From 9e178d68873eb876073846433a596590d3d9c863 Mon Sep 17 00:00:00 2001
From: Ong Chung Yau <33013947+chungyau97@users.noreply.github.com>
Date: Thu, 4 Sep 2025 18:14:11 +0800
Subject: [PATCH] Secure password reset endpoints (#5167)

fix: prevent sensitive data exposure in password reset
---
 .../server/src/enterprise/services/account.service.ts  |  5 +++--
 .../server/src/enterprise/services/user.service.ts     |  3 ++-
 packages/server/src/utils/sanitize.util.ts             | 10 ++++++++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/packages/server/src/enterprise/services/account.service.ts b/packages/server/src/enterprise/services/account.service.ts
index 5cc1107e..e9ab3f57 100644
--- a/packages/server/src/enterprise/services/account.service.ts
+++ b/packages/server/src/enterprise/services/account.service.ts
@@ -25,6 +25,7 @@ import { RoleErrorMessage, RoleService } from './role.service'
 import { UserErrorMessage, UserService } from './user.service'
 import { WorkspaceUserErrorMessage, WorkspaceUserService } from './workspace-user.service'
 import { WorkspaceErrorMessage, WorkspaceService } from './workspace.service'
+import { sanitizeUser } from '../../utils/sanitize.util'
 
 type AccountDTO = {
     user: Partial<User>
@@ -540,7 +541,7 @@ export class AccountService {
             await queryRunner.release()
         }
 
-        return data
+        return sanitizeUser(data.user)
     }
 
     public async resetPassword(data: AccountDTO) {
@@ -582,7 +583,7 @@ export class AccountService {
             await queryRunner.release()
         }
 
-        return data
+        return sanitizeUser(data.user)
     }
 
     public async logout(user: LoggedInUser) {
diff --git a/packages/server/src/enterprise/services/user.service.ts b/packages/server/src/enterprise/services/user.service.ts
index 0f15b392..4492b6be 100644
--- a/packages/server/src/enterprise/services/user.service.ts
+++ b/packages/server/src/enterprise/services/user.service.ts
@@ -9,6 +9,7 @@ import { DataSource, QueryRunner } from 'typeorm'
 import { generateId } from '../../utils'
 import { GeneralErrorMessage } from '../../utils/constants'
 import { getHash } from '../utils/encryption.util'
+import { sanitizeUser } from '../../utils/sanitize.util'
 
 export const enum UserErrorMessage {
     EXPIRED_TEMP_TOKEN = 'Expired Temporary Token',
@@ -174,6 +175,6 @@ export class UserService {
             if (queryRunner && !queryRunner.isReleased) await queryRunner.release()
         }
 
-        return updatedUser
+        return sanitizeUser(updatedUser)
     }
 }
diff --git a/packages/server/src/utils/sanitize.util.ts b/packages/server/src/utils/sanitize.util.ts
index 410bc4c0..9d84478f 100644
--- a/packages/server/src/utils/sanitize.util.ts
+++ b/packages/server/src/utils/sanitize.util.ts
@@ -1,3 +1,5 @@
+import { User } from '../enterprise/database/entities/user.entity'
+
 export function sanitizeNullBytes(obj: any): any {
     const stack = [obj]
 
@@ -30,3 +32,11 @@ export function sanitizeNullBytes(obj: any): any {
 
     return obj
 }
+
+export function sanitizeUser(user: Partial<User>) {
+    delete user.credential
+    delete user.tempToken
+    delete user.tokenExpiry
+
+    return user
+}