From 41e497730fbc2d8b6eec800ea39a047c0f8b6c0d Mon Sep 17 00:00:00 2001
From: Derek Holloway <derek@mistox.com>
Date: Tue, 5 Aug 2025 21:55:32 -0700
Subject: [PATCH] Mask sensitive data

---
 src/Server/Controllers/EmployeeController.cs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Server/Controllers/EmployeeController.cs b/src/Server/Controllers/EmployeeController.cs
index 9a270b2..e5d4e7d 100644
--- a/src/Server/Controllers/EmployeeController.cs
+++ b/src/Server/Controllers/EmployeeController.cs
@@ -15,6 +15,9 @@ namespace BoredCareers.Controllers {
             if (isLoggedIn()) {
                 if (await isLoggedInUserEmployeeOf(CompanyID)) { 
                     Employee[] employees = await _databaseService.GetEmployeesFromCompany(CompanyID);
+                    foreach (Employee cur in employees) {
+                        cur.Company.EmailToken = "";
+                    }
                     return Ok(employees);
                 }
                 return NotFound("You are not an employee of company");
@@ -25,7 +28,10 @@ namespace BoredCareers.Controllers {
         [HttpGet]
         public async Task<IActionResult> GetEmployee() {
             if (isLoggedIn()) {
-                Employee[] employees = await _databaseService.GetEmployeesFromAccount(getLoggedInUserID());
+                Employee[] employees = await _databaseService.GetEmployeeOfCompanyByAccountID(getLoggedInUserID());
+                foreach (Employee cur in employees) {
+                    cur.Company.EmailToken = "";
+                }
                 return Ok(employees);
             }
             return NotFound("Not logged in");