Make the exposing of the Application secret more explicit

To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation).
2018-01-24 09:44:07 +01:00 · 2018-01-24 09:44:07 +01:00 · 45b62dfd32
parent d38faa30ed
commit 45b62dfd32
2 changed files with 7 additions and 3 deletions
--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
@ -6,7 +6,7 @@ module API
    resource :applications do
      desc 'Create a new application' do
        detail 'This feature was introduced in GitLab 10.5'
-        success Entities::Application
+        success Entities::ApplicationWithSecret
      end
      params do
        requires :name, type: String, desc: 'Application name'
@ -17,7 +17,7 @@ module API
        application = Doorkeeper::Application.new(declared_params)

        if application.save
-          present application, with: Entities::Application
+          present application, with: Entities::ApplicationWithSecret
        else
          render_validation_error! application
        end
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@ -1160,8 +1160,12 @@ module API

    class Application < Grape::Entity
      expose :uid, as: :application_id
-      expose :secret
      expose :redirect_uri, as: :callback_url
    end
+
+    # Use with care, this exposes the secret
+    class ApplicationWithSecret < Application
+      expose :secret
+    end
  end
 end