Skip to content

Commit

Permalink
fix(core): Remove sensitive data from User entity during serializatio…
Browse files Browse the repository at this point in the history
…n (no-changelog) (#8773)
  • Loading branch information
netroy committed Mar 6, 2024
1 parent 836bf07 commit 70cfa7e
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 0 deletions.
5 changes: 5 additions & 0 deletions packages/cli/src/databases/entities/User.ts
Original file line number Diff line number Diff line change
Expand Up @@ -141,4 +141,9 @@ export class User extends WithTimestamps implements IUser {
scopeOptions,
);
}

toJSON() {
const { password, apiKey, mfaSecret, mfaRecoveryCodes, ...rest } = this;
return rest;
}
}
20 changes: 20 additions & 0 deletions packages/cli/test/unit/databases/entities/user.entity.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import { User } from '@db/entities/User';

describe('User Entity', () => {
describe('JSON.stringify', () => {
it('should not serialize sensitive data', () => {
const user = Object.assign(new User(), {
email: '[email protected]',
firstName: 'Don',
lastName: 'Joe',
password: '123456789',
apiKey: '123',
mfaSecret: '123',
mfaRecoveryCodes: ['123'],
});
expect(JSON.stringify(user)).toEqual(
'{"email":"[email protected]","firstName":"Don","lastName":"Joe"}',
);
});
});
});

0 comments on commit 70cfa7e

Please sign in to comment.