Commit 45b62dfd authored by Toon Claes's avatar Toon Claes

Make the exposing of the Application secret more explicit

To make it more clear to developers that the entity exposes the
application secret, define a separate entity that only should be used
when the secret is needed (probably only on creation).
parent d38faa30
...@@ -6,7 +6,7 @@ module API ...@@ -6,7 +6,7 @@ module API
resource :applications do resource :applications do
desc 'Create a new application' do desc 'Create a new application' do
detail 'This feature was introduced in GitLab 10.5' detail 'This feature was introduced in GitLab 10.5'
success Entities::Application success Entities::ApplicationWithSecret
end end
params do params do
requires :name, type: String, desc: 'Application name' requires :name, type: String, desc: 'Application name'
...@@ -17,7 +17,7 @@ module API ...@@ -17,7 +17,7 @@ module API
application = Doorkeeper::Application.new(declared_params) application = Doorkeeper::Application.new(declared_params)
if application.save if application.save
present application, with: Entities::Application present application, with: Entities::ApplicationWithSecret
else else
render_validation_error! application render_validation_error! application
end end
......
...@@ -1160,8 +1160,12 @@ module API ...@@ -1160,8 +1160,12 @@ module API
class Application < Grape::Entity class Application < Grape::Entity
expose :uid, as: :application_id expose :uid, as: :application_id
expose :secret
expose :redirect_uri, as: :callback_url expose :redirect_uri, as: :callback_url
end end
# Use with care, this exposes the secret
class ApplicationWithSecret < Application
expose :secret
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment