diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2016-08-26 09:37:57 +0530 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2016-08-31 12:33:24 +0530 |
commit | 727dff3f158b9ef852b2b014d4efe0abd69a23d0 (patch) | |
tree | 0f2a3d3819fd4ac40c614555e237a15f9fefc3dd /doc/api/users.md | |
parent | 4d042afeced540c0acd887714d8ec7c962b7c507 (diff) | |
download | gitlab-ce-727dff3f158b9ef852b2b014d4efe0abd69a23d0.tar.gz |
Don't expose a user's private token in the `/api/v3/user` API.
- This would allow anyone with a personal access token (even a read-only
token, once scopes are implemented) to escalate their access by
obtaining the private token.
Diffstat (limited to 'doc/api/users.md')
-rw-r--r-- | doc/api/users.md | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/doc/api/users.md b/doc/api/users.md index 7e848586dbd..54f7a2a2ace 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -310,8 +310,7 @@ GET /user "can_create_group": true, "can_create_project": true, "two_factor_enabled": true, - "external": false, - "private_token": "dd34asd13as" + "external": false } ``` |