Demonstrate proper security (do not use req.body directly) #159
Description
boilermaker/server/auth/index.js
Line 24 in 43c4e85
Whatever we show students, they inevitably emulate in future projects – even when we explicitly state that it is an antipattern, there for education. Accordingly, I think we should extract the properties we want from req.body (or blacklist sensitive properties) rather than pass it directly to .create.