From 44fbf45ce5784944e9fc1611e36811db63fad61c Mon Sep 17 00:00:00 2001
From: Jakub Onderka <jakub.onderka@gmail.com>
Date: Wed, 15 Sep 2021 09:55:46 +0200
Subject: [PATCH] chg: [internal] Do not fetch password from db

---
 app/Model/User.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Model/User.php b/app/Model/User.php
index 47a274245..1016c5f2e 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -911,6 +911,8 @@ class User extends AppModel
         // Do not include keys, because they are big and usually not necessary
         unset($fields['gpgkey']);
         unset($fields['certif_public']);
+        // Do not fetch password from db, it is automatically fetched by BaseAuthenticate::_findUser
+        unset($fields['password']);
         $fields = array_keys($fields);
 
         foreach ($this->belongsTo as $relatedModel => $foo) {