Closed priyansh32 closed 3 years ago
Email address of a user should not be accessible to all users. Currently, on some routes, it may be still accessible.
One such route is {{baseURL}}/institutes/:instituteId, There may be other such routes too.
{{baseURL}}/institutes/:instituteId
GET {{baseURL}}/institutes/:instituteId
Auth : None
{ "success": true, "institute": { "_id": "61559f74faec086af3736b93", "name": "NITK Surathkal", "instituteId": "nitk001", "about": "The world is at Sharda University, why are you at NITK??", "externalUrl": "https://www.nitk.ac.in/", "emailRegex": "@nitk.edu.in$", "mods": [], "organizations": [ { "_id": "6155a5fc62e667f854af6ef6", "name": "NITK KODE", "organizationId": "kode101", "bio": "I", "about": "A community of developers across different institutions and a long paragraph", "externalUrl": "https://nitk.github.io/", "eventmanagers": [], "members": [ "6155a04b43b0ddd90df6bc36", "6156ac5517a3f48d04387f84" ], "institute": "61559f74faec086af3736b93", "__v": 2 } ], "members": [ { "_id": "6155a04b43b0ddd90df6bc36", "email": "useremail.201CS110@nitk.edu.in", //this email should not be returned "userType": "user", "name": "PRIYANSH PATIDAR", "username": "priyanshh32", "awards": [], "events": [], "points": 0, "institute": "61559f74faec086af3736b93", "organizations": [ "6155a5fc62e667f854af6ef6" ], "dob": "2021-09-30T11:32:27.709Z", "createdAt": "2021-09-30T11:32:27.730Z", "updatedAt": "2021-10-02T17:28:29.212Z", "__v": 1 }, { "_id": "6156ac5517a3f48d04387f84", "email": "utkarshemailhere@nitk.edu.in", //this email should not be returned "userType": "admin", "name": "UTKARSH MAHAJAN", "username": "admin", "awards": [], "events": [], "points": 0, "institute": "61559f74faec086af3736b93", "organizations": [ "6155a5fc62e667f854af6ef6" ], "dob": "2021-10-01T06:36:05.637Z", "createdAt": "2021-10-01T06:36:05.645Z", "updatedAt": "2021-10-02T17:31:12.879Z", "__v": 1 } ], "__v": 5 }, "activeEvents": [], "completedEvents": [] }
Please look for other such routes too and rectify the bug.
Email address of a user should not be accessible to all users. Currently, on some routes, it may be still accessible.
One such route is
{{baseURL}}/institutes/:instituteId
, There may be other such routes too.Request URL
GET {{baseURL}}/institutes/:instituteId
Auth : None
Response
Please look for other such routes too and rectify the bug.