feat: increase max_length for api tokens (#65743)

In support of getsentry/rfcs#32. 

API Tokens will be prefixed with seven extra characters (ex. `sntryu_`).
Eventually these plaintext `token` columns will be dropped, but to
maintain backwards compatibility and a smooth transition to fully hashed
tokens we'll still want to store them here.

Author: mdtro

migrations_lockfile.txt

@@ -6,8 +6,8 @@ To resolve this, rebase against latest master and regenerate your migration. Thi
 will then be regenerated, and you should be able to merge without conflicts.
 
 feedback: 0004_index_together
-hybridcloud: 0011_add_hybridcloudapitoken_index
+hybridcloud: 0012_apitoken_increase_token_length
 nodestore: 0002_nodestore_no_dictfield
 replays: 0004_index_together
-sentry: 0654_rename_priority_sort_to_trends
+sentry: 0655_apitoken_increase_token_length
 social_auth: 0002_default_auto_field

src/sentry/hybridcloud/migrations/0012_apitoken_increase_token_length.py

@@ -0,0 +1,31 @@
+# Generated by Django 5.0.2 on 2024-02-23 23:26
+
+from django.db import migrations, models
+
+from sentry.new_migrations.migrations import CheckedMigration
+
+
+class Migration(CheckedMigration):
+    # This flag is used to mark that a migration shouldn't be automatically run in production. For
+    # the most part, this should only be used for operations where it's safe to run the migration
+    # after your code has deployed. So this should not be used for most operations that alter the
+    # schema of a table.
+    # Here are some things that make sense to mark as dangerous:
+    # - Large data migrations. Typically we want these to be run manually by ops so that they can
+    #   be monitored and not block the deploy for a long period of time while they run.
+    # - Adding indexes to large tables. Since this can take a long time, we'd generally prefer to
+    #   have ops run this and not block the deploy. Note that while adding an index is a schema
+    #   change, it's completely safe to run the operation after the code has deployed.
+    is_dangerous = False
+
+    dependencies = [
+        ("hybridcloud", "0011_add_hybridcloudapitoken_index"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="apitokenreplica",
+            name="token",
+            field=models.CharField(max_length=71),
+        ),
+    ]

src/sentry/hybridcloud/models/apitokenreplica.py

@@ -17,7 +17,7 @@ class ApiTokenReplica(Model, HasApiScopes):
     application_is_active = models.BooleanField(default=False)
     user_id = HybridCloudForeignKey("sentry.User", on_delete="CASCADE")
     apitoken_id = HybridCloudForeignKey("sentry.ApiToken", null=False, on_delete="CASCADE")
-    token = models.CharField(max_length=64)
+    token = models.CharField(max_length=71)
     expires_at = models.DateTimeField(null=True)
     allowed_origins = models.TextField(blank=True, null=True)
     date_added = models.DateTimeField(default=timezone.now)

src/sentry/migrations/0655_apitoken_increase_token_length.py

@@ -0,0 +1,41 @@
+# Generated by Django 5.0.2 on 2024-02-23 23:25
+
+from django.db import migrations, models
+
+import sentry.models.apitoken
+from sentry.new_migrations.migrations import CheckedMigration
+
+
+class Migration(CheckedMigration):
+    # This flag is used to mark that a migration shouldn't be automatically run in production. For
+    # the most part, this should only be used for operations where it's safe to run the migration
+    # after your code has deployed. So this should not be used for most operations that alter the
+    # schema of a table.
+    # Here are some things that make sense to mark as dangerous:
+    # - Large data migrations. Typically we want these to be run manually by ops so that they can
+    #   be monitored and not block the deploy for a long period of time while they run.
+    # - Adding indexes to large tables. Since this can take a long time, we'd generally prefer to
+    #   have ops run this and not block the deploy. Note that while adding an index is a schema
+    #   change, it's completely safe to run the operation after the code has deployed.
+    is_dangerous = False
+
+    dependencies = [
+        ("sentry", "0654_rename_priority_sort_to_trends"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="apitoken",
+            name="refresh_token",
+            field=models.CharField(
+                default=sentry.models.apitoken.generate_token, max_length=71, null=True, unique=True
+            ),
+        ),
+        migrations.AlterField(
+            model_name="apitoken",
+            name="token",
+            field=models.CharField(
+                default=sentry.models.apitoken.generate_token, max_length=71, unique=True
+            ),
+        ),
+    ]

src/sentry/models/apitoken.py

@@ -41,11 +41,11 @@ class ApiToken(ReplicatedControlModel, HasApiScopes):
     application = FlexibleForeignKey("sentry.ApiApplication", null=True)
     user = FlexibleForeignKey("sentry.User")
     name = models.CharField(max_length=255, null=True)
-    token = models.CharField(max_length=64, unique=True, default=generate_token)
+    token = models.CharField(max_length=71, unique=True, default=generate_token)
     hashed_token = models.CharField(max_length=128, null=True)
     token_type = models.CharField(max_length=7, choices=AuthTokenType, null=True)
     token_last_characters = models.CharField(max_length=4, null=True)
-    refresh_token = models.CharField(max_length=64, unique=True, null=True, default=generate_token)
+    refresh_token = models.CharField(max_length=71, unique=True, null=True, default=generate_token)
     hashed_refresh_token = models.CharField(max_length=128, null=True)
     expires_at = models.DateTimeField(null=True, default=default_expiration)
     date_added = models.DateTimeField(default=timezone.now)