Set the mfaSecretKey to null before returning it via REST API

eclipse · Jun 18, 2021 · a61660b · a61660b
1 parent e0895e5
commit a61660b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/Users.java b/rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/Users.java
@@ -267,6 +267,9 @@ public MfaOption findMfa(
             throw new KapuaEntityNotFoundException(MfaOption.TYPE, "MfaOption");  // TODO: not sure "MfaOption" it's the best value to return here
         }
 
+        // Set the mfa secret key to null before returning the mfaOption, due to improve the security
+        mfaOption.setMfaSecretKey(null);
+
         return mfaOption;
     }