[PR #2349] feat: add validation for API token expiration date #2236

New issue

Open

opened 2026-02-26 20:33:01 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 20:33:01 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/documenso/documenso/pull/2349
Author: @giteshsarvaiya
Created: 12/30/2025
Status: 🔄 Open

Base: main ← Head: feat/add-token-expiration-validation-in-api-token-flow

---

📝 Commits (1)

• 103a1bc feat: add validation for API token expiration date

📊 Changes

2 files changed (+50 additions, -17 deletions)

View changed files

📝 apps/remix/app/components/forms/token.tsx (+44 -16)
📝 packages/trpc/server/api-token-router/create-api-token.types.ts (+6 -1)

📄 Description

Description

Context:- "Create API Token" component in the "/settings/tokens" route.

Tasks performed:-

• Add frontend validation with form refinement
• Add backend API validation with Zod schema
• Show error message when neither expiration date nor 'never expire' is selected

In the "/settings/tokens" route, the create token form's behavior:-

There are some edge cases present in the currrent app:-

1. The token name is validated but the token expiry date is not.
2. when we create a token without selecting token expiry date or without enabling "never expire" toggle, it creates a new token with no expiry.
3. When we create a token, the entire form state is not nulled, rather only the name is nulled.

Now the UX has been improved

New Behaviour:-

1. Both, token name and the expiration date are validated.
2. User sees an error below the field if token expiry date is not selected or the "never expire" switch is not enabled
3. The entire form state is nulled (reset) after successfully creating a token.
4. The API endpoint is also secured by zod validation.

Attaching a video with explanation:-
Loom Link

Checklist

• I have tested these changes locally and they work as expected.
• I have been successful in building the project locally 'npm run build'
• I have followed the project's coding style guidelines.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/documenso/documenso/pull/2349 **Author:** [@giteshsarvaiya](https://github.com/giteshsarvaiya) **Created:** 12/30/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feat/add-token-expiration-validation-in-api-token-flow` --- ### 📝 Commits (1) - [`103a1bc`](https://github.com/documenso/documenso/commit/103a1bc2b5457db78864763f21f0f9811eb8fe4c) feat: add validation for API token expiration date ### 📊 Changes **2 files changed** (+50 additions, -17 deletions) <details> <summary>View changed files</summary> 📝 `apps/remix/app/components/forms/token.tsx` (+44 -16) 📝 `packages/trpc/server/api-token-router/create-api-token.types.ts` (+6 -1) </details> ### 📄 Description ## Description ### Context:- "Create API Token" component in the "/settings/tokens" route. Tasks performed:- - Add frontend validation with form refinement - Add backend API validation with Zod schema - Show error message when neither expiration date nor 'never expire' is selected #### In the "/settings/tokens" route, the create token form's behavior:- There are some edge cases present in the currrent app:- 1) The token name is validated but the token expiry date is not. 2) when we create a token without selecting token expiry date or without enabling "never expire" toggle, it creates a new token with no expiry. 3) When we create a token, the entire form state is not nulled, rather only the name is nulled. #### Now the UX has been improved New Behaviour:- 1) Both, token name and the expiration date are validated. 2) User sees an error below the field if token expiry date is not selected or the "never expire" switch is not enabled 3) The entire form state is nulled (reset) after successfully creating a token. 4) The API endpoint is also secured by zod validation. Attaching a video with explanation:- [Loom Link](https://www.loom.com/share/29c2c092f22a4eab9bb87bf114ac12b5) ## Checklist - [x] I have tested these changes locally and they work as expected. - [x] I have been successful in building the project locally 'npm run build' - [x] I have followed the project's coding style guidelines. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem added the

