From cf34a72bd83b08306f766ddade8305eb4e4b6ae9 Mon Sep 17 00:00:00 2001
From: gered <gered@blarg.ca>
Date: Wed, 29 Jun 2016 23:16:00 -0400
Subject: [PATCH] don't keep user password in returned user profile

stops the password from being transmitted to the client in the user
profile sent there
---
 src/mtgcoll/auth.clj | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/mtgcoll/auth.clj b/src/mtgcoll/auth.clj
index e12cd08..a070d9f 100644
--- a/src/mtgcoll/auth.clj
+++ b/src/mtgcoll/auth.clj
@@ -9,7 +9,8 @@
 (defn validate-credentials
   [username password]
   (if (using-authorization?)
-    (->> (config/get :users)
-         (filter #(and (= username (:username %))
-                       (= password (:password %))))
-         (first))))
+    (as-> (config/get :users) x
+          (filter #(and (= username (:username %))
+                        (= password (:password %))) x)
+          (first x)
+          (dissoc x :password))))