Merge pull request #23 from Amsterdam/feature/remove-sensitive-user-properties

TerryvanWalen · web-flow · commit 9d2cd39b7480 · 2024-10-14T16:49:48.000+02:00
Remove sensitive user properties from users
diff --git a/controllers/admin/api/user.js b/controllers/admin/api/user.js
@@ -1,17 +1,16 @@
 const db = require('../../../db');
 const hat = require('hat');
 
+const removeSensitiveUserDetails = (user) => (({ password, hashedPhoneNumber, twoFactorToken,...redactedUser }) => redactedUser)(user);
+
 const outputUser = (req, res, next) => {
-  let result = { ...req.userObject };
-  delete result.dataValues.password;
-  delete result.dataValues.hashedPhoneNumber;
-  res.json(result.dataValues);
+  res.json(removeSensitiveUserDetails(req.userObject.dataValues));
 };
 
 exports.all = (req, res, next) => {
     res.json({
         total: req.totalCodeCount,
-        data: req.users
+        data: req.users.map((user) => removeSensitiveUserDetails(user.dataValues))
     });
 };
 
