-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: removing sensative info from leasing agent #3409
Conversation
✅ Deploy Preview for bloom-exygy-dev ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I noticed the leasingAgentEmail
and leasingAgentName
are different than the one listed in leasingAgents. So I wonder if we can just remove all but the id? I think we are fine with what you have though
.
On a different note, we probably want to remove the activeAccessToken from the /user/list endpoint as well. It's a secured endpoint, but still don't want other people's access token's accessible. That can be part of a different ticket
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🧇
I spun up: #3412 to address some of that, merging this in |
* fix: user export fixes (bloom-housing#3371) * fix: user export fixes * fix: update error message alert * chore(release): version - @bloom-housing/partners@7.10.1 * feat: upgrade react to 18 (bloom-housing#3360) * feat: upgrade react to 18 * feat: upgrade cypress to 12 for public * feat: upgrade cypress for partners * fix: update configs * fix: update partner cypress tests * fix: review comments * fix: fix flaky cypress test * chore(release): version - @bloom-housing/backend-core@7.12.0 - @bloom-housing/shared-helpers@7.6.0 - @bloom-housing/partners@7.11.0 - @bloom-housing/public@7.5.0 * fix: program/preference keys length uncap (bloom-housing#3376) * fix: program/preference keys length uncap * fix: updates per pr comments * chore(release): version - @bloom-housing/backend-core@7.12.1 - @bloom-housing/shared-helpers@7.6.1 - @bloom-housing/partners@7.11.1 - @bloom-housing/public@7.5.1 * feat: upgrade nextjs to 13 (bloom-housing#3375) * feat: upgrade nextjs to 13 * fix: attempt to get cypress test working * chore(release): version - @bloom-housing/partners@7.12.0 - @bloom-housing/public@7.6.0 * feat: changing auth over to cookies (bloom-housing#3357) * fix: resolves issues around markedAsDuplicate (bloom-housing#3373) * chore(release): version - @bloom-housing/backend-core@7.13.0 - @bloom-housing/shared-helpers@7.7.0 - @bloom-housing/partners@7.13.0 - @bloom-housing/public@7.7.0 * fix: react type errors (bloom-housing#3382) * chore(release): version - @bloom-housing/shared-helpers@7.7.1 - @bloom-housing/partners@7.13.1 - @bloom-housing/public@7.7.1 * refactor: add cloudinary fxn to partners (bloom-housing#3393) * fix: remove max length from extra data app fields (bloom-housing#3394) * refactor: uptake seeds FormErrorMessage (bloom-housing#3369) * fix: type fix for token * fix: lock file and hydration fixes * fix: add startDate to open house submit event (bloom-housing#3399) * fix: add three new fields to base view (bloom-housing#3406) * feat: removing sensative info from leasing agent (bloom-housing#3409) * feat: removing sensative info from leasing agent * fix: adding swagger changes * fix: updates for tests * chore(deps): bump cookiejar from 2.1.2 to 2.1.4 (bloom-housing#3295) Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: updates around cookies (bloom-housing#3405) * fix: updates around cookies * fix: creating new migration for token -> code --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: github.context.workflow <github-actions@github.com> Co-authored-by: Yazeed Loonat <YazeedLoonat@gmail.com> Co-authored-by: Emily Jablonski <65367387+emilyjablonski@users.noreply.github.com> Co-authored-by: Krzysztof Zięcina <kziecina@airnauts.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Casto <23032560+chriscasto@users.noreply.github.com>
* fix: user export fixes (bloom-housing#3371) * fix: user export fixes * fix: update error message alert * chore(release): version - @bloom-housing/partners@7.10.1 * feat: upgrade react to 18 (bloom-housing#3360) * feat: upgrade react to 18 * feat: upgrade cypress to 12 for public * feat: upgrade cypress for partners * fix: update configs * fix: update partner cypress tests * fix: review comments * fix: fix flaky cypress test * chore(release): version - @bloom-housing/backend-core@7.12.0 - @bloom-housing/shared-helpers@7.6.0 - @bloom-housing/partners@7.11.0 - @bloom-housing/public@7.5.0 * fix: program/preference keys length uncap (bloom-housing#3376) * fix: program/preference keys length uncap * fix: updates per pr comments * chore(release): version - @bloom-housing/backend-core@7.12.1 - @bloom-housing/shared-helpers@7.6.1 - @bloom-housing/partners@7.11.1 - @bloom-housing/public@7.5.1 * feat: upgrade nextjs to 13 (bloom-housing#3375) * feat: upgrade nextjs to 13 * fix: attempt to get cypress test working * chore(release): version - @bloom-housing/partners@7.12.0 - @bloom-housing/public@7.6.0 * feat: changing auth over to cookies (bloom-housing#3357) * fix: resolves issues around markedAsDuplicate (bloom-housing#3373) * chore(release): version - @bloom-housing/backend-core@7.13.0 - @bloom-housing/shared-helpers@7.7.0 - @bloom-housing/partners@7.13.0 - @bloom-housing/public@7.7.0 * fix: react type errors (bloom-housing#3382) * chore(release): version - @bloom-housing/shared-helpers@7.7.1 - @bloom-housing/partners@7.13.1 - @bloom-housing/public@7.7.1 * refactor: add cloudinary fxn to partners (bloom-housing#3393) * fix: remove max length from extra data app fields (bloom-housing#3394) * refactor: uptake seeds FormErrorMessage (bloom-housing#3369) * fix: type fix for token * fix: lock file and hydration fixes * fix: add startDate to open house submit event (bloom-housing#3399) * fix: add three new fields to base view (bloom-housing#3406) * feat: removing sensative info from leasing agent (bloom-housing#3409) * feat: removing sensative info from leasing agent * fix: adding swagger changes * fix: updates for tests * chore(deps): bump cookiejar from 2.1.2 to 2.1.4 (bloom-housing#3295) Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: updates around cookies (bloom-housing#3405) * fix: updates around cookies * fix: creating new migration for token -> code --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: github.context.workflow <github-actions@github.com> Co-authored-by: Yazeed Loonat <YazeedLoonat@gmail.com> Co-authored-by: Emily Jablonski <65367387+emilyjablonski@users.noreply.github.com> Co-authored-by: Krzysztof Zięcina <kziecina@airnauts.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Chris Casto <23032560+chriscasto@users.noreply.github.com>
