Add password hash exclusion from GDPR data export response

[RUKAYAT-CODER]

Overview

src/modules/gdpr/gdpr.service.ts exportUserData() builds the export from the user entity. If the serialization does not explicitly exclude password (bcrypt hash), refreshToken, and passwordHistory, these fields are returned in the GDPR Subject Access Request response and could be used for offline hash-cracking attacks.

Specifications

Features:

• GDPR export must explicitly exclude all credential-related fields.

Tasks:

• Create a GdprExportDto with @Exclude() on password, refreshToken, passwordHistory, totpSecret, and token columns.
• Map the user entity to this DTO before returning the export.
• Add a unit test asserting these fields are absent from the export response.

Impacted Files:

• src/modules/gdpr/gdpr.service.ts
• New src/modules/gdpr/dto/gdpr-export.dto.ts

Acceptance Criteria

• GDPR export response does not include password, refreshToken, or passwordHistory.
• All other PII fields (name, email, enrollments) are present.
• Unit test verifies field exclusion.

[Vibeofkd]

@Vibeofkd has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi I’d love to work in this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Vibeofkd to this issue.

[jethrojohn739-max]

@jethrojohn739-max has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

i would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @jethrojohn739-max to this issue.

[Menjay7]

@Menjay7 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi! I’m a full-stack developer with a strong blockchain background. I’d love to handle this issue and can deliver a clean, reliable solution. Kindly assign it to me.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Menjay7 to this issue.

[sublime247]

@sublime247 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would love to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @sublime247 to this issue.

[Divineifed1]

@Divineifed1 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

dear maintainer, i'd like to tackle this issue by Adding password hash exclusion from GDPR data export response

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Divineifed1 to this issue.

[drips-wave]

Congratulations, @sublime247! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @sublime247: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