spec · ddc5b9f7236f8932c32ec9ec1d91338aab22a9e0 · Forest Godfrey / gitlab-ce

Merge branch '20911-remove-private-token-from-users-api' into 'master' · 54199afb

authored Aug 31, 2016

Don't expose a user's private token in the `/api/v3/user` API

## Why was this MR needed?

A user's private token is being leaked in the `/api/v3/user` API.

## What are the relevant issue numbers?

- Closes #20911

## Does this MR meet the acceptance criteria?

- [ ]  #20911 !6047 Application-Specific Tokens Are Insecure
    - [x]  Implementation
    - [x]  Test
    - [x]  CHANGELOG
    - [x]  Make sure build is green
    - [x]  Assign to endboss
    - [ ]  Wait for merge


See merge request !6047

54199afb

Name	Last commit	Last update
..
config		Loading commit data...
controllers		Loading commit data...
factories		Loading commit data...
features		Loading commit data...
finders		Loading commit data...
fixtures		Loading commit data...
helpers		Loading commit data...
initializers		Loading commit data...
javascripts		Loading commit data...
lib		Loading commit data...
mailers		Loading commit data...
models		Loading commit data...
requests		Loading commit data...
routing		Loading commit data...
services		Loading commit data...
support		Loading commit data...
tasks/gitlab		Loading commit data...
uploaders		Loading commit data...
views		Loading commit data...
workers		Loading commit data...
factories_spec.rb		Loading commit data...
rails_helper.rb		Loading commit data...
simplecov_env.rb		Loading commit data...
spec_helper.rb		Loading commit data...
teaspoon_env.rb		Loading commit data...