sequelize.js - Sequelize: don't return password

Question

I'm using Sequelize to do a DB find for a user record, and I want the default behavior of the model to not return the password field for that record. The password field is a hash but I still don't want to return it.

I have several options that will work, but none seems particularly good:

1. Create a custom class method findWithoutPassword for the User model and within that method do a User.find with the attributes set as shown in the Sequelize docs

2. Do a normal User.find and filter the results in the controller (not preferred)

3. Use some other library to strip off unwanted attributes

Is there a better way? Best of all would be if there is a way to specify in the Sequelize model definition to never return the password field, but I haven't found a way to do that.

Answer 1

Another way is to add a default scope to the User model.

Add this in the model's options object

defaultScope: {
  attributes: { exclude: ['password'] },
}

Or you can create a separate scope to use it only in certain queries.

Add this in the model's options object

scopes: {
  withoutPassword: {
    attributes: { exclude: ['password'] },
  }
}

Then you can use it in queries

User.scope('withoutPassword').findAll();