pull-request

label 2026-02-26 20:33:01 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

chore/translations

feat/signing-required-field-colors

feat/add-field-overflow-settings

chore/extract-translations

release

feat/public-completed-document-access

feat/bulk-download

docs/signing-reminders

feat/document-file-conversion

feat/prefetch-intent-navigation-links

fix/lint-project

fix/replace-linter-with-biome

fix/security-improvements

perf/dynamic-import-posthog

deps/vite-8

chore/migrate-eslint-prettier-to-oxlint-oxfmt

chore/migrate-to-pnpm

feat/add-pdf-image-renderer

feat/add-embed-v2

fix/extract-emails

feat/table-toolbar-filters

copilot/sub-pr-2478

fix/recipients-send-500

feat/external-2fa-codes

feat/protect-signing-urls

fix/checkbox-checked-values

duncan/legacy-api-endpoints

chore/block-po-files-locally

fix/default-embed-v2-document-rejection-to-false

fix/fields-dialog-title-description

copilot/sub-pr-2323

copilot/sub-pr-2267

exp/autoplace-fields

chore/server-hostname-config

fix/template-add-signers

fix/add-field-drag-drop-colors

fix/envelope-updates

feat/allow-formdata

archive/1.13.2

copilot/add-billing-section-account-page

fix/field-coordinate-bounds

feat/update-user-via-admin-dashboard

feat/expiry-links

feat/team-dashboard

feat/change-radio-direction

feat/admin-create-user-with-org

archive/v1.12.11

feat/envelopes-polish

feat/add-attachments-reworked

fix/font-size-fields

feat/improve-resend-dialog

fix/download-certificate-audit-log-safari

fix/duplicate-document-by-id

feat/document-table-filters

fix/template-migration

exp/effect

fix/migrate-template-metadata

exp/keyboard-signature

feat/document-2fa-redo

feat/add-attachments

feat/billing-redirect-flow

fix/add-api-logging

fix/duplicate-document-template-review

feat/handle-redirectto-param

feat/document-processing-status-indicator

feat/customize-doc-audit-log-certificate

feat/document-2fa

feat/organisations-backup-pls

feat/audit-logs-on-completed-document

chore/webhook-trigger-multiselect

exp/bg

chore/single-signer-wording

fix/template-uploading

feat/bin-tab

fix/staging-test

feat/rr7

squish/rr7

archive/nextjs

power-signer

fix/field-placements

fix/team-member-invites

fix/checkbox-field-bugs

fix/leaderboard-query

fix/zapier-list-documents-endpoint

feat/dictate-signers

feat/allow-same-signer-email-multiple-times

wip/rr7-next

experiment/self-sign

fix/oidc-login-error

feat/document-qrcode

feat/mau

feat/copy-links-audit-logs

chore/december-dep-upgrades

wip/rr7

wip/rr7-auth-package

wip/rr7-better-auth-demo

experiment/what-if-user-ids-were-strings-instead-of-numbers

fix/refactor-api-routes

feat/add-owner-completed-email-setting

fix/embed-whitelabel-colors

feat/delete-archive

fun/sign-with-nose

expiry-links

chore/openpage-viral-metrics

fix/sitemap

feat/signing-reminder

feat/automated-fields-signature

feat/add-polish-translations

staging

fix/open-page

openpage-api-deploy

feat/pulumi

chore/angular-embed-docs

exp/next-15

chore/select-signer

feat/save-data-on-blur

feat/save-recipients-on-blur

feat/signature-color

feat/team-email-template

chore/documenso-url

chore/add-ctas

fix/docker-setup-and-documentation

fix/document-creation-timezone

feat/telemetry

feat/integration-animation

fix/render-deployment

feat/publicProfile

feat/redirect-templates

feat/passkey-dialog

