From a441da85f1ab6e47990f2efd77b935858f7deed6 Mon Sep 17 00:00:00 2001
From: Daniel Holmgren <dtholmgren@gmail.com>
Date: Mon, 18 Sep 2023 13:57:11 -0500
Subject: [PATCH] Filter preferences for app passwords (#1626)

filter preferences for app passwords
---
 packages/pds/src/api/app/bsky/actor/getPreferences.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/pds/src/api/app/bsky/actor/getPreferences.ts b/packages/pds/src/api/app/bsky/actor/getPreferences.ts
index 782ef34869a..1bca50f0bd1 100644
--- a/packages/pds/src/api/app/bsky/actor/getPreferences.ts
+++ b/packages/pds/src/api/app/bsky/actor/getPreferences.ts
@@ -1,5 +1,6 @@
 import { Server } from '../../../../lexicon'
 import AppContext from '../../../../context'
+import { AuthScope } from '../../../../auth'
 
 export default function (server: Server, ctx: AppContext) {
   server.app.bsky.actor.getPreferences({
@@ -7,9 +8,15 @@ export default function (server: Server, ctx: AppContext) {
     handler: async ({ auth }) => {
       const requester = auth.credentials.did
       const { services, db } = ctx
-      const preferences = await services
+      let preferences = await services
         .account(db)
         .getPreferences(requester, 'app.bsky')
+      if (auth.credentials.scope !== AuthScope.Access) {
+        // filter out personal details for app passwords
+        preferences = preferences.filter(
+          (pref) => pref.$type !== 'app.bsky.actor.defs#personalDetailsPref',
+        )
+      }
       return {
         encoding: 'application/json',
         body: { preferences },