🔧 Only send ID in post-login token

staart · Aug 4, 2020 · f883ec6 · f883ec6
1 parent 128d995
commit f883ec6
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/src/_staart/helpers/jwt.ts b/src/_staart/helpers/jwt.ts
@@ -138,8 +138,8 @@ export const passwordResetToken = (id: number) =>
 /**
  * Generate a new login JWT
  */
-export const loginToken = (user: users) =>
-  generateToken(user, TOKEN_EXPIRY_LOGIN, Tokens.LOGIN);
+export const loginToken = (id: number) =>
+  generateToken({ id }, TOKEN_EXPIRY_LOGIN, Tokens.LOGIN);
 
 /**
  * Generate a new login link JWT
@@ -218,10 +218,7 @@ export const postLoginTokens = async (
     await updateSessionByJwt(user.id, refreshTokenString, {});
   }
   return {
-    token: await loginToken({
-      ...deleteSensitiveInfoUser(user),
-      // email: (await getUserBestEmail(user.id)).email
-    }),
+    token: await loginToken(user.id),
     refresh: !refreshTokenString ? refresh : undefined,
   };
 };