redact password immediately after verify

This commit is contained in:
Girish Ramakrishnan
2021-09-14 10:36:14 -07:00
parent d947be8683
commit a78178ec47
+2
View File
@@ -70,6 +70,8 @@ async function update(req, res, next) {
const [verifyError] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN));
if (verifyError) return next(BoxError.toHttpError(verifyError));
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password
}
const [error] = await safe(users.update(req.user, data, auditSource.fromRequest(req)));