From 770d1778738afe1a0b1c9b1f7b3608708b07677c Mon Sep 17 00:00:00 2001
From: jameskopacz <jameskopacz@users.noreply.github.com>
Date: Tue, 17 Mar 2015 21:11:14 -0500
Subject: [PATCH] fullUser fixes

Set to null if user isn't logged in.

```delete fullUser.password;``` wasn't deleting the password so setting it to null instead.
---
 app.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app.js b/app.js
index 17e856a2817..5a48a6849f9 100644
--- a/app.js
+++ b/app.js
@@ -198,8 +198,8 @@ app.use(helmet.contentSecurityPolicy({
 
 app.use(function (req, res, next) {
     // Make user object available in templates.
-    fullUser = req.user;
-    delete fullUser.password;
+    fullUser = req.user ? req.user : null;
+    if (fullUser) fullUser.password = null;
     res.locals.user = fullUser;
     next();
 });