From beff1aa2e1538dcbdcf59d66933579d6e34b06fa Mon Sep 17 00:00:00 2001
From: Mark Tearle <mtearle@ucc.asn.au>
Date: Mon, 8 Feb 2021 18:35:56 +0800
Subject: [PATCH] Don't send API key back

---
 quovadis/quovadis.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/quovadis/quovadis.php b/quovadis/quovadis.php
index ecfe215..34124e5 100644
--- a/quovadis/quovadis.php
+++ b/quovadis/quovadis.php
@@ -210,8 +210,10 @@ $leaf->post('/register', function () use($leaf) {
     
     // Email API key
     email_api_key($username, $api_key);
-    
-    $leaf->response->json(["message" => "API key ".$api_key. " for " .$username." has been added and email sent"],200);
+
+    // Don't echo API key back as sending it by email to the UCC member stops
+    // folks hitting the API and being able to cause havoc 
+    $leaf->response->json(["message" => "API key for " .$username." has been added and email sent"],200);
 });
 
 $leaf->post('/update-api-key', function () use($leaf) {
-- 
GitLab