From 39ff54d39295fb4c620f561343156f56c2766aa1 Mon Sep 17 00:00:00 2001
From: Raymond Feng <enjoyjava@gmail.com>
Date: Thu, 18 Oct 2018 14:46:13 -0700
Subject: [PATCH] Hide offending properties from the error object

---
 lib/utils.js                  | 7 +++++--
 test/model-definition.test.js | 3 +--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/utils.js b/lib/utils.js
index 9e67123e..88110069 100644
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -32,6 +32,7 @@ exports.validateKeys = validateKeys;
 var g = require('strong-globalize')();
 var traverse = require('traverse');
 var assert = require('assert');
+var debug = require('debug')('loopback:juggler:utils');
 
 function safeRequire(module) {
   try {
@@ -362,11 +363,13 @@ function validateKeys(where, prohibitedKeys) {
     return x;
   });
   if (offendingKeys.length) {
-    const msg = 'Properties "' + offendingKeys.join(', ') + '" are not allowed in query';
+    const msg = 'Invalid properties are used in query';
     const err = new Error(msg);
     err.code = 'PROPERTY_NOT_ALLOWED_IN_QUERY';
     err.statusCode = 400;
-    err.details = {properties: offendingKeys, where: where};
+    err.details = {where: where};
+    debug('Hidden or protected properties %j are used in query: %j',
+      offendingKeys, where, err);
     throw err;
   }
   return result;
diff --git a/test/model-definition.test.js b/test/model-definition.test.js
index b0e025de..e11dfead 100644
--- a/test/model-definition.test.js
+++ b/test/model-definition.test.js
@@ -332,10 +332,9 @@ describe('ModelDefinition class', function() {
 
   function assertPropertyNotAllowed(err) {
     should.exist(err);
-    err.message.should.match(/Properties "secret" are not allowed in query/);
+    err.message.should.match(/Invalid properties are used in query/);
     err.code.should.equal('PROPERTY_NOT_ALLOWED_IN_QUERY');
     err.statusCode.should.equal(400);
-    err.details.should.have.property('properties');
     err.details.should.have.property('where');
   }