don't keep user password in returned user profile

stops the password from being transmitted to the client in the user profile sent there
2016-06-29 23:16:00 -04:00 · 2016-06-29 23:16:00 -04:00 · cf34a72bd8
parent 6d0fe057d0
commit cf34a72bd8
1 changed files with 5 additions and 4 deletions
--- a/src/mtgcoll/auth.clj
+++ b/src/mtgcoll/auth.clj
@ -9,7 +9,8 @@
 (defn validate-credentials
  [username password]
  (if (using-authorization?)
-    (->> (config/get :users)
-         (filter #(and (= username (:username %))
-                       (= password (:password %))))
-         (first))))
+    (as-> (config/get :users) x
+          (filter #(and (= username (:username %))
+                        (= password (:password %))) x)
+          (first x)
+          (dissoc x :password))))