tabshift/pocketbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed OAuth2 client secret reset when marshalizing a cached collection model

Browse Source
This commit is contained in:
Gani Georgiev
2026-03-27 23:56:17 +02:00
parent e5390c3d86
commit 45d353ffdb
3 changed files with 59 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
core/collection_model.go
View File

@@ -559,19 +559,26 @@ func (m Collection) MarshalJSON() ([]byte, error) {
collectionAuthOptions
}{m.baseCollection, m.collectionAuthOptions}
// ensure that it is always returned as array
if alias.OAuth2.Providers == nil {
alias.OAuth2.Providers = []OAuth2ProviderConfig{}
}
// @todo to avoid the below changes consider omitting the field values from the individual structs json tags
//
// hide secret keys from the serialization
alias.AuthToken.Secret = ""
alias.FileToken.Secret = ""
alias.PasswordResetToken.Secret = ""
alias.EmailChangeToken.Secret = ""
alias.VerificationToken.Secret = ""
for i := range alias.OAuth2.Providers {
alias.OAuth2.Providers[i].ClientSecret = ""
if alias.OAuth2.Providers == nil {
// ensure that it is always returned as array
alias.OAuth2.Providers = []OAuth2ProviderConfig{}
} else {
// create a deep copy of the slice to avoid modifying the cached model state
redactedProviders := make([]OAuth2ProviderConfig, len(alias.OAuth2.Providers))
copy(redactedProviders, alias.OAuth2.Providers)
for i := range redactedProviders {
redactedProviders[i].ClientSecret = ""
}
alias.OAuth2.Providers = redactedProviders
}
return json.Marshal(alias)