I have a successful registration process using express, bookshelf, mysql, bcrypt, and jsonwebtoken. On my front end, I have angular console.log'ing the returned response. I get an object that looks like so:
{ config: ..., data: ..., headers: ... status: 200 ....}
The data object has my token and it all looks great. The problem is the config object. It has the username, password, and password verification in plain text. This just seems like a bad idea. I would rather return the token by itself. I don't know if it is coming from express or some other plugin. The file in question is at https://github.com/vrodriguez363/ng-express-gulp/blob/master/src/server/routes/api.js This question is similar to Node http response returning user password to angular which got no answer. My logged object looks like his screen shot.
It looks like Angular's doing this (see here):
The response object has these properties:
- data –
{string|Object}– The response body transformed with the transform functions.- status –
{number}– HTTP status code of the response.- headers –
{function([headerName])}– Header getter function.- config –
{Object}– The configuration object that was used to generate the request.- statusText –
{string}– HTTP status text of the response. (here)
So the user credentials you see being logged are the ones that were present in the object you pass to $http{,.post,.get)().
FWIW, in your browser's dev tools you can view the actual response that Express sends back (usually in the Network tab).