Skip to content

Expose UserLogin (private token) rather than UserSafe in discover API

François Leurent requested to merge 131/gitlab-ce:patch-9 into master

What does this MR do?

It expose private token in /discover API so it can be used to access the API when you provide a valid private key to gitlab shell. See https://gitlab.com/gitlab-org/gitlab-ce/issues/23835

Please keep discussion track on the ISSUE (gitlab-shell PR also related)

Are there points in the code the reviewer needs to double check?

I assume /discover is an INTERNAL api and will not "leak" sensitive information to un-granted users

Why was this MR needed?

It's a first step so gitlab-shell can acces this information in a friendly manner

Does this MR meet the acceptance criteria?

I'll glady provide changelog & documentation & API support if you agreed on this

What are the relevant issue numbers?

Merge request reports