From 44d69f3a3fde3871f3381b1d73cb4492ba07f9b3 Mon Sep 17 00:00:00 2001 From: Matt Hook Date: Fri, 10 Feb 2023 18:26:18 +1300 Subject: [PATCH] hide the password in the response (#8437) --- api/http/handler/users/user_update.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api/http/handler/users/user_update.go b/api/http/handler/users/user_update.go index 5eae759aa..868610fad 100644 --- a/api/http/handler/users/user_update.go +++ b/api/http/handler/users/user_update.go @@ -125,5 +125,8 @@ func (handler *Handler) userUpdate(w http.ResponseWriter, r *http.Request) *http // remove all of the users persisted API keys handler.apiKeyService.InvalidateUserKeyCache(user.ID) + // hide the password field in the response payload + user.Password = "" + return response.JSON(w, user) }