refactor(model:user): exclude password info by default

thanks to guiltry for the original commit (89980c5)

Author: Awk34

Diff for: app/templates/server/api/user(auth)/user.controller.js

@@ -143,7 +143,7 @@ exports.changePassword = function(req, res, next) {
 exports.me = function(req, res, next) {
   var userId = req.user._id;
 
-  <% if (filters.mongooseModels) { %>User.findOneAsync({ _id: userId }, '-salt -hashedPassword')<% }
+  <% if (filters.mongooseModels) { %>User.findOneAsync({ _id: userId })<% }
      if (filters.sequelizeModels) { %>User.find({
     where: {
       _id: userId

Diff for: app/templates/server/api/user(auth)/user.model(mongooseModels).js

@@ -15,9 +15,9 @@ var UserSchema = new Schema({
     type: String,
     default: 'user'
   },
-  password: String,
+  password: {type: String, select: false},
   provider: String,
-  salt: String<% if (filters.oauth) { %>,<% if (filters.facebookAuth) { %>
+  salt: {type: String, select: false}<% if (filters.oauth) { %>,<% if (filters.facebookAuth) { %>
   facebook: {},<% } %><% if (filters.twitterAuth) { %>
   twitter: {},<% } %><% if (filters.googleAuth) { %>
   google: {},<% } %>

Diff for: app/templates/server/api/user(auth)/user.model.spec(mongooseModels).js

@@ -52,6 +52,14 @@ describe('User Model', function() {
       return user.saveAsync();
     });
 
+    it('should exclude salt and hashedPassword by default', function(done) {
+      User.find({name: user.name}, function(err, _user) {
+        _user.should.not.have.property('salt');
+        _user.should.not.have.property('hashedPassword');
+        done();
+      });
+    });
+
     it('should authenticate user if valid', function() {
       user.authenticate('password').should.be.true;
     });

Diff for: app/templates/server/api/user(auth)/user.model.spec(sequelizeModels).js

@@ -54,6 +54,14 @@ describe('User Model', function() {
       return user.save();
     });
 
+    it('should exclude salt and hashedPassword by default', function(done) {
+      User.find({name: user.name}, function(err, _user) {
+        _user.should.not.have.property('salt');
+        _user.should.not.have.property('hashedPassword');
+        done();
+      });
+    });
+
     it('should authenticate user if valid', function() {
       user.authenticate('password').should.be.true;
     });

Diff for: app/templates/server/auth(auth)/local/passport.js

@@ -4,7 +4,7 @@ var LocalStrategy = require('passport-local').Strategy;
 function localAuthenticate(User, email, password, done) {
   <% if (filters.mongooseModels) { %>User.findOneAsync({
     email: email.toLowerCase()
-  })<% }
+  }, '+salt +hashedPassword')<% }
      if (filters.sequelizeModels) { %>User.find({
     where: {
       email: email.toLowerCase()