Skip to content

fix: remove debug artifacts and fix password reset token log exposure#112

Open
GitAddRemote wants to merge 1 commit intomainfrom
fix/ISSUE-99-debug-artifacts
Open

fix: remove debug artifacts and fix password reset token log exposure#112
GitAddRemote wants to merge 1 commit intomainfrom
fix/ISSUE-99-debug-artifacts

Conversation

@GitAddRemote
Copy link
Copy Markdown
Owner

@GitAddRemote GitAddRemote commented Apr 11, 2026

Summary

  • Deletes the GET /auth/test debug endpoint and its bcrypt import from AuthController
  • Replaces the two logger calls in requestPasswordReset() that leaked the raw token and reset URL with a single neutral log: Password reset requested for user ID: X
  • Gates Swagger UI (/api/docs) behind NODE_ENV !== 'production'
  • Removes persistAuthorization: true from Swagger options

Test plan

  • GET /auth/test returns 404
  • POST /auth/forgot-password logs only Password reset requested for user ID: X — no token, no URL
  • Swagger UI loads at /api/docs in development (NODE_ENV=development)
  • Swagger UI is not served when NODE_ENV=production

Closes #99

@GitAddRemote
fix: remove debug artifacts and fix password reset token log exposure
3327b09 
- Delete GET /auth/test debug endpoint and bcrypt import
- Remove raw reset token and reset URL from application logs; replace
  with neutral 'Password reset requested for user ID: X' log entry
- Gate Swagger UI behind NODE_ENV !== 'production'
- Remove persistAuthorization from Swagger options

Closes #99
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Tech Story: Remove debug artifacts and fix password reset token log exposure

1 participant

@GitAddRemote