satellite/console: don't use console.User in GET project members resp…

…onse

Updated Member type to not use console.User type as it may expose some sensitive data.
Implemented enhancements in json annotations for console.User to fortify privacy measures and preemptively prevent the exposure of sensitive data, ensuring no vulnerability exists.

Issue:
storj/storj-private#568

Change-Id: I99ec9ba678eb9816dab650260f75e685d954a633

satellite/console/consoleweb/consoleapi/projects.go

@@ -43,8 +43,11 @@ type ProjectMembersPage struct {
 
 // Member is a project member in a ProjectMembersPage.
 type Member struct {
-	User     *console.User `json:"user"`
-	JoinedAt time.Time     `json:"joinedAt"`
+	ID        uuid.UUID `json:"id"`
+	FullName  string    `json:"fullName"`
+	ShortName string    `json:"shortName"`
+	Email     string    `json:"email"`
+	JoinedAt  time.Time `json:"joinedAt"`
 }
 
 // Invitation is a project invitation in a ProjectMembersPage.
@@ -399,25 +402,18 @@ func (p *Projects) GetMembersAndInvitations(w http.ResponseWriter, r *http.Reque
 	memberPage.Members = []Member{}
 	memberPage.Invitations = []Invitation{}
 
-	// getMemberInfo returns only member information that is necessary in the UI
-	getMemberInfo := func(u *console.User) *console.User {
-		return &console.User{
-			ID:        u.ID,
-			FullName:  u.FullName,
-			ShortName: u.ShortName,
-			Email:     u.Email,
-		}
-	}
 	for _, m := range membersAndInvitations.ProjectMembers {
 		user, err := p.service.GetUser(ctx, m.MemberID)
 		if err != nil {
 			p.serveJSONError(ctx, w, http.StatusInternalServerError, err)
 			return
 		}
-		u := getMemberInfo(user)
 		member := Member{
-			User:     u,
-			JoinedAt: m.CreatedAt,
+			ID:        user.ID,
+			FullName:  user.FullName,
+			ShortName: user.ShortName,
+			Email:     user.Email,
+			JoinedAt:  m.CreatedAt,
 		}
 		memberPage.Members = append(memberPage.Members, member)
 	}

satellite/console/consoleweb/consoleapi/projects_test.go

@@ -140,22 +140,22 @@ func TestGetProjectMembersAndInvitationsOrdering(t *testing.T) {
 				case int(console.Ascending):
 					switch tt.order {
 					case int(console.Name):
-						require.Less(t, members[respMembers[i-1].User.ID].FullName, members[respMembers[i].User.ID].FullName)
+						require.Less(t, members[respMembers[i-1].ID].FullName, members[respMembers[i].ID].FullName)
 					case int(console.Email):
-						require.Less(t, members[respMembers[i-1].User.ID].Email, members[respMembers[i].User.ID].Email)
+						require.Less(t, members[respMembers[i-1].ID].Email, members[respMembers[i].ID].Email)
 					case int(console.Created):
-						require.Less(t, members[respMembers[i-1].User.ID].CreatedAt, members[respMembers[i].User.ID].CreatedAt)
+						require.Less(t, members[respMembers[i-1].ID].CreatedAt, members[respMembers[i].ID].CreatedAt)
 					default:
 						t.Error("invalid order", tt.order)
 					}
 				case int(console.Descending):
 					switch tt.order {
 					case int(console.Name):
-						require.Greater(t, members[respMembers[i-1].User.ID].FullName, members[respMembers[i].User.ID].FullName)
+						require.Greater(t, members[respMembers[i-1].ID].FullName, members[respMembers[i].ID].FullName)
 					case int(console.Email):
-						require.Greater(t, members[respMembers[i-1].User.ID].Email, members[respMembers[i].User.ID].Email)
+						require.Greater(t, members[respMembers[i-1].ID].Email, members[respMembers[i].ID].Email)
 					case int(console.Created):
-						require.Greater(t, members[respMembers[i-1].User.ID].CreatedAt, members[respMembers[i].User.ID].CreatedAt)
+						require.Greater(t, members[respMembers[i-1].ID].CreatedAt, members[respMembers[i].ID].CreatedAt)
 					default:
 						t.Error("invalid order", tt.order)
 					}
@@ -263,7 +263,7 @@ func TestGetProjectMembersAndInvitationsSearch(t *testing.T) {
 			require.Equal(t, tt.expectedInvitees, len(respInvitees))
 			if tt.search != "" {
 				for _, m := range respMembers {
-					containsSearch := strings.Contains(members[m.User.ID].Email, tt.search) || strings.Contains(members[m.User.ID].FullName, tt.search) || strings.Contains(members[m.User.ID].ShortName, tt.search)
+					containsSearch := strings.Contains(members[m.ID].Email, tt.search) || strings.Contains(members[m.ID].FullName, tt.search) || strings.Contains(members[m.ID].ShortName, tt.search)
 					require.True(t, containsSearch)
 				}
 				for _, inv := range respInvitees {

satellite/console/users.go

@@ -211,7 +211,7 @@ type User struct {
 	ShortName string `json:"shortName"`
 
 	Email        string `json:"email"`
-	PasswordHash []byte `json:"passwordHash"`
+	PasswordHash []byte `json:"-"`
 
 	Status    UserStatus `json:"status"`
 	UserAgent []byte     `json:"userAgent"`
@@ -234,8 +234,8 @@ type User struct {
 	HaveSalesContact bool `json:"haveSalesContact"`
 
 	MFAEnabled       bool     `json:"mfaEnabled"`
-	MFASecretKey     string   `json:"mfaSecretKey"`
-	MFARecoveryCodes []string `json:"mfaRecoveryCodes"`
+	MFASecretKey     string   `json:"-"`
+	MFARecoveryCodes []string `json:"-"`
 
 	SignupPromoCode string `json:"signupPromoCode"`