Prevent User Information leak Fixes #822 (#823)

Prevents leaking the encrypted password and verification tokens to the user when they update their account.
2019-02-20 16:08:10 +00:00 · 2019-02-20 16:08:10 +00:00 · 00391a4ef9
parent 772a7c9370
commit 00391a4ef9
1 changed files with 7 additions and 1 deletions
--- a/server/controllers/user.controller.js
+++ b/server/controllers/user.controller.js
@ -292,7 +292,13 @@ export function saveUser(res, user) {
      return;
    }

-    res.json(user);
+    res.json({
+      email: user.email,
+      username: user.username,
+      preferences: user.preferences,
+      verified: user.verified,
+      id: user._id
+    });
  });
 }