encrypted password is served to user

I've looked into this, and the toJSON function is not automatically called by sails. What this means is that the user list page http://localhost:1337/user serves all encrypted passwords as does each individual user page.
<img width="956" alt="screen shot 2015-08-08 at 1 27 48 am" src="https://cloud.githubusercontent.com/assets/6377293/9149376/bb7eda28-3d6c-11e5-8ebb-e0c9c246a275.png">

<img width="672" alt="screen shot 2015-08-08 at 1 28 33 am" src="https://cloud.githubusercontent.com/assets/6377293/9149381/d86ac084-3d6c-11e5-8d3d-0069453bbbde.png">

All instances of User objects served to a view come with their encrypted password attribute intact.

It appears that the toJSON() method must be called explicitly for each view, as well as on the entire collection for the show controller method.
The fix is individually using toJSON on individual views and 

```
index: function (req, res, next) {
    User.find(function foundUsers (err, users) {
        if (err) { return next(err); }
        var cleanUsers = [];
        _.forEach(users, function(user) {
            cleanUsers.push(user.toJSON());
        });
        return res.view({
            users: cleanUsers
        });
    });
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

encrypted password is served to user #24

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

encrypted password is served to user #24

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions