sensative account information was not being encrypted via patch

OpenResourceManager · Nov 15, 2017 · 5cc488b · 5cc488b
1 parent 585583b
commit 5cc488b
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/app/Http/Controllers/API/V1/AccountController.php b/app/Http/Controllers/API/V1/AccountController.php
@@ -324,6 +324,11 @@ public function patch(Request $request)
             unset($data['page']);
         }
 
+        // Encrypt any sensitive information
+        if (array_key_exists('ssn', $data)) $data['ssn'] = encrypt($data['ssn']);
+        if (array_key_exists('password', $data)) $data['password'] = encrypt($data['password']);
+        if (array_key_exists('birth_date', $data)) $data['birth_date'] = encrypt($data['birth_date']);
+
         // Get the account
         $item = Account::where(['identifier' => $data['identifier']]);
         // Create a new transformer