article.all and article.find return hashed password and salt transmition

[Deleted user]

when you require an article the full User is transmit into the json also with the salt and the hashed password

to secure the return value it could be possible to change the line 16 with

db.Article.find({ where: {id: id}, include: [{model:db.User, attributes:['id','username']}]}).then(function(article){

and the line 101 into

db.Article.findAll({include: [{model:db.User, attributes: ['id','username']}]}).then(function(articles){

in the file controllers/articles.js

[jpotts18]

Feel free to send a PR