To do:
-
Remove Private API Token from profile/account
-
Remove API::Session
which can be used to get the private token when providing username/password -
Remove UserWithPrivateDetails
entity. -
Remove all API/web authentication using private_token
orauthentication_token
(they're the same thing) -
Sudo scope ( lib/api/helpers.rb:432
) -
Migrate Private tokens to PATs with the api
scope, as well as thesudo
scope if the user is an admin (depends on https://gitlab.com/gitlab-org/gitlab-ce/issues/38447) -
Remove users.authentication_token
-
Update API docs ( doc/api/README.md
,doc/user/profile/personal_access_tokens.md
) -
Move RSS and incoming email tokens to Access Tokens ( app/views/profiles/accounts/show.html.haml
) -
Fix specs -
Add new specs -
Add changelog item
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/38595 and https://gitlab.com/gitlab-org/gitlab-ce/issues/38447