diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 235493c9cc..7af86df703 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -65,7 +65,7 @@ module.exports = { return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.invalid' }] }] : 'Identifier or password invalid.'); } else { ctx.send({ - jwt: strapi.plugins['users-permissions'].services.jwt.issue(user), + jwt: strapi.plugins['users-permissions'].services.jwt.issue(_.pick(user.toJSON ? user.toJSON() : user, ['_id', 'id'])), user: _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']) }); } @@ -87,7 +87,7 @@ module.exports = { } ctx.send({ - jwt: strapi.plugins['users-permissions'].services.jwt.issue(user), + jwt: strapi.plugins['users-permissions'].services.jwt.issue(_.pick(user, ['_id', 'id'])), user: _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']) }); } @@ -112,7 +112,7 @@ module.exports = { await strapi.query('user', 'users-permissions').update(user); ctx.send({ - jwt: strapi.plugins['users-permissions'].services.jwt.issue(user), + jwt: strapi.plugins['users-permissions'].services.jwt.issue(_.pick(user.toJSON ? user.toJSON() : user, ['_id', 'id'])), user: _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']) }); } else if (params.password && params.passwordConfirmation && params.password !== params.passwordConfirmation) { @@ -250,7 +250,7 @@ module.exports = { const user = await strapi.query('user', 'users-permissions').create(params); ctx.send({ - jwt: strapi.plugins['users-permissions'].services.jwt.issue(user), + jwt: strapi.plugins['users-permissions'].services.jwt.issue(_.pick(user.toJSON ? user.toJSON() : user, ['_id', 'id'])), user: _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']) }); } catch(err) {