From 00391a4ef97ad938e7c755bfbd0bb97d7b62dbea Mon Sep 17 00:00:00 2001 From: Oliver Wright Date: Wed, 20 Feb 2019 16:08:10 +0000 Subject: [PATCH] Prevent User Information leak Fixes #822 (#823) Prevents leaking the encrypted password and verification tokens to the user when they update their account. --- server/controllers/user.controller.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/server/controllers/user.controller.js b/server/controllers/user.controller.js index 662baae3..00f3f022 100644 --- a/server/controllers/user.controller.js +++ b/server/controllers/user.controller.js @@ -292,7 +292,13 @@ export function saveUser(res, user) { return; } - res.json(user); + res.json({ + email: user.email, + username: user.username, + preferences: user.preferences, + verified: user.verified, + id: user._id + }); }); }