Skip to content

Remove Private Tokens

Douwe Maan requested to merge dm-remove-private-token into master

To do:

  • Remove Private API Token from profile/account
  • Remove API::Session which can be used to get the private token when providing username/password
  • Remove UserWithPrivateDetails entity.
  • Remove all API/web authentication using private_token or authentication_token (they're the same thing)
  • Sudo scope (lib/api/helpers.rb:432)
  • Migrate Private tokens to PATs with the api scope, as well as the sudo scope if the user is an admin (depends on
  • Remove users.authentication_token
  • Update API docs (doc/api/, doc/user/profile/
  • Move RSS and incoming email tokens to Access Tokens (app/views/profiles/accounts/show.html.haml)
  • Fix specs
  • Add new specs
  • Add changelog item

Closes and

Edited by Douwe Maan

Merge request reports