From af5cdbc81d60f21b728e1433aeb8837f25938d2a Mon Sep 17 00:00:00 2001
From: Pascal Thesing <pascal@thesing.me>
Date: Fri, 2 Sep 2022 09:05:53 +0200
Subject: [PATCH] SW-26909 - adjust customer module

---
 .../Shopware/Controllers/Backend/Customer.php   |  3 +++
 .../Controllers/Backend/CustomerTest.php        | 17 +++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/engine/Shopware/Controllers/Backend/Customer.php b/engine/Shopware/Controllers/Backend/Customer.php
index 729256ed254..07cb4c1415c 100644
--- a/engine/Shopware/Controllers/Backend/Customer.php
+++ b/engine/Shopware/Controllers/Backend/Customer.php
@@ -791,6 +791,9 @@ private function getCustomer(int $id): array
             $data['lastLogin'] = new DateTime('@0');
         }
 
+        unset($data['sessionId']);
+        unset($data['hashPassword']);
+
         return $data;
     }
 
diff --git a/tests/Functional/Controllers/Backend/CustomerTest.php b/tests/Functional/Controllers/Backend/CustomerTest.php
index ed27ca3b41c..fe16fc439f3 100644
--- a/tests/Functional/Controllers/Backend/CustomerTest.php
+++ b/tests/Functional/Controllers/Backend/CustomerTest.php
@@ -60,6 +60,23 @@ public function setUp(): void
         Shopware()->Plugins()->Backend()->Auth()->setNoAcl();
     }
 
+    public function testSensitiveDataIsNotSend(): void
+    {
+        $customer = $this->createDummyCustomer();
+
+        $params = [
+            'customerID' => $customer->getId(),
+        ];
+        $this->Request()->setMethod('POST')->setPost($params);
+        $this->dispatch('/backend/Customer/getDetail');
+
+        $body = $this->View()->getAssign();
+        static::assertTrue($body['success']);
+        static::assertArrayNotHasKey('hashPassword', $body['data']);
+        static::assertArrayNotHasKey('sessionId', $body['data']);
+        static::assertEquals('test@phpunit.org', $body['data']['email']);
+    }
+
     /**
      * Test saveAction controller action - change payment mean
      *