Remove Private Tokens
To do:
-
Remove Private API Token from
profile/account
-
Remove
API::Session
which can be used to get the private token when providing username/password -
Remove
UserWithPrivateDetails
entity. -
Remove all API/web authentication using
private_token
orauthentication_token
(they're the same thing) -
Sudo scope (
lib/api/helpers.rb:432
) -
Migrate Private tokens to PATs with the
api
scope, as well as thesudo
scope if the user is an admin (depends on https://gitlab.com/gitlab-org/gitlab-ce/issues/38447) -
Remove
users.authentication_token
-
Update API docs (
doc/api/README.md
,doc/user/profile/personal_access_tokens.md
) -
Move RSS and incoming email tokens to Access Tokens (
app/views/profiles/accounts/show.html.haml
) - Fix specs
- Add new specs
- Add changelog item
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/38595 and https://gitlab.com/gitlab-org/gitlab-ce/issues/38447