From 9364cdc2b45fa7289fa70849cdbc35ba00d9dd9f Mon Sep 17 00:00:00 2001
From: Matteo Pagliazzi <matteopagliazzi@gmail.com>
Date: Sat, 18 Apr 2020 16:02:18 +0200
Subject: [PATCH 1/2] fix(apple auth): do not try to parse name if it is
 missing, add query parameters to logs

---
 test/api/unit/middlewares/errorHandler.test.js | 1 +
 website/server/controllers/api-v3/auth.js      | 6 ++++--
 website/server/middlewares/errorHandler.js     | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/test/api/unit/middlewares/errorHandler.test.js b/test/api/unit/middlewares/errorHandler.test.js
index ba7c5998a5..2a755bad40 100644
--- a/test/api/unit/middlewares/errorHandler.test.js
+++ b/test/api/unit/middlewares/errorHandler.test.js
@@ -170,6 +170,7 @@ describe('errorHandler', () => {
       originalUrl: req.originalUrl,
       headers: req.headers,
       body: req.body,
+      query: req.query,
       httpCode: 400,
       isHandledError: true,
     });
diff --git a/website/server/controllers/api-v3/auth.js b/website/server/controllers/api-v3/auth.js
index 3cafd1a1c0..c73384010f 100644
--- a/website/server/controllers/api-v3/auth.js
+++ b/website/server/controllers/api-v3/auth.js
@@ -160,8 +160,10 @@ api.redirectApple = {
     }
     let url = `/static/apple-redirect?code=${req.body.code}`;
     if (req.body.user) {
-      const { name } = JSON.parse(req.body.user);
-      url += `&name=${name.firstName} ${name.lastName}`;
+      const parsedBody = JSON.parse(req.body.user);
+      if (parsedBody && parsedBody.name) {
+        url += `&name=${parsedBody.name.firstName} ${parsedBody.name.lastName}`;
+      }
     }
     return res.redirect(303, url);
   },
diff --git a/website/server/middlewares/errorHandler.js b/website/server/middlewares/errorHandler.js
index b73b9d6df3..79d2b42b27 100644
--- a/website/server/middlewares/errorHandler.js
+++ b/website/server/middlewares/errorHandler.js
@@ -69,6 +69,7 @@ export default function errorHandler (err, req, res, next) { // eslint-disable-l
     // don't send sensitive information that only adds noise
     headers: omit(req.headers, ['x-api-key', 'cookie', 'password', 'confirmPassword']),
     body: omit(req.body, ['password', 'confirmPassword']),
+    query: omit(req.query, ['password', 'confirmPassword']),
 
     httpCode: responseErr.httpCode,
     isHandledError: responseErr.httpCode < 500,

From 9f9da5632ddd6c744fb5ceed74254a6acec664dc Mon Sep 17 00:00:00 2001
From: Matteo Pagliazzi <matteopagliazzi@gmail.com>
Date: Sat, 18 Apr 2020 16:02:23 +0200
Subject: [PATCH 2/2] 4.140.7

---
 package-lock.json | 2 +-
 package.json      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5422ce70e0..59f2a686d6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "habitica",
-  "version": "4.140.6",
+  "version": "4.140.7",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 198a60cf14..355470ed6b 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "4.140.6",
+  "version": "4.140.7",
   "main": "./website/server/index.js",
   "dependencies": {
     "@babel/core": "^7.9.0",