From 6a0f73d1379b4b97df1ffb20566f64eac3b09ccc Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Sat, 16 May 2020 16:42:02 -0400
Subject: [PATCH] Revert "SessionStore: replace password with PASSWORD_HIDDEN
 when storing in db"

This reverts commit 53f126082a8b3d094e48b159f0f0bc8a5db4b2f4, which
broke user authentication.

Fixes issue #4016.
Reopens issue #3421.

(cherry picked from commit 901a3f396e1b3fffda940e06f23394ef55b5c992)
---
 src/node/db/SessionStore.js | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/node/db/SessionStore.js b/src/node/db/SessionStore.js
index 263c7d6ee..647cbbc8d 100644
--- a/src/node/db/SessionStore.js
+++ b/src/node/db/SessionStore.js
@@ -38,11 +38,6 @@ SessionStore.prototype.get = function(sid, fn) {
 SessionStore.prototype.set = function(sid, sess, fn) {
   messageLogger.debug('SET ' + sid);
 
-  // don't store passwords in DB
-  if (sess.user && sess.user.password) {
-    sess.user.password = "PASSWORD_HIDDEN";
-  }
-
   db.set("sessionstorage:" + sid, sess);
   if (fn) {
     process.nextTick(fn);