From 8a899a1701cdbed4ffd84a65a458a5041592c40b Mon Sep 17 00:00:00 2001
From: alex-phillips <ahp118@gmail.com>
Date: Sat, 22 Feb 2020 13:50:44 -0500
Subject: [PATCH] better comment for why we delete totpSecret from the body

---
 routes/users.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/routes/users.js b/routes/users.js
index d456ba2..eaf327b 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -114,7 +114,10 @@ router.put('/', upload.single('avatar'), async (req, res, next) => {
     delete req.body.password
   }
 
-  // ALWAYS DELETE totp, this should only be set by the server
+  /**
+   * This is just a security precaution.
+   * ALWAYS DELETE totp, this should only be set by the server.
+   */
   delete req.body.totpSecret
 
   // Begin process to set up and confirm multi-factor authentication