* feat: removing sensative info from leasing agent * fix: adding swagger changes * fix: updates for tests
* feat: removing sensative info from leasing agent * fix: adding swagger changes * fix: updates for tests
* fix: uptake latest uic Modal, ActionBlock, FormCard breaking changes (bloom-housing#3358) * feat: upgrade react to 18 (bloom-housing#3360) * feat: upgrade nextjs to 13 (bloom-housing#3375) * feat: upgrade nextjs to 13 * fix: attempt to get cypress test working * feat: changing auth over to cookies (bloom-housing#3357) * fix: resolves issues around markedAsDuplicate (bloom-housing#3373) * fix: react type errors (bloom-housing#3382) * refactor: add cloudinary fxn to partners (bloom-housing#3393) * refactor: uptake seeds FormErrorMessage (bloom-housing#3369) * fix: add startDate to open house submit event (bloom-housing#3399) * fix: add three new fields to base view (bloom-housing#3406) * feat: removing sensative info from leasing agent (bloom-housing#3409) * feat: removing sensative info from leasing agent * fix: adding swagger changes * fix: updates for tests * chore(deps): bump cookiejar from 2.1.2 to 2.1.4 (bloom-housing#3295) Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: updates around cookies (bloom-housing#3405) * fix: updates around cookies * fix: creating new migration for token -> code * fix: Searching on the applications table causes the page to crash (bloom-housing#3408) * fix: pass proper value to to_tsquery function * fix: search applications using ILIKE * fix: change where to orWhere * feat: add application search by confirmation code * updates proxy to support access control allow list (bloom-housing#3407) * feat: updates proxy to support access control allow list * fix: remove downstream access-control-allow-origin * fix: update readme for m1 * fix: move purge call to the backend * fix: test fix and add await * fix: moving cache purge to helper --------- Co-authored-by: Morgan Ludtke <ludtkemorgan@gmail.com> Co-authored-by: Yazeed Loonat <yazeedloonat@gmail.com> * fix: escape quote in translation update * fix: add translation for 64 characters error (bloom-housing#3423) * fix: downgrade version of nest axios (bloom-housing#3419) * fix: now removes criteria file if a url is input (bloom-housing#3421) * fix: remove check in test not applicable for hba * fix: update ui-c to latest version (bloom-housing#3420) * fix: update application test * feat: 3291/listing export take 2 (bloom-housing#3424) * fix: functional frontend * fix: hooks and service updates * fix: hitting service file * fix: wip config work * fix: wip config 2 * fix: completed query updates * fix: complete column naming and basic formatting * fix: clean up formatting * fix: wip testing debugging * fix: functional unit tests * fix: cypress tests + formatting * fix: unadded test changes * fix: internal csv testing * fix: exporter test fix * fix: more detailed csv checks * fix: testing + formatting tweaks * fix: exporter testing improvements * fix: updates per pr feedback * fix: match config pattern * fix: add close status option * fix: reset netlify testing * fix: final cleanup * fix: rent type formatting * fix: remove console log * fix: missing state data (bloom-housing#3450) * feat: adding knownError flag * feat: adding knownError flag * fix: partners highlight field on backend error (bloom-housing#3448) * fix: partners highlight field on backend error * fix: community type and disableUnitsAccordion fix * fix: unit type fix for partial units * fix: review comment addressed * fix: phone number fix --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Yazeed Loonat <YazeedLoonat@gmail.com> Co-authored-by: Emily Jablonski <65367387+emilyjablonski@users.noreply.github.com> Co-authored-by: Krzysztof Zięcina <kziecina@airnauts.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sean Albert <smabert@gmail.com> Co-authored-by: ColinBuyck <53269332+ColinBuyck@users.noreply.github.com>
Pull Request Template
Issue Overview
This PR is related to the comment: metrotranscom#47
Description
We were exposing too much user data publicly with the leasing agent data that gets returned with a listing
This pr pulls out much of the sensitive data
How Can This Be Tested/Reviewed?
on the public site (not logged in) if you go to apply for a listing with the console open (keep tabs of network traffic) you should be able to see the data that gets returned from the call for that listing
you should no longer see sensitive data as part of the leasing agent data in that listing
alternatively you could check localhost:3100/docs and verify the /listings endpoints return data set for a listing's leasing agent section is sensative-info-less
Checklist:
yarn generate:client
and/or created a migration if I made backend changes that require themReviewer Notes:
Steps to review a PR:
On Merge:
If you have one commit and message, squash. If you need each message to be applied, rebase and merge.