From a61660bd89d7f20695a02fd5c60268e4eb764c89 Mon Sep 17 00:00:00 2001
From: MDeLuise <massimiliano.deluise@eurotech.com>
Date: Wed, 12 May 2021 12:17:03 +0200
Subject: [PATCH] Set the mfaSecretKey to null before returning it via REST API

---
 .../eclipse/kapua/app/api/resources/v1/resources/Users.java    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/Users.java b/rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/Users.java
index 9d08dff0de8..a9d738a1639 100644
--- a/rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/Users.java
+++ b/rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/Users.java
@@ -267,6 +267,9 @@ public MfaOption findMfa(
             throw new KapuaEntityNotFoundException(MfaOption.TYPE, "MfaOption");  // TODO: not sure "MfaOption" it's the best value to return here
         }
 
+        // Set the mfa secret key to null before returning the mfaOption, due to improve the security
+        mfaOption.setMfaSecretKey(null);
+
         return mfaOption;
     }