From b862966213fa25fa1aaedd1f7d01ec77a4ce2743 Mon Sep 17 00:00:00 2001 From: Alexander Olofsson <alexander.olofsson@liu.se> Date: Mon, 11 Dec 2017 12:51:31 +0100 Subject: [PATCH] Use a whitelist instead of a blacklist --- server/users.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/users.js b/server/users.js index f869370..ab71a9a 100644 --- a/server/users.js +++ b/server/users.js @@ -57,7 +57,7 @@ router.post('/', async (req, res) => { console.log("POST: /users"); console.log(req.body); req.body = Object.keys(req.body) - .filter( key => !['admin', 'skip_confirmation'].includes(key) ) + .filter( key => ['email','username','name','skype','linkedin','twitter','website_url','organization','bio','location','avatar'].includes(key) ) .reduce( (rs, key) => (rs[key] = req.body[key], rs), {} ); try { @@ -84,7 +84,7 @@ router.post('/', async (req, res) => { console.log('> REST Query:'); console.log('POST api/v4/users'); - const response = await axios.post('api/v4/users', req.body) + const response = await axios.post('api/v4/users', Object.assign({}, req.body, { external: true, reset_password: true })) const data = response.data console.log('> Response:'); console.log(data); -- GitLab