mirror of
https://github.com/n8n-io/n8n.git
synced 2024-09-20 14:57:31 -07:00
fix(core): Remove sensitive data from User entity during serialization (no-changelog) (#8773)
This commit is contained in:
parent
75e4df138f
commit
d1b48ddcac
|
@ -141,4 +141,9 @@ export class User extends WithTimestamps implements IUser {
|
||||||
scopeOptions,
|
scopeOptions,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
toJSON() {
|
||||||
|
const { password, apiKey, mfaSecret, mfaRecoveryCodes, ...rest } = this;
|
||||||
|
return rest;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
import { User } from '@db/entities/User';
|
||||||
|
|
||||||
|
describe('User Entity', () => {
|
||||||
|
describe('JSON.stringify', () => {
|
||||||
|
it('should not serialize sensitive data', () => {
|
||||||
|
const user = Object.assign(new User(), {
|
||||||
|
email: 'test@example.com',
|
||||||
|
firstName: 'Don',
|
||||||
|
lastName: 'Joe',
|
||||||
|
password: '123456789',
|
||||||
|
apiKey: '123',
|
||||||
|
mfaSecret: '123',
|
||||||
|
mfaRecoveryCodes: ['123'],
|
||||||
|
});
|
||||||
|
expect(JSON.stringify(user)).toEqual(
|
||||||
|
'{"email":"test@example.com","firstName":"Don","lastName":"Joe"}',
|
||||||
|
);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
Loading…
Reference in a new issue