Remove Private Token from User Settings > Account

4b93429a · Douwe Maan · 3c03388b · 4b93429a · 4b93429a · 4b93429a
Commit 4b93429a authored Oct 12, 2017 by Douwe Maan
6 changed files
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -24,16 +24,6 @@ class ProfilesController < Profiles::ApplicationController
    end
  end

-  def reset_private_token
-    Users::UpdateService.new(current_user, user: @user).execute! do |user|
-      user.reset_authentication_token!
-    end
-
-    flash[:notice] = "Private token was successfully reset"
-
-    redirect_to profile_account_path
-  end
-
  def reset_incoming_email_token
    Users::UpdateService.new(current_user, user: @user).execute! do |user|
      user.reset_incoming_email_token!

--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -9,17 +9,16 @@
 .row.prepend-top-default
  .col-lg-4.profile-settings-sidebar
    %h4.prepend-top-0
-      Private Tokens
+      - number_of_tokens = incoming_email_token_enabled? ? 2 : 1
+      = "Private Token".pluralize(number_of_tokens)
    %p
-      Keep these tokens secret, anyone with access to them can interact with
+      Keep your private tokens secret. Anyone with access to them can interact with some part of
      GitLab as if they were you.
  .col-lg-8.private-tokens-reset
-    = render partial: 'reset_token', locals: { label: 'Private token', button_label: 'Reset private token', help_text: 'Your private token is used to access the API and Atom feeds without username/password authentication.' }
-
-    = render partial: 'reset_token', locals: { label: 'RSS token', button_label: 'Reset RSS token', help_text: 'Your RSS token is used to create urls for personalized RSS feeds.' }
+    = render partial: 'reset_token', locals: { label: 'RSS token', button_label: 'Reset RSS token', help_text: 'Your RSS token is used to access your personalized RSS feeds without username/password authentication. It cannot be used to access any other data.' }

    - if incoming_email_token_enabled?
-      = render partial: 'reset_token', locals: { label: 'Incoming email token', button_label: 'Reset incoming email token', help_text: 'Your incoming email token is used to create new issues by email, and is included in your project-specific email addresses.' }
+      = render partial: 'reset_token', locals: { label: 'Incoming email token', button_label: 'Reset incoming email token', help_text: 'Your incoming email token is used to authenticate you when creating new issues by email, and is included in your project-specific email addresses. It cannot be used to access any other data.' }

 %hr
 .row.prepend-top-default

--- a/config/routes/profile.rb
+++ b/config/routes/profile.rb
@@ -6,7 +6,6 @@ resource :profile, only: [:show, :update] do
    get :audit_log
    get :applications, to: 'oauth/applications#index'

-    put :reset_private_token
    put :reset_incoming_email_token
    put :reset_rss_token
    put :update_username

--- a/doc/administration/troubleshooting/debug.md
+++ b/doc/administration/troubleshooting/debug.md
@@ -141,7 +141,7 @@ separate Rails process to debug the issue:

 1. Log in to your GitLab account.
 1. Copy the URL that is causing problems (e.g. https://gitlab.com/ABC).
-1. Obtain the private token for your user (Profile Settings -> Account).
+1. Create a Personal Access Token for your user (Profile Settings -> Access Tokens).
 1. Bring up the GitLab Rails console. For omnibus users, run:

    ```

--- a/doc/user/profile/index.md
+++ b/doc/user/profile/index.md
@@ -52,7 +52,7 @@ You can edit your account settings by navigating from the up-right corner menu b
 From there, you can:

 - Update your personal information
- Manage [private tokens](../../api/README.md#private-tokens), email tokens, [2FA](account/two_factor_authentication.md)
+- Manage [2FA](account/two_factor_authentication.md)
 - Change your username and [delete your account](account/delete_account.md)
 - Manage applications that can
 [use GitLab as an OAuth provider](../../integration/oauth_provider.md#introduction-to-oauth)

--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@@ -135,7 +135,6 @@ end
 #             profile_history GET    /profile/history(.:format)             profile#history
 #            profile_password PUT    /profile/password(.:format)            profile#password_update
 #               profile_token GET    /profile/token(.:format)               profile#token
-# profile_reset_private_token PUT    /profile/reset_private_token(.:format) profile#reset_private_token
 #                     profile GET    /profile(.:format)                     profile#show
 #              profile_update PUT    /profile/update(.:format)              profile#update
 describe ProfilesController, "routing" do
@@ -147,10 +146,6 @@ describe ProfilesController, "routing" do
    expect(get("/profile/audit_log")).to route_to('profiles#audit_log')
  end

-  it "to #reset_private_token" do
-    expect(put("/profile/reset_private_token")).to route_to('profiles#reset_private_token')
-  end
-
  it "to #reset_rss_token" do
    expect(put("/profile/reset_rss_token")).to route_to('profiles#reset_rss_token')
  end