diff --git a/services/web/app/src/Features/Project/ProjectEditorHandler.js b/services/web/app/src/Features/Project/ProjectEditorHandler.js index 8c00eefbfe..77028c7369 100644 --- a/services/web/app/src/Features/Project/ProjectEditorHandler.js +++ b/services/web/app/src/Features/Project/ProjectEditorHandler.js @@ -49,7 +49,9 @@ module.exports = ProjectEditorHandler = { if (result.invites == null) { result.invites = [] } - + result.invites.forEach(invite => { + delete invite.token + }) ;({ owner, ownerFeatures, members } = this.buildOwnerAndMembersViews( members )) diff --git a/services/web/test/unit/src/Project/ProjectEditorHandlerTests.js b/services/web/test/unit/src/Project/ProjectEditorHandlerTests.js index f07de53387..82108aa728 100644 --- a/services/web/test/unit/src/Project/ProjectEditorHandlerTests.js +++ b/services/web/test/unit/src/Project/ProjectEditorHandlerTests.js @@ -97,20 +97,22 @@ describe('ProjectEditorHandler', function() { _id: 'invite_one', email: 'user-one@example.com', privileges: 'readOnly', - projectId: this.project._id + projectId: this.project._id, + token: 'my-secret-token1' }, { _id: 'invite_two', email: 'user-two@example.com', privileges: 'readOnly', - projectId: this.project._id + projectId: this.project._id, + token: 'my-secret-token2' } ] return (this.handler = SandboxedModule.require(modulePath)) }) describe('buildProjectModelView', function() { - describe('with owner and members included', function() { + describe('with owner, members and invites included', function() { beforeEach(function() { return (this.result = this.handler.buildProjectModelView( this.project, @@ -159,6 +161,11 @@ describe('ProjectEditorHandler', function() { ]) }) + it('invites should not include the token', function() { + should.not.exist(this.result.invites[0].token) + should.not.exist(this.result.invites[1].token) + }) + it('should gather readOnly_refs and collaberators_refs into a list of members', function() { const findMember = id => { for (let member of Array.from(this.result.members)) {