Implementing sanitizeFormData helper.

stormpath · Sep 18, 2015 · 9d0b3f6 · 9d0b3f6
1 parent c714649
commit 9d0b3f6
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/lib/helpers.js b/lib/helpers.js
@@ -538,3 +538,32 @@ module.exports.validateAccount = function(accountData, stormpathConfig, callback
     });
   });
 };
+
+/**
+ * Removes all password data from existing user-submitted form data.
+ *
+ * This is useful because when a user incorrectly logs in, or registers for a
+ * website, we should return all form data to the templates so it can have the
+ * pre-filled values populated -- EXCEPT for the password information.  This
+ * ensures a password is never sent BACK to a browser.
+ *
+ * This helper function should only be used when 
+ *
+ * @param {Object} formData - The user supplied form data.
+ * @param {Object} stormpathConfig - The Stormpath configuration object.
+ * @returns {Object} The sanitized form data.
+ */
+module.exports.sanitizeFormData = function(formData, stormpathConfig) {
+  if (!formData) {
+    throw new Error('sanitizeFormData must be provided with a formData argument.');
+  }
+
+  if (!stormpathConfig) {
+    throw new Error('sanitizeFormData must be provided with a stormpathConfig argument.');
+  }
+
+  delete formData[stormpathConfig.web.register.fields.password.name];
+  delete formData[stormpathConfig.web.register.fields.passwordConfirm.name];
+
+  return formData;
+};