From fbdf057898475653c847601f257e140494944f46 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@selenight.nl>
Date: Thu, 12 Oct 2017 10:26:13 +0200
Subject: [PATCH] Remove private_token from API user entity

---
 doc/api/users.md                                        | 3 +--
 lib/api/entities.rb                                     | 4 ----
 lib/api/users.rb                                        | 4 +---
 spec/fixtures/api/schemas/public_api/v4/user/login.json | 6 ++----
 spec/support/gitlab_stubs/session.json                  | 4 +---
 spec/support/gitlab_stubs/user.json                     | 6 ++----
 6 files changed, 7 insertions(+), 20 deletions(-)

diff --git a/doc/api/users.md b/doc/api/users.md
index 1643c584244..aa711090af1 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -410,8 +410,7 @@ GET /user
   "can_create_group": true,
   "can_create_project": true,
   "two_factor_enabled": true,
-  "external": false,
-  "private_token": "dd34asd13as"
+  "external": false
 }
 ```
 
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index efe874b2e6b..67cecb6a7ad 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -57,10 +57,6 @@ module API
       expose :admin?, as: :is_admin
     end
 
-    class UserWithPrivateDetails < UserWithAdmin
-      expose :private_token
-    end
-
     class Email < Grape::Entity
       expose :id, :email
     end
diff --git a/lib/api/users.rb b/lib/api/users.rb
index b6f97a1eac2..d80b364bd09 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -507,9 +507,7 @@ module API
       end
       get do
         entity =
-          if sudo?
-            Entities::UserWithPrivateDetails
-          elsif current_user.admin?
+          if current_user.admin?
             Entities::UserWithAdmin
           else
             Entities::UserPublic
diff --git a/spec/fixtures/api/schemas/public_api/v4/user/login.json b/spec/fixtures/api/schemas/public_api/v4/user/login.json
index e6c1d9c9d84..aa066883c47 100644
--- a/spec/fixtures/api/schemas/public_api/v4/user/login.json
+++ b/spec/fixtures/api/schemas/public_api/v4/user/login.json
@@ -27,11 +27,9 @@
     "can_create_group",
     "can_create_project",
     "two_factor_enabled",
-    "external",
-    "private_token"
+    "external"
   ],
   "properties": {
-    "$ref": "full.json",
-    "private_token": { "type": "string" }
+    "$ref": "full.json"
   }
 }
diff --git a/spec/support/gitlab_stubs/session.json b/spec/support/gitlab_stubs/session.json
index 688175369ae..658ff5871b0 100644
--- a/spec/support/gitlab_stubs/session.json
+++ b/spec/support/gitlab_stubs/session.json
@@ -14,7 +14,5 @@
   "provider":null,
   "is_admin":false,
   "can_create_group":false,
-  "can_create_project":false,
-  "private_token":"Wvjy2Krpb7y8xi93owUz",
-  "access_token":"Wvjy2Krpb7y8xi93owUz"
+  "can_create_project":false
 }
diff --git a/spec/support/gitlab_stubs/user.json b/spec/support/gitlab_stubs/user.json
index ce8dfe5ae75..658ff5871b0 100644
--- a/spec/support/gitlab_stubs/user.json
+++ b/spec/support/gitlab_stubs/user.json
@@ -14,7 +14,5 @@
   "provider":null,
   "is_admin":false,
   "can_create_group":false,
-  "can_create_project":false,
-  "private_token":"Wvjy2Krpb7y8xi93owUz",
-  "access_token":"Wvjy2Krpb7y8xi93owUz"
-}
\ No newline at end of file
+  "can_create_project":false
+}