clojars · frenchy64 · Apr 6, 2026 · Apr 6, 2026 · Apr 6, 2026 · Apr 6, 2026
diff --git a/resources/public/stylesheets/screen.css b/resources/public/stylesheets/screen.css
@@ -762,6 +762,15 @@ table.deploy-tokens tr.token-used td.name {
     padding: 5px;
 }
 
+.token-id {
+    text-align: center;
+}
+
+.token-id pre {
+    background-color: #e9e9e9;
+    padding: 5px;
+}
+
 a.login-button {
   background: #24292e;
   color: #ffffff;

diff --git a/src/clojars/db.clj b/src/clojars/db.clj
@@ -865,10 +865,10 @@
                 :single_use (jdbc.types/as-other (if single-use?
                                                    "yes"
                                                    "no"))
-                :expires_at expires-at}]
-    (sql/insert! db :deploy_tokens
-                 (update record :token bcrypt))
-    record))
+                :expires_at expires-at}
+        {:deploy_tokens/keys [id]} (sql/insert! db :deploy_tokens
+                                                (update record :token bcrypt))]
+    (assoc record :token_id id)))
 
 (defn find-deploy-tokens-for-user
   [db user-id]
@@ -912,17 +912,18 @@
                {:id token-id
                 :token_hash nil}))
 
-(defn add-audit [db tag username group-name jar-name version message]
+(defn add-audit [db tag username token-id group-name jar-name version message]
   (sql/insert! db :audit
                {:tag        tag
                 user-column username
                 :group_name group-name
                 :jar_name   jar-name
                 :version    version
-                :message    message}))
+                :message    message
+                :token_id   token-id}))
 
 (defn find-audit
-  [db {:keys [username group-name jar-name version]}]
+  [db {:keys [username group-name jar-name version token-id]}]
   (when-some [where (cond
                       version    [:and
                                   [:= :group_name group-name]
@@ -933,6 +934,7 @@
                                   [:= :jar_name jar-name]]
                       group-name [:= :group_name group-name]
                       username   [:= :user username]
+                      token-id   [:= :token_id token-id]
                       :else      nil)]
     (q db
        {:select :*

diff --git a/src/clojars/db/migrate.clj b/src/clojars/db/migrate.clj
@@ -91,6 +91,12 @@
                         "tag text not null,"
                         "created timestamp not null default current_timestamp)")]))
 
+(defn- add-token-id-to-audit-table
+  [tx]
+  (db/do-commands tx
+                  ["alter table audit add column token_id integer" ; references deploy_tokens(id)
+                   ]))
+
 (defn- add-single-use-to-tokens
   [tx]
   (db/do-commands tx
@@ -150,6 +156,7 @@
    #'add-hash-to-deploy-tokens-table
    #'add-group-verifications-table
    #'add-audit-table
+   #'add-token-id-to-audit-table
    #'add-single-use-to-tokens
    #'add-expires-at-to-tokens
    #'add-send-deploy-emails-to-users

diff --git a/src/clojars/log.clj b/src/clojars/log.clj
@@ -64,8 +64,8 @@
 
 (defn audit
   [db m]
-  (let [{:keys [group artifact message tag username version]} (merge *context* m)]
-    (db/add-audit db (name tag) username group artifact version message)))
+  (let [{:keys [group artifact message tag username token-id version]} (merge *context* m)]
+    (db/add-audit db (name tag) username token-id group artifact version message)))
 
 (defn trace-id
   []

diff --git a/src/clojars/routes/repo.clj b/src/clojars/routes/repo.clj
@@ -454,7 +454,8 @@
           (read-metadata dir)
 
           md-file (io/file dir group-path name "maven-metadata.xml")]
-      (log/with-context {:version version}
+      (log/with-context {:version version
+                         :token-id (:id (token-from-session session))}
         ;; since we trigger on maven-metadata.xml, we don't actually
         ;; have the sums for it because they are uploaded *after* the
         ;; metadata file itself. This means that it's possible for a

diff --git a/src/clojars/web/common.clj b/src/clojars/web/common.clj
@@ -439,13 +439,15 @@
     [:tr
      [:th "Tag"]
      [:th "User"]
+     [:th "Token ID"]
      [:th "Artifact"]
      [:th "Message"]
      [:th "Timestamp"]]
     (for [audit (db/find-audit db lookup)]
       [:tr
        [:td [:pre (:tag audit)]]
        [:td (when (:user audit) (user-link (:user audit)))]
+       [:td (:token_id audit)]
        [:td (link-project audit)]
        [:td (linkify (:message audit))]
        [:td (:created audit)]])]])

diff --git a/src/clojars/web/token.clj b/src/clojars/web/token.clj
@@ -7,13 +7,17 @@
    [hiccup.form :refer [check-box drop-down label text-field submit-button]]))
 