fix/refactor-use-template

chore/resend-onUpdate

chore/subject-onBlur

fix/demo-trpc-duration

fix/self-signer-custom-email-message

fix/benchmark

feat/add-myself-as-signer-temp

feat/checkbox-type

feat/update-marketing-header

experiment/queue

feat/error-demo

feat/add-document-auth-options

feat/document-2fa-test

chore/status-widget

open-page-restructure

feat/document-passkey-test

chore/form-reset

fix/neon-db-migration-test

feat/public-profile

feat/launch-week-content

webhooks_plus_api

exp/custom-field-labels

feat/accept-text-signature

feat/document-version-history

fix/delete-recipient-owners

fix/whitespace-title

feat/refresh

exp/million

feat/doc-comments

ElTimuro-patch-1

feat/teams-slugify

pr/537

date-format-setting

exp/millionjs

feat/runtime-env

chore/next-14

feat/chat-with-documents

feat/plan-limits

fix/467-bugsafari-only-unable-to-copy-document-sharing-link

feat/admin-ui-manage-instance

feat/stripe-free-tier

fix/cascade-delete-share-links

feat/marketing-share-document

feat/single-player-mode-polish

feat/next-13-5-3

chore/github-templates

docs/render-deploy

chore/code-of-conduct

chore/team

feat/add-e2e-testing

docs/minor-readme-updatess

docs/dx

feat-early-adopters

feat/open-early-adopters

fix/432-signee-doc-version-doesnt-have-sticky-signing-area

fix/446-cancel-cta-does-nothing-when-a-signer-opens-the-document

fix/445-signer-name-not-persisting

feat/resend-transport

fix/incorrect-completed-stats

feat/update-email-templates

feat/mania

feat/copy-or-tweet

feat/add-design-system-page

feat/single-player-mode

feat/completed-share-link

feat/designsystem

feat/send-email

feat/custom-emails

blog/upcoming-blog-post

feat/single-player-mode-test

feat/reset-password

blog/selfhosting-blog-post

feat/redirect-signed-document

fix/og-description

feat/universal-upload

chore/readme

chore/blogposts

fix/building-documenso-description

feat/admin-ui-metrics

feat/avatar-fallback

feat/templates

feat/blog-post-next

fix/hide-user-selection

feat/disable-sign

feat/marketing-mobile-nav

chore/remove-console-log-warn

feat/add-email-field

fix/redirect-signin-to-dashboard

feat/blog-og-image

feat/redirect-on-send

feat/billing-page

feat/profile-password-form

fix/signature-color-dark-mode

feat/inbox

feat/promise-safety

readme

chore/reduce-refetch-time

feat/update-document-flow

feat/refactor-shared-components

feat/feature-flag

feat/document-authoring

feat/pie-chart-legend

feat/open-page

docs/add-gitpod-setup

docs/add-render-deploy

docs-coventional-commits

feat/table-actions

minor/updates-google-auth-refresh

feat/add-document-animation

feat/new-email-template

feat/password-reset

fix/send-error-double-send

fix/improve-stripe-webhook-endpoint

feat/support-custom-cert-paths

feat/DOC-170-add-name-field

fix/improve-general-styling

feat/DOC-210-sign-dialog-broken-on-second-opening

bugfix-#71/invalid-email-hint

chore/optimise-deps

test-pr

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.1

v2.7.0

v2.6.1

v2.6.0

v2.5.1

v2.5.0

v2.4.0

v2.3.2

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.14

v2.0.13

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.13.2

v1.13.1

v1.13.0

v1.12.10

v1.12.9

v1.12.8

v1.12.7

v1.12.6

v1.12.5

v1.12.4

v1.12.3

v1.12.2-rc.6

v1.12.2-rc.5

v1.12.2-rc.4

v1.12.2-rc.3

v1.12.2-rc.2

v1.12.2-rc.1

