Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'

Filter out sensitive fields from the project services API See merge request gitlab/gitlabhq!2281 (cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7) 2bcbbda0 Filter out sensitive fields from the project services API
author: Stan Hu <stan@gitlab.com> 2018-01-06 06:18:13 +0000
committer: Stan Hu <stanhu@gmail.com> 2018-01-16 17:04:38 -0800
commit: 0424801ec8854167d17c76b68e6ae8c5b5a6a52a (patch)
tree: 460bdd4d717df4dc8b08106d0f48a00cbf0ec4f1 /lib/api/entities.rb
parent: 3228ac06a019c9126b965ff32e354d10011a4f76 (diff)
download: gitlab-ce-0424801ec8854167d17c76b68e6ae8c5b5a6a52a.tar.gz
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index c4ef2c74658..9618d6625bb 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -714,10 +714,7 @@ module API
       expose :job_events
       # Expose serialized properties
       expose :properties do |service, options|
-        field_names = service.fields
-          .select { |field| options[:include_passwords] || field[:type] != 'password' }
-          .map { |field| field[:name] }
-        service.properties.slice(*field_names)
+        service.properties.slice(*service.api_field_names)
       end
     end
author	Stan Hu <stan@gitlab.com>	2018-01-06 06:18:13 +0000
committer	Stan Hu <stanhu@gmail.com>	2018-01-16 17:04:38 -0800
commit	0424801ec8854167d17c76b68e6ae8c5b5a6a52a (patch)
tree	460bdd4d717df4dc8b08106d0f48a00cbf0ec4f1 /lib/api/entities.rb
parent	3228ac06a019c9126b965ff32e354d10011a4f76 (diff)
download	gitlab-ce-0424801ec8854167d17c76b68e6ae8c5b5a6a52a.tar.gz