From b862966213fa25fa1aaedd1f7d01ec77a4ce2743 Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <alexander.olofsson@liu.se>
Date: Mon, 11 Dec 2017 12:51:31 +0100
Subject: [PATCH] Use a whitelist instead of a blacklist

---
 server/users.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/users.js b/server/users.js
index f869370..ab71a9a 100644
--- a/server/users.js
+++ b/server/users.js
@@ -57,7 +57,7 @@ router.post('/', async (req, res) => {
   console.log("POST: /users");
   console.log(req.body);
   req.body = Object.keys(req.body)
-    .filter( key => !['admin', 'skip_confirmation'].includes(key) )
+    .filter( key => ['email','username','name','skype','linkedin','twitter','website_url','organization','bio','location','avatar'].includes(key) )
     .reduce( (rs, key) => (rs[key] = req.body[key], rs), {} );
 
   try {
@@ -84,7 +84,7 @@ router.post('/', async (req, res) => {
 
     console.log('> REST Query:');
     console.log('POST api/v4/users');
-    const response = await axios.post('api/v4/users', req.body)
+    const response = await axios.post('api/v4/users', Object.assign({}, req.body, { external: true, reset_password: true }))
     const data = response.data
     console.log('> Response:');
     console.log(data);
-- 
GitLab