New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize user object in user plugin update method return value #6003
Conversation
Signed-off-by: Drew Town <drew.town+github@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #6003 +/- ##
==========================================
+ Coverage 19.28% 19.85% +0.56%
==========================================
Files 863 856 -7
Lines 12044 12046 +2
Branches 1930 1950 +20
==========================================
+ Hits 2323 2392 +69
+ Misses 8148 8079 -69
- Partials 1573 1575 +2
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, Thank you for this change. I think we should apply this to the other methods too (create, delete) etc :) Can you add this ?
Hey @drewtownchi seems like our CI is having trouble. Do you mind amending your last commit and doing a push force on your branche to trigger it again ? |
Signed-off-by: Drew Town <drew.town+github@gmail.com>
@alexandrebodin I'm not sure why the DCO isn't working. I did what it said and nothing is happening. |
Description of what you did:
Issue: fix #6000
This change sanitizes the user plugin's
update
method return object. There should be no reason to return the password hash and the reset token when updating a user object.I verified locally that the admin workflow is not disrupted by this change because the UI goes from the user list->queries the user->performs PUT and doesn't seem to use the password hash field (or any data for that matter) returned from the PUT request.