gitlab-org--gitlab-foss/lib/api/applications.rb

# frozen_string_literal: true

module API
  # External applications API
  class Applications < ::API::Base
    before { authenticated_as_admin! }

    feature_category :authentication_and_authorization

    resource :applications do
      helpers do
        def validate_redirect_uri(value)
          uri = ::URI.parse(value)
          !uri.is_a?(URI::HTTP) || uri.host
        rescue URI::InvalidURIError
          false
        end
      end

      desc 'Create a new application' do
        detail 'This feature was introduced in GitLab 10.5'
        success Entities::ApplicationWithSecret
      end
      params do
        requires :name, type: String, desc: 'Application name'
        requires :redirect_uri, type: String, desc: 'Application redirect URI'
        requires :scopes, type: String, desc: 'Application scopes'

        optional :confidential, type: Boolean, default: true,
          desc: 'Application will be used where the client secret is confidential'
      end
      post do
        # Validate that host in uri is specified
        # Please remove it when https://github.com/doorkeeper-gem/doorkeeper/pull/1440 is merged
        # and the doorkeeper gem version is bumped
        unless validate_redirect_uri(declared_params[:redirect_uri])
          render_api_error!({ redirect_uri: ["must be an absolute URI."] }, :bad_request)
        end

        application = Doorkeeper::Application.new(declared_params)

        if application.save
          present application, with: Entities::ApplicationWithSecret
        else
          render_validation_error! application
        end
      end

      desc 'Get applications' do
        success Entities::Application
      end
      get do
        applications = ApplicationsFinder.new.execute
        present applications, with: Entities::Application
      end

      desc 'Delete an application'
      delete ':id' do
        application = ApplicationsFinder.new(params).execute
        application.destroy

        no_content!
      end
    end
  end
end
Enable frozen string in lib/api and lib/backup Partially addresses #47424. Had to make changes to spec files because stubbing methods on frozen objects is a mess in RSpec and leads to failures: https://github.com/rspec/rspec-mocks/issues/1190 2018-09-29 18:34:47 -04:00			`# frozen_string_literal: true`

Add application create API 2017-01-04 17:07:49 -05:00			`module API`
			`# External applications API`
Add latest changes from gitlab-org/gitlab@master 2020-10-14 20:08:42 -04:00			`class Applications < ::API::Base`
Add application create API 2017-01-04 17:07:49 -05:00			`before { authenticated_as_admin! }`

Add latest changes from gitlab-org/gitlab@master 2020-10-28 11:08:49 -04:00			`feature_category :authentication_and_authorization`

Add application create API 2017-01-04 17:07:49 -05:00			`resource :applications do`
Add latest changes from gitlab-org/gitlab@master 2020-09-02 14:10:40 -04:00			`helpers do`
			`def validate_redirect_uri(value)`
			`uri = ::URI.parse(value)`
			`!uri.is_a?(URI::HTTP) \|\| uri.host`
			`rescue URI::InvalidURIError`
			`false`
			`end`
			`end`

Add application create API 2017-01-04 17:07:49 -05:00			`desc 'Create a new application' do`
Add documentation about when the application API was added 2018-01-23 04:50:10 -05:00			`detail 'This feature was introduced in GitLab 10.5'`
Make the exposing of the Application secret more explicit To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation). 2018-01-24 03:44:07 -05:00			`success Entities::ApplicationWithSecret`
Add application create API 2017-01-04 17:07:49 -05:00			`end`
			`params do`
			`requires :name, type: String, desc: 'Application name'`
			`requires :redirect_uri, type: String, desc: 'Application redirect URI'`
			`requires :scopes, type: String, desc: 'Application scopes'`
Add latest changes from gitlab-org/gitlab@master 2020-01-22 13:08:47 -05:00
			`optional :confidential, type: Boolean, default: true,`
			`desc: 'Application will be used where the client secret is confidential'`
Add application create API 2017-01-04 17:07:49 -05:00			`end`
			`post do`
Add latest changes from gitlab-org/gitlab@master 2020-09-02 14:10:40 -04:00			`# Validate that host in uri is specified`
			`# Please remove it when https://github.com/doorkeeper-gem/doorkeeper/pull/1440 is merged`
			`# and the doorkeeper gem version is bumped`
			`unless validate_redirect_uri(declared_params[:redirect_uri])`
			`render_api_error!({ redirect_uri: ["must be an absolute URI."] }, :bad_request)`
			`end`

Add application create API 2017-01-04 17:07:49 -05:00			`application = Doorkeeper::Application.new(declared_params)`

			`if application.save`
Make the exposing of the Application secret more explicit To make it more clear to developers that the entity exposes the application secret, define a separate entity that only should be used when the secret is needed (probably only on creation). 2018-01-24 03:44:07 -05:00			`present application, with: Entities::ApplicationWithSecret`
Add application create API 2017-01-04 17:07:49 -05:00			`else`
			`render_validation_error! application`
			`end`
			`end`
Support GET /applications and DELETE /applications/:id endpoints #52559 2018-10-11 06:54:15 -04:00
			`desc 'Get applications' do`
Do not return secret from GET /applications !22296 2018-10-12 05:33:58 -04:00			`success Entities::Application`
Support GET /applications and DELETE /applications/:id endpoints #52559 2018-10-11 06:54:15 -04:00			`end`
			`get do`
Use application finder for Doorkeeper Applications 2018-10-15 10:03:08 -04:00			`applications = ApplicationsFinder.new.execute`
Support GET /applications and DELETE /applications/:id endpoints #52559 2018-10-11 06:54:15 -04:00			`present applications, with: Entities::Application`
			`end`

			`desc 'Delete an application'`
			`delete ':id' do`
Use application finder for Doorkeeper Applications 2018-10-15 10:03:08 -04:00			`application = ApplicationsFinder.new(params).execute`
			`application.destroy`
Support GET /applications and DELETE /applications/:id endpoints #52559 2018-10-11 06:54:15 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-01-16 13:08:46 -05:00			`no_content!`
Support GET /applications and DELETE /applications/:id endpoints #52559 2018-10-11 06:54:15 -04:00			`end`
Add application create API 2017-01-04 17:07:49 -05:00			`end`
			`end`
			`end`