{select: false} works differently on mongoose queries

56
January 13, 2021, at 01:50 AM

I am trying to create a user in mongoose and return it after User.create query without password field. I set "select: false" on password field in model schema but it keeps returning me password in response after User.create.

// models/user.js
const userSchema = new mongoose.Schema({
  // ...
  password: {
    type: String,
    required: true,
    minlength: 5,
    select: false,
  },
});
// routes/index.js
routes.post(
  "/sign-up",
  celebrate({
    body: Joi.object().keys({
      name: Joi.string().min(2).max(30),
      about: Joi.string().min(2).max(30),
      avatar: Joi.string().pattern(RegExp(urlChecker)),
      email: Joi.string().required().email(),
      password: Joi.string().required().min(5),
    }),
  }),
  usersController.createUser,
);
// controllers/user.js
const User = require("../models/user");
exports.createUser = (req, res, next) => {
  const {
    name,
    about,
    avatar,
    email,
    password,
  } = req.body;
  bcrypt
    .hash(password, 10)
    .then((hash) => User.create({
      name,
      about,
      avatar,
      email,
      password: hash,
    }))
    .then((user) => {
      if (!user) {
        throw new InvalidInputError("Invalid data");
      }
      res.send(user); // response includes password field
    })
    .catch((err) => next(err));
};

However, if I add User.findById query after User.create, I get a response without password field.

// controllers/user.js
    // ...
    .then((user) => {
      if (!user) {
        throw new InvalidInputError("Invalid data");
      }
      return User.findById(user._id);
    })
    .then((user) => {
      if (!user) {
        throw new NotFoundError("User not found");
      }
      res.send(user); // works fine!
    })

Am I right that {select: false} works only on find queries in mongoose? Are there any other workarounds for not returning password field after User.create method?

Answer 1

the result of save is a object model, you should convert it to a object and delete password key, like this:

user = user.toObject()
delete user.password
res.send(user); // response includes password field 
READ ALSO
How to generate random password in python [duplicate]

How to generate random password in python [duplicate]

I want to use python3 to generate random password to encrypt my files, The random password created should have following restriction

76
Post Image data in android studio to a server url not working on android 4.1.2

Post Image data in android studio to a server url not working on android 4.1.2

I am taking a screenshot on my android app using this code:

75
Android studio Build failed with NDK

Android studio Build failed with NDK

found error while build the project with NDK

80
How to make an extensive Website with 100s pf pages like w3school? [closed]

How to make an extensive Website with 100s pf pages like w3school? [closed]

Want to improve this question? Add details and clarify the problem by editing this post

16