From 0424801ec8854167d17c76b68e6ae8c5b5a6a52a Mon Sep 17 00:00:00 2001
From: Stan Hu <stan@gitlab.com>
Date: Sat, 6 Jan 2018 06:18:13 +0000
Subject: Merge branch
 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api'
 into 'security-10-3'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2281

(cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)

2bcbbda0 Filter out sensitive fields from the project services API
---
 lib/api/v3/entities.rb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'lib/api/v3/entities.rb')

diff --git a/lib/api/v3/entities.rb b/lib/api/v3/entities.rb
index 64758dae7d3..2ccbb9da1c5 100644
--- a/lib/api/v3/entities.rb
+++ b/lib/api/v3/entities.rb
@@ -257,10 +257,7 @@ module API
         expose :job_events, as: :build_events
         # Expose serialized properties
         expose :properties do |service, options|
-          field_names = service.fields
-            .select { |field| options[:include_passwords] || field[:type] != 'password' }
-            .map { |field| field[:name] }
-          service.properties.slice(*field_names)
+          service.properties.slice(*service.api_field_names)
         end
       end
 
-- 
cgit v1.2.1