From 45b62dfd324318959ff6fa37f9d3f8a1a95b4aa7 Mon Sep 17 00:00:00 2001
From: Toon Claes <toon@gitlab.com>
Date: Wed, 24 Jan 2018 09:44:07 +0100
Subject: Make the exposing of the Application secret more explicit

To make it more clear to developers that the entity exposes the
application secret, define a separate entity that only should be used
when the secret is needed (probably only on creation).
---
 lib/api/applications.rb | 4 ++--
 lib/api/entities.rb     | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/api/applications.rb b/lib/api/applications.rb
index 142ba73a53d..b122cdefe4e 100644
--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
@@ -6,7 +6,7 @@ module API
     resource :applications do
       desc 'Create a new application' do
         detail 'This feature was introduced in GitLab 10.5'
-        success Entities::Application
+        success Entities::ApplicationWithSecret
       end
       params do
         requires :name, type: String, desc: 'Application name'
@@ -17,7 +17,7 @@ module API
         application = Doorkeeper::Application.new(declared_params)
 
         if application.save
-          present application, with: Entities::Application
+          present application, with: Entities::ApplicationWithSecret
         else
           render_validation_error! application
         end
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index cfe9a8704bc..7b9a80a234b 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -1160,8 +1160,12 @@ module API
 
     class Application < Grape::Entity
       expose :uid, as: :application_id
-      expose :secret
       expose :redirect_uri, as: :callback_url
     end
+
+    # Use with care, this exposes the secret
+    class ApplicationWithSecret < Application
+      expose :secret
+    end
   end
 end
-- 
cgit v1.2.1