Support GET /applications and DELETE /applications/:id endpoints #52559

3 files changed, 104 insertions, 2 deletions

diff --git a/doc/api/applications.md b/doc/api/applications.md
index 6d244594b71..d74a3cdf5c1 100644
--- a/doc/api/applications.md
+++ b/doc/api/applications.md
@@ -4,12 +4,12 @@
 
 [ce-8160]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8160
 
+Only admin user can use the Applications API.
+
 ## Create a application
 
 Create a application by posting a JSON payload.
 
-User must be admin to do that.
-
 Returns `200` if the request succeeds.
 
 ```
@@ -30,8 +30,55 @@ Example response:
 
 ```json
 {
+    "id":1,
     "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
+    "application_name": "MyApplication",
     "secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
     "callback_url": "http://redirect.uri"
 }
 ```
+
+## List all applications
+
+List all registered applications.
+
+```
+GET /applications
+```
+
+```bash
+curl --request GET --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/applications
+```
+
+Example response:
+
+```json
+[
+    {
+        "id":1,
+        "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
+        "application_name": "MyApplication",
+        "callback_url": "http://redirect.uri"
+    }
+]
+```
+
+> Note: the `secret` value will not be exposed by this API.
+
+## Delete an application
+
+Delete a specific application.
+
+Returns `204` if the request succeeds.
+
+```
+DELETE /applications/:id
+```
+
+Parameters:
+
+- `id` (required) - The id of the application (not the application_id)
+
+```bash
+curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/applications/:id
+```
diff --git a/lib/api/applications.rb b/lib/api/applications.rb
index f29cd7fc003..1c940af95d7 100644
--- a/lib/api/applications.rb
+++ b/lib/api/applications.rb
@@ -24,6 +24,23 @@ module API
           render_validation_error! application
         end
       end
+
+      desc 'Get applications' do
+        success Entities::ApplicationWithSecret
+      end
+      get do
+        applications = Doorkeeper::Application.all
+        present applications, with: Entities::Application
+      end
+
+      # rubocop: disable CodeReuse/ActiveRecord
+      desc 'Delete an application'
+      delete ':id' do
+        Doorkeeper::Application.find_by(id: params[:id]).destroy
+
+        status 204
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
     end
   end
 end
diff --git a/spec/requests/api/applications_spec.rb b/spec/requests/api/applications_spec.rb
index f56bc932f40..02dfbfa8fd7 100644
--- a/spec/requests/api/applications_spec.rb
+++ b/spec/requests/api/applications_spec.rb
@@ -5,6 +5,7 @@ describe API::Applications, :api do
 
   let(:admin_user) { create(:user, admin: true) }
   let(:user) { create(:user, admin: false) }
+  let(:application) { create(:application, name: 'application_name', redirect_uri: 'http://application.url', scopes: '') }
 
   describe 'POST /applications' do
     context 'authenticated and authorized user' do
@@ -83,4 +84,41 @@ describe API::Applications, :api do
       end
     end
   end
+
+  describe 'GET /applications' do
+    context 'authenticated and authorized user' do
+      it 'can list application' do
+        get api('/applications')
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(json_response).to be_a(Array)
+      end
+    end
+
+    context 'non-authenticated user' do
+      it 'cannot list application' do
+        get api('/applications')
+
+        expect(response).to have_http_status 401
+      end
+    end
+  end
+
+  describe 'DELETE /applications/:id' do
+    context 'authenticated and authorized user' do
+      it 'can delete an application' do
+        delete api("/applications/#{application.id}")
+
+        expect(response).to have_gitlab_http_status(204)
+      end
+    end
+
+    context 'non-authenticated user' do
+      it 'cannot delete an application' do
+        delete api("/applications/#{application.id}")
+
+        expect(response).to have_http_status 401
+      end
+    end
+  end
 end