You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The updateUser function in controllers/users.js has two critical issues:
It merges obfuscated email and phone number data into the user record.
It incorrectly includes an id field when updating user data, potentially causing conflicts with the document's actual ID.
Expected Behavior
The function should merge unobfuscated email and phone number data into the user record.
The id field should be excluded when updating user data.
Current Behavior
Obfuscated email and phone number data from fetchProfileDiff are being merged into the user record.
An id field is included in the data used to update the user record, which may interfere with the document's actual ID.
Screenshots
N/A
Reproducibility
This issue is reproducible
This issue is not reproducible
Steps to Reproduce
Call the updateUser function with a valid profileDiffId.
Check the updated user record in the database.
Observe that the email and phone number are obfuscated and an extra id field is present.
Severity/Priority
Critical
High
Medium
Low
Additional Information
The fetchProfileDiff function returns obfuscated data for UI purposes, but this data is being directly used to update the user record. We need to implement a way to get both obfuscated (for UI) and unobfuscated (for database updates) data.
Proposed Solution
Create a new function in profileDiffsQuery that returns unobfuscated data for database updates.
Modify the updateUser function to use this new function for getting unobfuscated data.
Implement a filtering step to remove the id field before updating the user record.
Checklist
I have read and followed the project's code of conduct.
I have searched for similar issues before creating this one.
I have provided all the necessary information to understand and reproduce the issue.
I am willing to contribute to the resolution of this issue.
The text was updated successfully, but these errors were encountered:
Issue Description
The
updateUser
function incontrollers/users.js
has two critical issues:id
field when updating user data, potentially causing conflicts with the document's actual ID.Expected Behavior
id
field should be excluded when updating user data.Current Behavior
fetchProfileDiff
are being merged into the user record.id
field is included in the data used to update the user record, which may interfere with the document's actual ID.Screenshots
N/A
Reproducibility
Steps to Reproduce
updateUser
function with a validprofileDiffId
.id
field is present.Severity/Priority
Additional Information
The
fetchProfileDiff
function returns obfuscated data for UI purposes, but this data is being directly used to update the user record. We need to implement a way to get both obfuscated (for UI) and unobfuscated (for database updates) data.Proposed Solution
profileDiffsQuery
that returns unobfuscated data for database updates.updateUser
function to use this new function for getting unobfuscated data.id
field before updating the user record.Checklist
The text was updated successfully, but these errors were encountered: