Sanitize personal information out of license for non system admin users (#3487)

3 files changed, 25 insertions, 2 deletions

diff --git a/api/user.go b/api/user.go
index bd718e956..2ffda1bc5 100644
--- a/api/user.go
+++ b/api/user.go
@@ -890,7 +890,11 @@ func getInitialLoad(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	il.ClientCfg = utils.ClientCfg
-	il.LicenseCfg = utils.ClientLicense
+	if c.IsSystemAdmin() {
+		il.LicenseCfg = utils.ClientLicense
+	} else {
+		il.LicenseCfg = utils.GetSantizedClientLicense()
+	}
 
 	w.Write([]byte(il.ToJson()))
 }
diff --git a/utils/config.go b/utils/config.go
index 58980ba7f..5ebf29e3e 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -230,7 +230,6 @@ func getClientConfig(c *model.Config) map[string]string {
 	props["EnableSignInWithEmail"] = strconv.FormatBool(*c.EmailSettings.EnableSignInWithEmail)
 	props["EnableSignInWithUsername"] = strconv.FormatBool(*c.EmailSettings.EnableSignInWithUsername)
 	props["RequireEmailVerification"] = strconv.FormatBool(c.EmailSettings.RequireEmailVerification)
-	props["FeedbackEmail"] = c.EmailSettings.FeedbackEmail
 
 	props["EnableSignUpWithGitLab"] = strconv.FormatBool(c.GitLabSettings.Enable)
 	props["EnableSignUpWithGoogle"] = strconv.FormatBool(c.GoogleSettings.Enable)
diff --git a/utils/license.go b/utils/license.go
index 6905bee4f..060beb525 100644
--- a/utils/license.go
+++ b/utils/license.go
@@ -146,3 +146,23 @@ func GetClientLicenseEtag() string {
 
 	return model.Etag(fmt.Sprintf("%x", md5.Sum([]byte(value))))
 }
+
+func GetSantizedClientLicense() map[string]string {
+	sanitizedLicense := make(map[string]string)
+
+	for k, v := range ClientLicense {
+		sanitizedLicense[k] = v
+	}
+
+	if IsLicensed {
+		delete(sanitizedLicense, "Name")
+		delete(sanitizedLicense, "Email")
+		delete(sanitizedLicense, "Company")
+		delete(sanitizedLicense, "PhoneNumber")
+		delete(sanitizedLicense, "IssuedAt")
+		delete(sanitizedLicense, "StartsAt")
+		delete(sanitizedLicense, "ExpiresAt")
+	}
+
+	return sanitizedLicense
+}