {
         public final Date lastUseDate;
         public final long numDaysUse;
         public final String expirationDate;
+        public final boolean expired;
 
         public TokenInfoAndStats(@NonNull ApiTokenStore.HashedToken token, @NonNull ApiTokenStats.SingleTokenStats stats) {
             this.uuid = token.getUuid();
             this.name = token.getName();
             this.creationDate = token.getCreationDate();
             this.numDaysCreation = token.getNumDaysCreation();
             this.isLegacy = token.isLegacy();
+            this.expired = token.isExpired();
+
             LocalDate expirationDate = token.getExpirationDate();
             if (expirationDate == null) {
                 this.expirationDate = "never";
diff --git a/core/src/main/java/jenkins/security/apitoken/ApiTokenStore.java b/core/src/main/java/jenkins/security/apitoken/ApiTokenStore.java
@@ -433,6 +433,12 @@ public void rename(String newName) {
             this.name = newName;
         }
 
+        public boolean isExpired() {
+            LocalDate now = LocalDate.now();
+            LocalDate expiration = Objects.requireNonNullElseGet(expirationDate, LocalDate::now);
+            return expiration.isBefore(now);
+        }
+
         public boolean match(byte[] hashedBytes) {
             byte[] hashFromHex;
             try {
@@ -442,9 +448,7 @@ public boolean match(byte[] hashedBytes) {
                 return false;
             }
 
-            LocalDate now = LocalDate.now();
-            LocalDate expiration = Objects.requireNonNullElseGet(expirationDate, LocalDate::now);
-            boolean expired = expiration.isBefore(now);
+            boolean expired = isExpired();
             // String.equals() is not constant-time but this method is. No link between correctness and time spent
             return MessageDigest.isEqual(hashFromHex, hashedBytes) && !expired;
         }
diff --git a/core/src/main/resources/jenkins/security/ApiTokenProperty/config.jelly b/core/src/main/resources/jenkins/security/ApiTokenProperty/config.jelly
@@ -164,6 +164,11 @@ THE SOFTWARE.
                                 </div>
                                 <div>
                                     <j:choose>
+                                        <j:when test="${token.expired}">
+                                            <span class="error">
+                                                ${%This token has expired}
+                                            </span>
+                                        </j:when>
                                         <j:when test="${token.expirationDate == 'never'}">
                                             <span class="warning">
                                                 ${%This token does not expire}
