Avoid uri to be sent to front-end

app/TwoFAccount.php

@@ -42,6 +42,14 @@ class TwoFAccount extends Model implements Sortable
     protected $appends = ['otpType', 'counter'];
 
 
+    /**
+     * The attributes that should be hidden for arrays.
+     *
+     * @var array
+     */
+    protected $hidden = ['uri'];
+
+
     /**
      * Override The "booting" method of the model
      *

tests/Feature/ProtectDbTest.php

@@ -60,7 +60,6 @@ class ProtectDbTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'test',
                 'account' => Crypt::decryptString($encrypted->account),
-                'uri' => Crypt::decryptString($encrypted->uri),
             ]);
 
         $response = $this->actingAs($this->user, 'api')
@@ -69,7 +68,6 @@ class ProtectDbTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'testAlt',
                 'account' => Crypt::decryptString($encryptedAlt->account),
-                'uri' => Crypt::decryptString($encryptedAlt->uri),
             ]);
     }
 
@@ -129,7 +127,6 @@ class ProtectDbTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'test',
                 'account' => 'test@test.com',
-                'uri' => 'otpauth://totp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test',
             ]);
 
         $response = $this->actingAs($this->user, 'api')
@@ -138,7 +135,6 @@ class ProtectDbTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'testAlt',
                 'account' => 'testAlt@test.com',
-                'uri' => 'otpauth://totp/testAlt@test.com?secret=A4GRFHVVRBGY7UIW&issuer=testAlt',
             ]);
     }
 
@@ -170,7 +166,6 @@ class ProtectDbTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'test',
                 'account' => 'test@test.com',
-                'uri' => 'otpauth://totp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test',
             ]);
 
         $response = $this->actingAs($this->user, 'api')
@@ -179,7 +174,6 @@ class ProtectDbTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'testAlt',
                 'account' => 'testAlt@test.com',
-                'uri' => 'otpauth://totp/testAlt@test.com?secret=A4GRFHVVRBGY7UIW&issuer=testAlt',
             ]);
     }
 
@@ -199,7 +193,7 @@ class ProtectDbTest extends TestCase
             ->json('POST', '/api/settings/options', [
                     'useEncryption' => true,
                 ])
-            ->assertStatus(422);
+            ->assertStatus(400);
 
         // Check ProtectDB option is not active
         $response = $this->actingAs($this->user, 'api')
@@ -234,7 +228,7 @@ class ProtectDbTest extends TestCase
             ->json('POST', '/api/settings/options', [
                     'useEncryption' => false,
                 ])
-            ->assertStatus(422);
+            ->assertStatus(400);
 
         // Check ProtectDB option has been restored
         $response = $this->actingAs($this->user, 'api')
@@ -263,15 +257,13 @@ class ProtectDbTest extends TestCase
         DB::table('twofaccounts')
             ->where('id', 1)
             ->update([
-                'account' => 'IAmYourFather',
-                'uri' => 'YouShallNotPass',
+                'account' => 'YoushallNotPass',
             ]);
 
         $response = $this->actingAs($this->user, 'api')
             ->json('GET', '/api/twofaccounts/1')
             ->assertStatus(200)
             ->assertJsonFragment([
-                'uri' => '*encrypted*',
                 'account' => '*encrypted*',
             ]);
     }

tests/Unit/TwoFAccountTest.php

@@ -48,8 +48,10 @@ class TwoFAccountTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'testTOTP',
                 'account' => 'test@test.com',
-                'uri' => 'otpauth://totp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test',
                 'icon' => 'test.png',
+            ])
+            ->assertJsonMissing([
+                'uri' => 'otpauth://totp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test',
             ]);
     }
 
@@ -85,8 +87,10 @@ class TwoFAccountTest extends TestCase
             ->assertJsonFragment([
                 'service' => 'testCreation',
                 'account' => 'test@example.org',
-                'uri' => 'otpauth://totp/test@test.com?secret=A4GRFHZVRBGY7UIW&issuer=test',
                 'icon' => 'test.png',
+            ])
+            ->assertJsonMissing([
+                'uri' => 'otpauth://totp/test@test.com?secret=A4GRFHVVRBGY7UIW&issuer=test',
             ]);
     }
 
@@ -218,8 +222,10 @@ class TwoFAccountTest extends TestCase
                 'id' => 1,
                 'service' => 'testUpdate',
                 'account' => 'testUpdate@test.com',
-                'uri' => $twofaccount->uri,
                 'icon' => 'testUpdate.png',
+            ])
+            ->assertJsonMissing([
+                'uri' => $twofaccount->uri,
             ]);
     }
 
@@ -242,15 +248,15 @@ class TwoFAccountTest extends TestCase
                     'service' => 'testUpdate.com',
                     'account' => 'testUpdate',
                     'icon' => 'testUpdate.png',
-                    'counter' => '5'
+                    'counter' => 5
                 ])
             ->assertStatus(200)
             ->assertJsonFragment([
                 'id' => 1,
                 'service' => 'testUpdate.com',
                 'account' => 'testUpdate',
-                'uri' => 'otpauth://hotp/service?counter=5&secret=A4GRFHVVRBGY7UIW',
                 'icon' => 'testUpdate.png',
+                'counter' => 5,
             ]);
     }
 
@@ -293,7 +299,6 @@ class TwoFAccountTest extends TestCase
                     'id',
                     'service',
                     'account',
-                    'uri',
                     'icon',
                     'created_at',
                     'updated_at'