Password hashes get populated with user data!

[andre-stefanov]

Request user data (or user list) from user controller results in "password" fields being part of the response

GET /api/user HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaXJzdE5hbWUiOiJBbmRyZSIsImxhc3ROYW1lIjoiUG9zdG1hbiIsImVtYWlsIjoicG9zdG1hbkBhbmRyZS5kZSIsInN0cmVldCI6bnVsbCwibnVtYmVyIjpudWxsLCJ6aXBDb2RlIjpudWxsLCJjaXR5IjpudWxsLCJ0ZWxlcGhvbmUiOm51bGwsImlkIjo2LCJyb2xlIjoibm9uZSIsImlhdCI6MTU4NDkyNjk4NCwiZXhwIjoxNTg0OTMwNTg0fQ.h4GytYoAGZ64rKCUuorB7tofwY-pqYwr05gJby7zf0g
User-Agent: PostmanRuntime/7.23.0
Accept: /
Cache-Control: no-cache
Postman-Token: ed007cb3-d24a-403b-9814-219f905a3c27
Host: nexd-api-alb-1107636132.eu-central-1.elb.amazonaws.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
HTTP/1.1 200 OK
Date: Wed, 25 Mar 2020 15:59:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2693
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: *
ETag: W/"a85-AiXdynYGT/dQrjVaUQijtj8WnTk"
[{"street":null,"number":null,"zipCode":"12345","city":"","id":1,"firstName":"Franz","lastName":"Beckenbauer","email":"Asdf@baser.de","role":"helper","telephone":"123123","password":"791c9df4e783939edad8eb893dab019243917cece5ed0c990284b11778a1bb78"},{"street":null,"number":null,"zipCode":"123123","city":"","id":2,"firstName":"Hans","lastName":"Maiser","email":"Asdf@baser1.de","role":"helper","telephone":"123123","password":"791c9df4e783939edad8eb893dab019243917cece5ed0c990284b11778a1bb78"},{"street":null,"number":null,"zipCode":"123123","city":"","id":3,"firstName":"Asdf","lastName":"Asdf","email":"Asdf@asdf.de","role":"helper","telephone":"123","password":"2908e96a934b21ab6612814f5cf45949aeb44804ea3939779c0bd16f25e04124"},{"street":null,"number":null,"zipCode":null,"city":null,"id":4,"firstName":"Fabian","lastName":"Nickel","email":"fabian.nickel+2@mydaco.com","role":"none","telephone":null,"password":"3c2019ba95940d2696b2e776f2b284862e7a29efaa5648dbdd20ed1fdf177e08"},{"street":null,"number":null,"zipCode":null,"city":null,"id":5,"firstName":"Andre","lastName":"Stefanov","email":"andre@mail.com","role":"helper","telephone":null,"password":"e56a207acd1e6714735487c199c6f095844b7cc8e5971d86c003a7b6f36ef51e"},{"street":null,"number":null,"zipCode":null,"city":null,"id":6,"firstName":"Andre","lastName":"Postman","email":"postman@andre.de","role":"none","telephone":null,"password":"e56a207acd1e6714735487c199c6f095844b7cc8e5971d86c003a7b6f36ef51e"},{"street":null,"number":null,"zipCode":"","city":"","id":7,"firstName":"Asdfadsf","lastName":"Aasdfasdfasd","email":"Asef@Asdfasdf.de","role":"helper","telephone":"2222","password":"3934009f9c7fbf7209680fa12d5a657ffd00554bf33c5b567738f35bc3ded042"},{"street":null,"number":null,"zipCode":"","city":"","id":8,"firstName":"Asdfasdf","lastName":"Asdfasdf","email":"Test@Test.de","role":"helper","telephone":"","password":"91e0eb8bc290c0e45353d4c73645625c7271272a8b376accba3c6c0a67e4e27e"},{"street":null,"number":null,"zipCode":null,"city":null,"id":9,"firstName":"Andre","lastName":"Stefanov","email":"andre2@mail.com","role":"none","telephone":null,"password":"e56a207acd1e6714735487c199c6f095844b7cc8e5971d86c003a7b6f36ef51e"},{"street":null,"number":null,"zipCode":null,"city":null,"id":10,"firstName":"Andre","lastName":"Stefanov","email":"andre3@mail.com","role":"none","telephone":null,"password":"e56a207acd1e6714735487c199c6f095844b7cc8e5971d86c003a7b6f36ef51e"},{"street":null,"number":null,"zipCode":null,"city":null,"id":11,"firstName":"Claudius","lastName":"Kienle","email":"claudiuskienle@googlemail.com","role":"none","telephone":null,"password":"b946ccc987465afcda7e45b1715219711a13518d1f1663b8c53b848cb0143441"}]

[f10l]

solution: use class serializer interceptor: https://github.com/nestjs/nest/blob/master/packages/common/serializer/class-serializer.interceptor.ts

Will be done in the current rewrite #46

[f10l]

This is now resolved, correct?