From 80f86527edb7971ff0193326479b756c888790e2 Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Mon, 29 Jan 2018 15:33:38 +0100
Subject: [PATCH] Obfuscated user passwords when returning a user object

---
 routes/api/v1/user_add_update.go | 3 +++
 routes/api/v1/user_show.go       | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/routes/api/v1/user_add_update.go b/routes/api/v1/user_add_update.go
index b24d4c6..81aa9d9 100644
--- a/routes/api/v1/user_add_update.go
+++ b/routes/api/v1/user_add_update.go
@@ -97,5 +97,8 @@ func UserAddOrUpdate(c echo.Context) error {
 		return c.JSON(http.StatusInternalServerError, models.Message{"Could not log."})
 	}
 
+	// Obfuscate his password
+	newUser.Password = ""
+
 	return c.JSON(http.StatusOK, newUser)
 }
diff --git a/routes/api/v1/user_show.go b/routes/api/v1/user_show.go
index db7b140..593077e 100644
--- a/routes/api/v1/user_show.go
+++ b/routes/api/v1/user_show.go
@@ -39,5 +39,8 @@ func UserShow(c echo.Context) error {
 		return c.JSON(http.StatusNotFound, models.Message{"User not found."})
 	}
 
+	// Obfucate his password
+	userInfos.Password = ""
+
 	return c.JSON(http.StatusOK, userInfos)
 }