|
|
@@ -1,4 +1,5 @@
|
|
|
const loggerFactory = require('@alias/logger');
|
|
|
+const { serializeUserSecurely } = require('../models/serializers/user-serializer');
|
|
|
|
|
|
const logger = loggerFactory('growi:middleware:access-token-parser');
|
|
|
|
|
|
@@ -23,8 +24,7 @@ module.exports = (crowi) => {
|
|
|
}
|
|
|
|
|
|
// transforming attributes
|
|
|
- // see User model
|
|
|
- req.user = user.toObject();
|
|
|
+ req.user = serializeUserSecurely(user);
|
|
|
req.skipCsrfVerify = true;
|
|
|
|
|
|
logger.debug('Access token parsed: skipCsrfVerify');
|
itizawa