search

ClubsCafe / cms-api

for managing college events/competitions
https://clubs.cafe
MIT License
7 stars 11 forks source link

Email Address of user is accessible to other users #47

Closed priyansh32 closed 3 years ago

priyansh32 commented 3 years ago

Email address of a user should not be accessible to all users. Currently, on some routes, it may be still accessible.

One such route is {{baseURL}}/institutes/:instituteId, There may be other such routes too.

Request URL

GET {{baseURL}}/institutes/:instituteId

Auth : None

Response

{
    "success": true,
    "institute": {
        "_id": "61559f74faec086af3736b93",
        "name": "NITK Surathkal",
        "instituteId": "nitk001",
        "about": "The world is at Sharda University, why are you at NITK??",
        "externalUrl": "https://www.nitk.ac.in/",
        "emailRegex": "@nitk.edu.in$",
        "mods": [],
        "organizations": [
            {
                "_id": "6155a5fc62e667f854af6ef6",
                "name": "NITK KODE",
                "organizationId": "kode101",
                "bio": "I",
                "about": "A community of developers across different institutions and a long paragraph",
                "externalUrl": "https://nitk.github.io/",
                "eventmanagers": [],
                "members": [
                    "6155a04b43b0ddd90df6bc36",
                    "6156ac5517a3f48d04387f84"
                ],
                "institute": "61559f74faec086af3736b93",
                "__v": 2
            }
        ],
        "members": [
            {
                "_id": "6155a04b43b0ddd90df6bc36",
                "email": "useremail.201CS110@nitk.edu.in",  //this email should not be returned
                "userType": "user",
                "name": "PRIYANSH PATIDAR",
                "username": "priyanshh32",
                "awards": [],
                "events": [],
                "points": 0,
                "institute": "61559f74faec086af3736b93",
                "organizations": [
                    "6155a5fc62e667f854af6ef6"
                ],
                "dob": "2021-09-30T11:32:27.709Z",
                "createdAt": "2021-09-30T11:32:27.730Z",
                "updatedAt": "2021-10-02T17:28:29.212Z",
                "__v": 1
            },
            {
                "_id": "6156ac5517a3f48d04387f84",
                "email": "utkarshemailhere@nitk.edu.in", //this email should not be returned
                "userType": "admin",
                "name": "UTKARSH MAHAJAN",
                "username": "admin",
                "awards": [],
                "events": [],
                "points": 0,
                "institute": "61559f74faec086af3736b93",
                "organizations": [
                    "6155a5fc62e667f854af6ef6"
                ],
                "dob": "2021-10-01T06:36:05.637Z",
                "createdAt": "2021-10-01T06:36:05.645Z",
                "updatedAt": "2021-10-02T17:31:12.879Z",
                "__v": 1
            }
        ],
        "__v": 5
    },
    "activeEvents": [],
    "completedEvents": []
}

Please look for other such routes too and rectify the bug.