API: Adding secret.text to the user-schema (#12121)

2025-12-17 22:57:21 +01:00 · 2020-05-02 19:59:05 +02:00
parent 643d3802cc
commit 26767f598b
17 changed files with 177 additions and 22 deletions
--- a/test/api/v3/integration/user/GET-user.test.js
+++ b/test/api/v3/integration/user/GET-user.test.js
@@ -26,6 +26,7 @@ describe('GET /user', () => {
    expect(returnedUser.auth.local.passwordHashMethod).to.not.exist;
    expect(returnedUser.auth.local.salt).to.not.exist;
    expect(returnedUser.apiToken).to.not.exist;
+    expect(returnedUser.secret).to.not.exist;
  });

  it('returns only user properties requested', async () => {
@@ -38,4 +39,11 @@ describe('GET /user', () => {
    expect(returnedUser.notifications).to.exist;
    expect(returnedUser.stats).to.not.exist;
  });
+
+  it('does not return requested private properties', async () => {
+    const returnedUser = await user.get('/user?userFields=apiToken,secret.text');
+
+    expect(returnedUser.apiToken).to.not.exist;
+    expect(returnedUser.secret).to.not.exist;
+  });
 });