JmsSerializer exclude password field of SonataUser

Question

I would like to exclude several (especially the password) field of my serialized object.

I have an object that has a relation to: Application\Sonata\UserBundle\Entity\User

When I serialze that object it gives me the user like:

id: 1,
username: "bla",
salt: "fvasdfs9h834sgkcwsg808000w08ccwo",
password: "E7Qsfswef9zdwfNvS6TecQraLYlbsefetRy/DPbqXvyknccxisefesefCicl4IxnXgSOnBx29Tgtp9ceUs1hPg=="

How can I remove the password and salt field?

I tried to alter the Config file at: Application/Sonata/UserBundle/Resources/config/serializer/Entity.User.xml but it seems to not use that config, even though I cleared the cache...

Answer 1

My first guess is that your SonataUserBundle extends FOSUserBundle, if you check the Model User of Sonata there is no password field : https://github.com/sonata-project/SonataUserBundle/blob/master/Model/User.php the password field is in the Model user of FOSUserBundle so your xml file is not used.

You have to set the path where your custom properties are defined :

config.yml

jms_serializer:
    metadata:
        directories:
            FOSUserBundle:
                path: "@ApplicationSonataUserBundle/Resources/config/serializer/"
                namespace_prefix: "FOS\\UserBundle"

I'm not used to xml file so here is the yml to stop exposing the password.

Application/Sonata/UserBundle/Resources/config/serializer/Model.user.yml

FOS\UserBundle\Model\User:
    properties:
        password:
            expose: false

Related question / answer : https://stackoverflow.com/a/12961994/3726645