WIP: Hide private token by default (!6548) · Merge requests · GitLab.org / GitLab FOSS · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

username-removed-443319 requested to merge hide-api-token into master Sep 27, 2016

What does this MR do?

Only show the user's private token after they enter their password.

Are there points in the code the reviewer needs to double check?

@rspeicher has taken a look at the backend, so the frontend 🙂

Why was this MR needed?

It's better to require confirmation that this actually the user before displaying the token: for instance, in the case of an XSS vulnerability.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

CHANGELOG entry added
Tests
- Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if you do - rebase it please)
Squashed related commits together