Displaying the password on a filtered request

Questions and Answers
1
System Information
  • Strapi Version: 4.4.5
  • Operating System: linux
  • Database: sqlite
  • Node Version: 16.17.0
  • NPM Version:
  • Yarn Version: 1.22.19

Hello,

I’m just trying to get all the information from my “Channel” table, namely the product_id and the “users” concerned in the channel. I simply overload my find method like this:

`module.exports = createCoreController(“api::channel.channel”, ({ strapi }) => ({
async find(ctx) {
const { user } = ctx.state;

const entity = await strapi.service("api::channel.channel").find({
  filters: {
    users: {
      id: {
        $in: user.id,
      },
    },
  },
  populate: ["users"]

});

const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
return this.transformResponse(sanitizedEntity);

},
}));`

And for some reason, I get all the user information and especially the hash of the passwords.

So I try to do a select on my populate like this but it doesn’t work :
`module.exports = createCoreController(“api::channel.channel”, ({ strapi }) => ({
async find(ctx) {
const { user } = ctx.state;

const entity = await strapi.service("api::channel.channel").find({
  filters: {
    users: {
      id: {
        $in: user.id,
      },
    },
  },
  populate: {
    users: {
      select: ["id"]
    }
  }

});

const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
return this.transformResponse(sanitizedEntity);

},
}));`

Does anyone have a solution to my problem? Thanks for your help!

2

That’s odd, because in the User content type the password attribute is marked as private (source) :face_with_raised_eyebrow:

I didn’t try the myself, but maybe adding “password” to the list of privateAttributes in /config/api.js could help? See doc:

3

It doesn’t work, yes I am very surprised, I had seen that it was a private field.

Even adding “password” to privateAttributes doesn’t work. I must have touched something without meaning to.