From f63152ccc7f780a7ce192ed6e025903815d3db21 Mon Sep 17 00:00:00 2001
From: Martin Lehoux <martin@lehoux.net>
Date: Tue, 19 Feb 2019 00:51:53 +0100
Subject: [PATCH] update back

---
 back/middlewares/loader.js       |  1 -
 back/middlewares/loginChecker.js |  1 -
 back/routes/users.js             | 12 ++++++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/back/middlewares/loader.js b/back/middlewares/loader.js
index d82e0d9..94dfd55 100644
--- a/back/middlewares/loader.js
+++ b/back/middlewares/loader.js
@@ -3,7 +3,6 @@ const User = require('../models/user');
 module.exports = async (req, res, next) => {
   if (req.get('Authorization')) {
     req.user = await User.findOne({ token: req.get('Authorization')});
-    console.log(req.user);
   }
   next();
 };
diff --git a/back/middlewares/loginChecker.js b/back/middlewares/loginChecker.js
index c340d61..f4994b3 100644
--- a/back/middlewares/loginChecker.js
+++ b/back/middlewares/loginChecker.js
@@ -1,5 +1,4 @@
 module.exports = (req, res, next) => {
-  console.log(req.url);
   if (!req.user && !['/users', '/users/authenticate'].includes(req.url)) return res.status(401).json({ error: 'Authentication needed'});
   return next();
 };
\ No newline at end of file
diff --git a/back/routes/users.js b/back/routes/users.js
index 9b05707..afbeea1 100644
--- a/back/routes/users.js
+++ b/back/routes/users.js
@@ -16,8 +16,8 @@ router.post('/', (req, res) => {
     passwordHash,
     token
   }).then(user => {
-    delete user.passwordHash;
-    delete user.token;
+    user.passwordHash = undefined;
+    user.token = undefined;
     return res.status(201).json(user);
   }).catch(err => res.status(400).json({ error: err }));
 });
@@ -27,13 +27,17 @@ router.post('/authenticate', (req, res) => {
   User.findOne({ username: req.body.username }, (err, user) => {
     if (err) return res.status(500).json({ error: err });
     if (!user) return res.status(404).json({ error: "User not found"});
-    if (bcrypt.compareSync(req.body.password, user.passwordHash)) return res.json({ token: user.token });
+    if (bcrypt.compareSync(req.body.password, user.passwordHash)) {
+      user.passwordHash = undefined;
+      return res.json(user);
+    }
     return res.status(400).json({ error: "Bad password" }); 
   });
 });
 
 router.get('/me', (req, res) => {
-  // User required
+  req.user.passwordHash = undefined;
+  req.user.token = undefined;
   return res.json(req.user);
 })
 
-- 
GitLab