v1.12.2-rc.0

v1.12.1

v1.12.0

v1.12.0-rc.8

v1.12.0-rc.7

v1.12.0-rc.6

v1.12.0-rc.5

v1.12.0-rc.4

v1.12.0-rc.3

v1.12.0-rc.2

v1.12.0-rc.1

v1.12.0-rc.0

v1.11.1

v1.11.0

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.10.0-rc.5

v1.10.0-rc.4

v1.10.0-rc.3

v1.10.0-rc.2

v1.10.0-rc.1

v1.10.0-rc.0

v1.9.1-rc.9

v1.9.1

v1.9.1-rc.8

v1.9.1-rc.7

v1.9.1-rc.6

v1.9.1-rc.5

v1.9.1-rc.4

v1.9.1-rc.3

v1.9.1-rc.2

v1.9.1-rc.1

v1.9.1-rc.0

v1.9.0

v1.9.0-rc.12

v1.9.0-rc.11

v1.9.0-rc.10

v1.9.0-rc.9

v1.9.0-rc.8

v1.9.0-rc.7

v1.9.0-rc.6

v1.9.0-rc.5

final-marketing-release

v1.9.0-rc.4

v1.9.0-rc.3

v1.9.0-rc.2

v1.9.0-rc.1

v1.9.0-rc.0

v1.8.1

v1.8.1-rc.9

v1.8.1-rc.8

v1.8.1-rc.7

v1.8.1-rc.6

v1.8.1-rc.5

v1.8.1-rc.4

v1.8.1-rc.3

v1.8.1-rc.2

v1.8.1-rc.1

v1.8.1-rc.0

v1.8.0-rc.4

v1.8.0

v1.8.0-rc.3

v1.8.0-rc.2

v1.8.0-rc.1

v1.8.0-rc.0

v1.7.2

v1.7.2-rc.4

v1.7.2-rc.3

v1.7.2-rc.2

v1.7.2-rc.1

v1.7.2-rc.0

v1.7.1-rc.3

v1.7.1

v1.7.1-rc.2

v1.7.1-rc.1

v1.7.1-rc.0

v1.7.0

v1.7.0-rc.5

v1.7.0-rc.4

v1.7.0-rc.3

v1.7.0-rc.2

v1.7.0-rc.1

v1.7.0-rc.0

v1.6.1

v1.6.1-rc.1

v1.6.1-rc.0

v1.6.0

v1.6.0-rc.3

v1.6.0-rc.2

v1.6.0-rc.1

v1.6.0-rc.0

v1.5.6

v1.5.6-rc.4

v1.5.6-rc.3

v1.5.6-rc.2

v1.5.6-rc.1

v1.5.6-rc.0

v1.5.5-rc.8

v1.5.5

v1.5.5-rc.7

v1.5.5-rc.6

v1.5.5-rc.5

v1.5.5-rc.4

v1.5.5-rc.3

v1.5.5-rc.2

v1.5.5-rc.1

v1.5.5-rc.0

v1.5.4-rc.5

v1.5.4

v1.5.4-rc.4

v1.5.4-rc.3

v1.5.4-rc.2

v1.5.4-rc.1

v1.5.4-rc.0

v1.5.3-rc.1

v1.5.3

v1.5.3-rc.0

v1.5.2-rc.8

v1.5.2

v1.5.2-rc.7

v1.5.2-rc.6

v1.5.2-rc.5

v1.5.2-rc.4

v1.5.2-rc.3

v1.5.2-rc.2

v1.5.2-rc.1

v1.5.2-rc.0

v1.5.1

v1.5.1-rc.0

v1.5.0-rc.6

v1.5.0

v1.5.0-rc.5

v1.5.0-rc.4

v1.5.0-rc.3

v1.5.0-rc.2

v1.5.0-rc.1

v1.5.0-rc.0

v1.4.0-rc.0

v1.4.0

v1.3.2-rc.0

v1.3.1-rc.2

v1.3.1

v1.3.1-rc.1

v1.3.1-rc.0

v1.3.0-rc.2

v1.3.0

v1.3.0-rc.1

v1.3.0-rc.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1

v1.0

v0.9

before-prettier

0.9-developer-preview

Labels

Clear labels   

Compliance

  

Stale

  

apps: marketing

  

apps: web

  

community

  

component: api

  

component: integrations

  

component: ui

  

duplicate

  

effort: low

  

effort: medium

  

good first issue

  

hacktoberfest

  

help wanted

  

needs triage

  

needs-replication

  

needs-testing

  

on-hold

  

osshack

  

priority: high

  

priority: low

  

priority: medium

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

roadmap

  

status: assigned

  

status: blocked

  

status: in progress

  

status: triage

  

type: bug

  

type: bug

  

type: bug

  

type: documentation

  

type: enhancement

  

type: feature

  

wontfix

  

💎 Bounty

  

💰 Rewarded

  

💰 Rewarded

No labels

Compliance

Stale

apps: marketing

apps: web

community

component: api

component: integrations

component: ui

duplicate

effort: low

effort: medium

good first issue

hacktoberfest

help wanted

needs triage

needs-replication

needs-testing

on-hold

osshack

priority: high

priority: low

priority: medium

pull-request

question

roadmap

status: assigned

status: blocked

status: in progress

status: triage

type: bug

type: bug

type: bug

type: documentation

type: enhancement

type: feature

wontfix

💎 Bounty

💰 Rewarded

💰 Rewarded

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/documenso#2236

No description provided.