Make the exposing of the Application secret more explicit

To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation).

Make the exposing of the Application secret more explicit
To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation).
45b62dfd · Toon Claes · d38faa30 · 45b62dfd · 45b62dfd
Commit 45b62dfd authored Jan 24, 2018 by Toon Claes
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

lib/api/applications.rb lib/api/applications.rb +2 -2

lib/api/entities.rb lib/api/entities.rb +5 -1

No files found.
--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
@@ -6,7 +6,7 @@ module API
    resource :applications do
      desc 'Create a new application' do
        detail 'This feature was introduced in GitLab 10.5'
-        success Entities::Application
+        success Entities::ApplicationWithSecret
      end
      params do
        requires :name, type: String, desc: 'Application name'
@@ -17,7 +17,7 @@ module API
        application = Doorkeeper::Application.new(declared_params)
        if application.save
-          present application, with: Entities::Application
+          present application, with: Entities::ApplicationWithSecret
        else
          render_validation_error! application
        end

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -1160,8 +1160,12 @@ module API
    class Application < Grape::Entity
      expose :uid, as: :application_id
-      expose :secret
      expose :redirect_uri, as: :callback_url
    end
+    # Use with care, this exposes the secret
+    class ApplicationWithSecret < Application
+      expose :secret
+    end
  end
 end