summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorTimothy Andrew <mail@timothyandrew.net>2016-08-26 09:37:57 +0530
committerTimothy Andrew <mail@timothyandrew.net>2016-08-31 12:33:24 +0530
commit727dff3f158b9ef852b2b014d4efe0abd69a23d0 (patch)
tree0f2a3d3819fd4ac40c614555e237a15f9fefc3dd /doc
parent4d042afeced540c0acd887714d8ec7c962b7c507 (diff)
downloadgitlab-ce-727dff3f158b9ef852b2b014d4efe0abd69a23d0.tar.gz
Don't expose a user's private token in the `/api/v3/user` API.
- This would allow anyone with a personal access token (even a read-only token, once scopes are implemented) to escalate their access by obtaining the private token.
Diffstat (limited to 'doc')
-rw-r--r--doc/api/users.md3
1 files changed, 1 insertions, 2 deletions
diff --git a/doc/api/users.md b/doc/api/users.md
index 7e848586dbd..54f7a2a2ace 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -310,8 +310,7 @@ GET /user
"can_create_group": true,
"can_create_project": true,
"two_factor_enabled": true,
- "external": false,
- "private_token": "dd34asd13as"
+ "external": false
}
```