From d1b48ddcacf38c874c4a5ca5fc67a82043085cb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?=
 <netroy@users.noreply.github.com>
Date: Thu, 29 Feb 2024 14:20:39 +0100
Subject: [PATCH] fix(core): Remove sensitive data from User entity during
 serialization (no-changelog) (#8773)

---
 packages/cli/src/databases/entities/User.ts   |  5 +++++
 .../databases/entities/user.entity.test.ts    | 20 +++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 packages/cli/test/unit/databases/entities/user.entity.test.ts

diff --git a/packages/cli/src/databases/entities/User.ts b/packages/cli/src/databases/entities/User.ts
index a9da54fe0d..238affb7c1 100644
--- a/packages/cli/src/databases/entities/User.ts
+++ b/packages/cli/src/databases/entities/User.ts
@@ -141,4 +141,9 @@ export class User extends WithTimestamps implements IUser {
 			scopeOptions,
 		);
 	}
+
+	toJSON() {
+		const { password, apiKey, mfaSecret, mfaRecoveryCodes, ...rest } = this;
+		return rest;
+	}
 }
diff --git a/packages/cli/test/unit/databases/entities/user.entity.test.ts b/packages/cli/test/unit/databases/entities/user.entity.test.ts
new file mode 100644
index 0000000000..005e45df2c
--- /dev/null
+++ b/packages/cli/test/unit/databases/entities/user.entity.test.ts
@@ -0,0 +1,20 @@
+import { User } from '@db/entities/User';
+
+describe('User Entity', () => {
+	describe('JSON.stringify', () => {
+		it('should not serialize sensitive data', () => {
+			const user = Object.assign(new User(), {
+				email: 'test@example.com',
+				firstName: 'Don',
+				lastName: 'Joe',
+				password: '123456789',
+				apiKey: '123',
+				mfaSecret: '123',
+				mfaRecoveryCodes: ['123'],
+			});
+			expect(JSON.stringify(user)).toEqual(
+				'{"email":"test@example.com","firstName":"Don","lastName":"Joe"}',
+			);
+		});
+	});
+});