Retrieve password from Collection

krishnatawani · December 28, 2020, 12:48pm

System Information

Strapi Version:v3.4.1
Operating System: Windows
Database: Mongo DB
Node Version: v14.15.1
NPM Version:
Yarn Version:

Hello,
I have a Collection: FTPDetails.
With Fields: FTP_server, FTP_username, FTP_password.

I am using field-type as ‘password’ for FTP_password, data is getting stored with encryption but unable to get the data back when called via http.
Please let me know how can I get the decrypted data via http call.

Thank you!

DMehaffy · December 29, 2020, 5:28pm

Password fields cannot be fetched, you will need to select a different field type or customize the controller and write your own sanitization function.

As you can see here: https://strapi.io/documentation/developer-docs/latest/concepts/controllers.html#find

We are using

const { sanitizeEntity } = require('strapi-utils');

And the code for that function is here: strapi/sanitize-entity.js at master · strapi/strapi · GitHub

Specifically we are stripping any password fields out:

github.com

strapi/strapi/blob/24ddb69bc019570497af062e07cfcfd643495146/packages/strapi-utils/lib/sanitize-entity.js#L142-L150

    
      
          const shouldRemoveAttribute = (model, key, attribute = {}, { withPrivate, isOutput }) => {
            const isPassword = attribute.type === 'password';
            const isPrivate = isPrivateAttribute(model, key);
          
          
  const shouldRemovePassword = isOutput;
            const shouldRemovePrivate = !withPrivate && isOutput;
          
          
  return !!((isPassword && shouldRemovePassword) || (isPrivate && shouldRemovePrivate));
          };