From 354ea5faab9f7cae68090ffd84d63c3c9ed1813d Mon Sep 17 00:00:00 2001
From: Alex <alex@bolord.com>
Date: Thu, 25 Jun 2015 22:43:32 +0800
Subject: [PATCH 1/2] Update user.controller.js

Remove sensitive data before response
---
 app/templates/server/api/user(auth)/user.controller.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/templates/server/api/user(auth)/user.controller.js b/app/templates/server/api/user(auth)/user.controller.js
index 4e826e1..d3ca42b 100644
--- a/app/templates/server/api/user(auth)/user.controller.js
+++ b/app/templates/server/api/user(auth)/user.controller.js
@@ -32,6 +32,8 @@ exports.create = function (req, res) {
       config.secrets.session,
       { expiresInMinutes: 60 * 5 }
     );
+    delete user.passwordHash;
+    delete user.salt;
     res.status(201).json({ token: token, user: user });
   });
 };

From 809b01fb9dc9d8d6cbbb34da611b245a09bfe36e Mon Sep 17 00:00:00 2001
From: Alex <alex@bolord.com>
Date: Thu, 25 Jun 2015 23:00:53 +0800
Subject: [PATCH 2/2] Remove sensitive data before response

---
 app/templates/server/auth(auth)/local/index.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/templates/server/auth(auth)/local/index.js b/app/templates/server/auth(auth)/local/index.js
index 72e8781..acca0a5 100644
--- a/app/templates/server/auth(auth)/local/index.js
+++ b/app/templates/server/auth(auth)/local/index.js
@@ -12,6 +12,11 @@ router.post('/', function (req, res, next) {
     if (error) { return res.status(401).json(error); }
     if (!user) { return res.status(401).json({ msg: 'login failed' }); }
     var token = auth.signToken(user._id);
+
+    user = user.toObject();
+    delete user.passwordHash;
+    delete user.salt;
+
     res.json({ token: token, user: user });
   })(req, res, next);
 });