 (defn- new-token-message
-  [{:keys [name token]}]
+  [{:keys [name token token_id]}]
   (when token
     (list
-     [:p (format "Your new deploy token '%s' has been created. It will only be shown this one time, so be sure to copy it now:"
-                 name)]
+     [:p (format "Your new deploy token '%s' with id '%s' has been created. It will only be shown this one time, so be sure to copy it now:"
+                 name
+                 token_id)]
      [:div.new-token
-      [:pre token]])))
+      [:pre token]]
+     [:p "Token ID:"]
+     [:div.token-id
+      [:pre token_id]])))
 
 (defn- scope
   [{:keys [group_name jar_name]}]
@@ -95,6 +99,7 @@
        [:table.table.deploy-tokens
         [:thead
          [:tr
+          [:th "Token ID"]
           [:th "Token Name"]
           [:th "Scope"]
           [:th "Single Use?"]
@@ -114,6 +119,7 @@
                                                 (when expired? "token-expired")
                                                 (when used? "token-used")]))]]
            [:tr {:class classes}
+            [:td.id (:id token)]
             [:td.name (:name token)]
             [:td.scope (scope token)]
             [:td.single-use (:single_use token)]

diff --git a/test/clojars/integration/steps.clj b/test/clojars/integration/steps.clj
@@ -45,9 +45,9 @@
        (fill-in-captcha)
        (press "Register"))))
 
-(defn create-deploy-token
+(defn create-deploy-token*
   ([state user password token-name]
-   (create-deploy-token state user password token-name {}))
+   (create-deploy-token* state user password token-name {}))
   ([state user password token-name {:keys [expires-in scope single-use?]}]
    (-> state
        (login-as user password)
@@ -59,9 +59,15 @@
        (cond-> expires-in (choose "Expires in" expires-in))
        (press "Create Token")
        :enlive
-       (enlive/select [:div.new-token :> :pre])
-       (first)
-       (enlive/text))))
+       ((fn [e]
+          {:token-id (-> e (enlive/select [:div.token-id :> :pre]) first enlive/text Integer/parseInt)
+           :token (-> e (enlive/select [:div.new-token :> :pre]) first enlive/text)})))))
+
+(defn create-deploy-token
+  ([state user password token-name]
+   (create-deploy-token state user password token-name {}))
+  ([state user password token-name opts]
+   (:token (create-deploy-token* state user password token-name opts))))
 
 (defn enable-mfa
   [state user password]

diff --git a/test/clojars/integration/uploads_test.clj b/test/clojars/integration/uploads_test.clj
@@ -11,7 +11,7 @@
    [clojars.email :as email]
    [clojars.file-utils :as fu]
    [clojars.http-utils :refer [clear-sessions!]]
-   [clojars.integration.steps :refer [create-deploy-token login-as register-as]]
+   [clojars.integration.steps :refer [create-deploy-token create-deploy-token* login-as register-as]]
    [clojars.s3 :as s3]
    [clojars.test-helper :as help]
    [clojars.web.common :as common]
@@ -84,7 +84,7 @@
 (deftest user-can-register-and-deploy
   (-> (session (help/app))
       (register-as "dantheman" "test@example.org" "password"))
-  (let [token (create-deploy-token (session (help/app)) "dantheman" "password" "testing")
+  (let [{:keys [token token-id]} (create-deploy-token* (session (help/app)) "dantheman" "password" "testing")
         now (db/get-time)]
     (with-redefs [db/get-time (constantly now)]
       (deploy
@@ -110,7 +110,8 @@
                        :user "dantheman"
                        :group_name "org.clojars.dantheman"
                        :jar_name "test"
-                       :version "0.0.1"})
+                       :version "0.0.1"
+                       :token_id token-id})
 
     (-> (session (help/app))
         (visit "/groups/org.clojars.dantheman")

diff --git a/test/clojars/unit/admin_test.clj b/test/clojars/unit/admin_test.clj
@@ -194,7 +194,7 @@
                                      :version "1.0"})
 
   ;; And: and audit record
-  (db/add-audit admin/*db* "testing" "testuser" nil nil nil "a message")
+  (db/add-audit admin/*db* "testing" "testuser" nil nil nil nil "a message")
 
   (let [user-id      (:id (db/find-user admin/*db* "testuser"))