From 2174a619c0c455da191051f91f6473ebaf671ed6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9EBAS8243=E2=80=9C?= <gerd.embruch@uni-hamburg.de>
Date: Sat, 10 Aug 2024 13:48:00 +0200
Subject: [PATCH] fixed hideConfidentialFields

---
 controllers/Auth.js    |  4 +++-
 routes/users.js        |  4 ++--
 utils/handleSchemes.js | 13 ++++++++-----
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/controllers/Auth.js b/controllers/Auth.js
index 852d641..5998bca 100644
--- a/controllers/Auth.js
+++ b/controllers/Auth.js
@@ -78,6 +78,9 @@ export const login = async (req, res, next) => {
       // remember document but remove confidential info
       const user = hideConfidentialFields(User, foundUser);
 
+      console.log("🚀 ~ login ~ user:", user);
+
+
       // create jsonwebtoken
       performance.mark('createAccessToken:start');
       const accessToken = createAccessToken({ id: user._id, role: user.role });
@@ -135,7 +138,6 @@ export const renewAccessToken = async (req, res, next) => {
 export const logout = async (req, res, next) => {
   try {
     // delete 
-    console.log("🚀 ~ logout ~ req.cookies.refreshToken:", req.cookies.refreshToken);
     if (req.cookies.refreshToken) await deleteRefreshToken(req.cookies.refreshToken);
     // return msg
     return res.status(200).json({ message: 'See you soon.' });
diff --git a/routes/users.js b/routes/users.js
index 39ac37a..d9cb5e3 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -51,8 +51,8 @@ router.patch('/:id', verifyAccessToken, validate(updateUserSchema), prefetchUser
  * DELETE ONE
  * @header  {authorization}  Bearer       [required] access token
  * 
- * @prop    {string}          id          [required] id of the user to fetch 
+ * @prop    {string}          id          [required] id of the user to delete
  */
-router.delete('/:id', verifyAccessToken, prefetchUser, deleteUser);
+router.delete('/:id', verifyAccessToken, deleteUser);
 
 export default router;
\ No newline at end of file
diff --git a/utils/handleSchemes.js b/utils/handleSchemes.js
index bcb360b..5f95dc1 100644
--- a/utils/handleSchemes.js
+++ b/utils/handleSchemes.js
@@ -25,17 +25,20 @@ export const getConfidentialFields = (model) => {
  *
  * @return  {object}          cleansed object
  */
-export const hideConfidentialFields = (model, object) => {
+export const hideConfidentialFields = (model, record) => {
   performance.mark('hideConfidentialFields:start');
+  // turn mongoose record into js object
+  const object = record.toObject();
+  // get confidential fields from model
   const confidentialFields = getConfidentialFields(model);
-  // delete from object
-  confidentialFields.forEach(field => {
-    delete object[field];
-  });
+  // delete confidential fields from object
+  confidentialFields.forEach(field => delete object[field]);
   performance.mark('hideConfidentialFields:end');
   return object;
 };
 
+
+
 /**
  * get array of all field names from a given model
  *
-- 
GitLab