Make the exposing of the Application secret more explicit

To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation).

Make the exposing of the Application secret more explicit
45b62dfd · Toon Claes · d38faa30 · 45b62dfd · 45b62dfd
Commit 45b62dfd authored Jan 24, 2018 by Toon Claes
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

applications.rb lib/api/applications.rb +2 -2

entities.rb lib/api/entities.rb +5 -1

No files found.
--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
@@ -6,7 +6,7 @@ module API
    resource :applications do
      desc 'Create a new application' do
        detail 'This feature was introduced in GitLab 10.5'
-        success Entities::Application
+        success Entities::ApplicationWithSecret
      end
      params do
        requires :name, type: String, desc: 'Application name'
@@ -17,7 +17,7 @@ module API
        application = Doorkeeper::Application.new(declared_params)

        if application.save
-          present application, with: Entities::Application
+          present application, with: Entities::ApplicationWithSecret
        else
          render_validation_error! application
        end

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -1160,8 +1160,12 @@ module API

    class Application < Grape::Entity
      expose :uid, as: :application_id
-      expose :secret
      expose :redirect_uri, as: :callback_url
    end
+
+    # Use with care, this exposes the secret
+    class ApplicationWithSecret < Application
+      expose :secret
+    end
  end
 end