Strip personally identifiable information from user table for unautho…

[acinader]

…rized users.

• add a config option to explicitly enumerate pii fields beyond email
• in query controller, strip pii of user table results before sending out the door.

fixes: #3155

[facebook-github-bot]

@acinader updated the pull request - view changes

[acinader]

oops. forgot to commit the unit test...now added.

[flovilmart]

Small nits otherwise it's great, we probably could handle authData the same way

[flovilmart]

seems that authData is pretty much the same :)

[flovilmart]

Small nit:   || ( auth.user 
-----------------^ remove space

[flovilmart]

@acinader just a few small things that you could address. Otherwise, LGTM!

[facebook-github-bot]

@acinader updated the pull request - view changes

[acinader]

@flovilmart

I added a second commit with what I think you have in mind for authdata? I like having the logic pulled out of the loop into their own functions. I also like having them be two, small function instead of combining.

Also, if this looks good, let me know and I'll squash the commits. The squash and merge button is the devil.

[flovilmart]

The squash and merge button is fine :)

[facebook-github-bot]

@acinader updated the pull request - view changes

[acinader]

@flovilmart

1. squashed
2. au contraire the squash and merge wreaks havoc on my local workflow. changes all the hashes so i can't easily tell which branches have been merged (need to google some more.)
3. looking into why the build is busted (it wasn't me!) ;)

[flovilmart]

2. Right, it rewrites the history, but that's nice. As it also adds on the top of master.

Now that you're a contributor, you don't need your fork for your commits you can push branches directly

[acinader]

noted on the fork stuff. any reason for me to resubmit this not from my fork?

[flovilmart]

No reason!

[facebook-github-bot]

@acinader updated the pull request - view changes