Sanitize team data

We don't want to expose sensitive data that might pose a security risk.
author: Antti Ahti <antti.ahti@gmail.com> 2015-10-14 19:27:19 +0300
committer: Antti Ahti <antti.ahti@gmail.com> 2015-10-14 19:27:19 +0300
commit: 8f96db4d0b52d0701398703364948e659f3ce34f (patch)
tree: 929fbd75896579cc2535ad2f5d69ef9531888e12
parent: 731595c1a93e51bcd4e6034b088b53766883a9eb (diff)
download: chat-8f96db4d0b52d0701398703364948e659f3ce34f.tar.gz
chat-8f96db4d0b52d0701398703364948e659f3ce34f.tar.bz2
chat-8f96db4d0b52d0701398703364948e659f3ce34f.zip
2 files changed, 7 insertions, 0 deletions
diff --git a/api/team.go b/api/team.go
index 18acf33ce..f6038566a 100644
--- a/api/team.go
+++ b/api/team.go
@@ -411,6 +411,7 @@ func findTeams(c *Context, w http.ResponseWriter, r *http.Request) {
 		teams := result.Data.([]*model.Team)
 		m := make(map[string]*model.Team)
 		for _, v := range teams {
+			v.Sanitize()
 			m[v.Id] = v
 		}
 
diff --git a/model/team.go b/model/team.go
index c0f6524cd..584c78f8d 100644
--- a/model/team.go
+++ b/model/team.go
@@ -219,3 +219,9 @@ func CleanTeamName(s string) string {
 
 func (o *Team) PreExport() {
 }
+
+func (o *Team) Sanitize() {
+	o.Email = ""
+	o.Type = ""
+	o.AllowedDomains = ""
+}
author	Antti Ahti <antti.ahti@gmail.com>	2015-10-14 19:27:19 +0300
committer	Antti Ahti <antti.ahti@gmail.com>	2015-10-14 19:27:19 +0300
commit	8f96db4d0b52d0701398703364948e659f3ce34f (patch)
tree	929fbd75896579cc2535ad2f5d69ef9531888e12
parent	731595c1a93e51bcd4e6034b088b53766883a9eb (diff)
download	chat-8f96db4d0b52d0701398703364948e659f3ce34f.tar.gz chat-8f96db4d0b52d0701398703364948e659f3ce34f.tar.bz2 chat-8f96db4d0b52d0701398703364948e659f3ce34f.zip