Excluding password

The password should never be returned in the response.

The next issue is extremely easy to solve. In order to avoid sending the password in the response, we just need to perform two simple steps.

In fact, the first step has already been performed, which would be to enable the ClassSerializerInterceptor globally. We did this when we used the @Expose() decorator for the first time.

So, all that's left to do is to go back to the user.entity file and, over the password field, use the @Exclude() decorator. Now, this field is not sent in the response anymore.

Commit - Excluding password from response