Merge branch 'release' into develop

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "habitica",
-  "version": "4.140.6",
+  "version": "4.140.7",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

package.json

@@ -1,7 +1,7 @@
 {
   "name": "habitica",
   "description": "A habit tracker app which treats your goals like a Role Playing Game.",
-  "version": "4.140.6",
+  "version": "4.140.7",
   "main": "./website/server/index.js",
   "dependencies": {
     "@babel/core": "^7.9.0",

test/api/unit/middlewares/errorHandler.test.js

@@ -170,6 +170,7 @@ describe('errorHandler', () => {
       originalUrl: req.originalUrl,
       headers: req.headers,
       body: req.body,
+      query: req.query,
       httpCode: 400,
       isHandledError: true,
     });

website/server/controllers/api-v3/auth.js

@@ -160,8 +160,10 @@ api.redirectApple = {
     }
     let url = `/static/apple-redirect?code=${req.body.code}`;
     if (req.body.user) {
-      const { name } = JSON.parse(req.body.user);
-      url += `&name=${name.firstName} ${name.lastName}`;
+      const parsedBody = JSON.parse(req.body.user);
+      if (parsedBody && parsedBody.name) {
+        url += `&name=${parsedBody.name.firstName} ${parsedBody.name.lastName}`;
+      }
     }
     return res.redirect(303, url);
   },

website/server/middlewares/errorHandler.js

@@ -69,6 +69,7 @@ export default function errorHandler (err, req, res, next) { // eslint-disable-l
     // don't send sensitive information that only adds noise
     headers: omit(req.headers, ['x-api-key', 'cookie', 'password', 'confirmPassword']),
     body: omit(req.body, ['password', 'confirmPassword']),
+    query: omit(req.query, ['password', 'confirmPassword']),
 
     httpCode: responseErr.httpCode,
     isHandledError: responseErr.httpCode < 500,