Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove auth_token from UserSerializer #104

Closed
glemmaPaul opened this issue Sep 29, 2015 · 1 comment
Closed

Remove auth_token from UserSerializer #104

glemmaPaul opened this issue Sep 29, 2015 · 1 comment
Assignees
@glemmaPaul
Labels
bug

Comments

@glemmaPaul
Copy link
Collaborator

I'm not sure if intended, but auth_token is in the response GET /users/.
@glemmaPaul glemmaPaul added the bug label Sep 29, 2015
@glemmaPaul glemmaPaul self-assigned this Sep 29, 2015
@glemmaPaul glemmaPaul mentioned this issue Sep 29, 2015
Merged
@agconti
Copy link
Owner

agconti commented Oct 6, 2015

@glemmaPaul This was originally intended for an app that restricted user list and detail with an isOwner permission.

Rather than implement an isOwner permission here, I agree that it makes more sense to remove it from user list and detail. Especially since a user's auth_token can always be retrieved at api-token-auth/ and users will get it when they register.

Great catch, thanks!

@agconti agconti mentioned this issue Oct 6, 2015
Closed
5 tasks
@agconti agconti closed this as completed Oct 6, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@glemmaPaul glemmaPaul

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agconti @glemmaPaul