Sanitize user in update user response (#24362)

2025-02-25 18:55:24 -06:00 · 2023-08-25 19:31:48 -04:00 · 2023-08-25 19:31:48 -04:00 · f787fd6336
commit f787fd6336
parent 818225dffe
2 changed files with 5 additions and 1 deletions
--- a/server/channels/app/user.go
+++ b/server/channels/app/user.go
@ -1285,6 +1285,8 @@ func (a *App) UpdateUser(c request.CTX, user *model.User, sendNotifications bool
 		}(user.Id)
 	}

+	newUser.Sanitize(map[string]bool{})
+
 	return newUser, nil
 }

--- a/server/channels/app/user_test.go
+++ b/server/channels/app/user_test.go
@ -205,6 +205,7 @@ func TestUpdateUser(t *testing.T) {
 		require.Nil(t, err)
 		require.NotNil(t, u)
 		require.Less(t, u.LastPictureUpdate, iLastPictureUpdate)
+		require.Empty(t, u.Password)
 	})

 	t.Run("fails if profile picture is updated when user has custom profile picture and username is changed", func(t *testing.T) {
@ -1731,11 +1732,12 @@ func TestPatchUser(t *testing.T) {
 	})

 	t.Run("Patch username with a new username", func(t *testing.T) {
-		_, err := th.App.PatchUser(th.Context, testUser.Id, &model.UserPatch{
+		u, err := th.App.PatchUser(th.Context, testUser.Id, &model.UserPatch{
 			Username: model.NewString(model.NewId()),
 		}, true)

 		require.Nil(t, err)
+		require.Empty(t, u.Password)
 	})
 }