Expose UserLogin (private token) rather than UserSafe in discover API (!7153) · Merge requests · GitLab.org / GitLab FOSS · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

username-removed-39229 requested to merge 131/gitlab-ce:patch-9 into master Oct 27, 2016

What does this MR do?

It expose private token in /discover API so it can be used to access the API when you provide a valid private key to gitlab shell. See https://gitlab.com/gitlab-org/gitlab-ce/issues/23835

Please keep discussion track on the ISSUE (gitlab-shell PR also related)

Are there points in the code the reviewer needs to double check?

I assume /discover is an INTERNAL api and will not "leak" sensitive information to un-granted users

Why was this MR needed?

It's a first step so gitlab-shell can acces this information in a friendly manner

Does this MR meet the acceptance criteria?

I'll glady provide changelog & documentation & API support if you agreed on this

CHANGELOG entry added
Documentation created/updated
API support added
Tests
- Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if it does - rebase it please)
Squashed related commits together

What are the relevant issue numbers?