diff --git a/server/endpoints/admin.js b/server/endpoints/admin.js
index 959e023ff1404dc82f4b98cb071fce7d8b2240ae..9b836b19a2429f65aedfac69282e27d245cdb0cb 100644
--- a/server/endpoints/admin.js
+++ b/server/endpoints/admin.js
@@ -33,10 +33,7 @@ function adminEndpoints(app) {
[validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
async (_request, response) => {
try {
- const users = (await User.where()).map((user) => {
- const { password, ...rest } = user;
- return rest;
- });
+ const users = await User.where();
response.status(200).json({ users });
} catch (e) {
console.error(e);
diff --git a/server/endpoints/api/admin/index.js b/server/endpoints/api/admin/index.js
index 228777ab5220d1ab7e983b3bed05beb944beed0f..95b8e79163f671fa746f24ce1a7dcab0b14f8b74 100644
--- a/server/endpoints/api/admin/index.js
+++ b/server/endpoints/api/admin/index.js
@@ -73,10 +73,7 @@ function apiAdminEndpoints(app) {
return;
}
- const users = (await User.where()).map((user) => {
- const { password, ...rest } = user;
- return rest;
- });
+ const users = await User.where();
response.status(200).json({ users });
} catch (e) {
console.error(e);
diff --git a/server/endpoints/system.js b/server/endpoints/system.js
index 86aacac48b6c1c851cd2a1703eb6a7ced67f394e..f4057a404e4b55e4a3a8411c5d8da90cc8ba6a8d 100644
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@@ -110,7 +110,7 @@ function systemEndpoints(app) {
if (await SystemSettings.isMultiUserMode()) {
const { username, password } = reqBody(request);
- const existingUser = await User.get({ username: String(username) });
+ const existingUser = await User._get({ username: String(username) });
if (!existingUser) {
await EventLogs.logEvent(
@@ -188,7 +188,7 @@ function systemEndpoints(app) {
// Return recovery codes to frontend
response.status(200).json({
valid: true,
- user: existingUser,
+ user: User.filterFields(existingUser),
token: makeJWT(
{ id: existingUser.id, username: existingUser.username },
"30d"
@@ -201,7 +201,7 @@ function systemEndpoints(app) {
response.status(200).json({
valid: true,
- user: existingUser,
+ user: User.filterFields(existingUser),
token: makeJWT(
{ id: existingUser.id, username: existingUser.username },
"30d"
diff --git a/server/models/user.js b/server/models/user.js
index ecb620ee4fd24be28c53790163229defa31bfe26..a1aeb2c63aff4a0ab9b675335c45dd52f6db0ea6 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -19,6 +19,12 @@ const User = {
return String(value);
}
},
+
+ filterFields: function (user = {}) {
+ const { password, ...rest } = user;
+ return { ...rest };
+ },
+
create: async function ({ username, password, role = "default" }) {
const passwordCheck = this.checkPasswordComplexity(password);
if (!passwordCheck.checkedOK) {
@@ -35,7 +41,7 @@ const User = {
role,
},
});
- return { user, error: null };
+ return { user: this.filterFields(user), error: null };
} catch (error) {
console.error("FAILED TO CREATE USER.", error.message);
return { user: null, error: error.message };
@@ -127,6 +133,17 @@ const User = {
},
get: async function (clause = {}) {
+ try {
+ const user = await prisma.users.findFirst({ where: clause });
+ return user ? this.filterFields({ ...user }) : null;
+ } catch (error) {
+ console.error(error.message);
+ return null;
+ }
+ },
+
+ // Returns user object with all fields
+ _get: async function (clause = {}) {
try {
const user = await prisma.users.findFirst({ where: clause });
return user ? { ...user } : null;
@@ -162,7 +179,7 @@ const User = {
where: clause,
...(limit !== null ? { take: limit } : {}),
});
- return users;
+ return users.map((usr) => this.filterFields(usr));
} catch (error) {
console.error(error.message);
return [];