I have implemented simple API with login functionality using FOSUserBundle and JWT (using LexikJWTAuthenticationBundle). All works well and I can login and get a jwt token. But when I created API endpoint to get user details the password field is sent in the response as well.
My controller method for fetching user details looks like this:
/** * @Route("/get/{id}", name="api_auth_get_user_by_id", methods={"GET"}) * * @param Request $request * @param UserManagerInterface $userManager * * @return JsonResponse|\Symfony\Component\HttpFoundation\RedirectResponse */public function getById(SystemUser $user){ return $this->handleView($this->view($user));}My user entity looks like this:
<?phpnamespace App\Entity\Api\Auth;use Doctrine\ORM\Mapping as ORM;use FOS\UserBundle\Model\User as BaseUser;/** * @ORM\Entity * @ORM\Table(name="fos_user") */class SystemUser extends BaseUser{ /** * @ORM\Id * @ORM\Column(type="integer") * @ORM\GeneratedValue(strategy="AUTO") */ protected $id; public function __construct() { parent::__construct(); // your own logic }}So as you can see my SystemUser entity extends from BaseUser entity which is found in FOSUserBundle.
This is how response JSON looks like when I get the user details from the API:
{"id": 1,"username": "test","username_canonical": "test","email": "test.user@super.com","email_canonical": "test.user@super.com","enabled": true,"password": "$2y$13$DnyFxYyJXQe3Z7chsJYwe.LUsuOWPqBtFm5.O0vwldX5AoMGld9ca","last_login": "2019-08-27T06:19:43-04:00","groups": [],"roles": []}So how can I exclude password property from the response. I am using latest Symfony 4.3. I know that in earlier versions of Symfony you could create a jms serializer config for each entity in your bundle but so much changed in Symfony 4 and now using bundles is not necessary and I am not using bundle for this simple app.