#1127: hide user e-mail when API caller isn't signed in

tokarchuk/v1.17
Unknwon 9 years ago
parent ec774d48c5
commit 2b1e67e085
  1. 1
      modules/middleware/auth.go
  2. 5
      routers/api/v1/user.go

@ -69,6 +69,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
} }
} }
// Contexter middleware already checks token for user sign in process.
func ApiReqToken() macaron.Handler { func ApiReqToken() macaron.Handler {
return func(ctx *Context) { return func(ctx *Context) {
if !ctx.IsSigned { if !ctx.IsSigned {

@ -68,5 +68,10 @@ func GetUserInfo(ctx *middleware.Context) {
} }
return return
} }
// Hide user e-mail when API caller isn't signed in.
if !ctx.IsSigned {
u.Email = ""
}
ctx.JSON(200, &api.User{u.Id, u.Name, u.FullName, u.Email, u.AvatarLink()}) ctx.JSON(200, &api.User{u.Id, u.Name, u.FullName, u.Email, u.AvatarLink()})
} }

Loading…
Cancel
Save