Skip to content
GitLab
Next
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    Projects Groups Topics Snippets
  • Register
  • Sign in
  • GitLab FOSS GitLab FOSS
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 22
    • Issues 22
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 0
    • Merge requests 0
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • GitLab FOSSGitLab FOSS
  • Merge requests
  • !14838

Remove Private Tokens

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Douwe Maan requested to merge dm-remove-private-token into master Oct 12, 2017
  • Overview 31
  • Commits 15
  • Pipelines 14
  • Changes 60

To do:

  • Remove Private API Token from profile/account
  • Remove API::Session which can be used to get the private token when providing username/password
  • Remove UserWithPrivateDetails entity.
  • Remove all API/web authentication using private_token or authentication_token (they're the same thing)
  • Sudo scope (lib/api/helpers.rb:432)
  • Migrate Private tokens to PATs with the api scope, as well as the sudo scope if the user is an admin (depends on https://gitlab.com/gitlab-org/gitlab-ce/issues/38447)
  • Remove users.authentication_token
  • Update API docs (doc/api/README.md, doc/user/profile/personal_access_tokens.md)
  • Move RSS and incoming email tokens to Access Tokens (app/views/profiles/accounts/show.html.haml)
  • Fix specs
  • Add new specs
  • Add changelog item

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/38595 and https://gitlab.com/gitlab-org/gitlab-ce/issues/38447

Edited Nov 02, 2017 by Douwe Maan
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: dm-remove-private-token