Strip passwords from stored uiaa entries

Passwords should never be stored in db

src/database/uiaa.rs

@@ -153,10 +153,21 @@ impl Uiaa {
         userdevicesessionid.push(0xff);
         userdevicesessionid.extend_from_slice(session.as_bytes());
 
+        if request.is_object() {
+            if let Some(object) = request.clone().as_object_mut() {
+                object.remove("password");
+
+                self.userdevicesessionid_uiaarequest.insert(
+                    &userdevicesessionid,
+                    &serde_json::to_vec(object).expect("json value to vec always works"),
+                )?;
+            }
+        } else {
             self.userdevicesessionid_uiaarequest.insert(
                 &userdevicesessionid,
                 &serde_json::to_vec(request).expect("json value to vec always works"),
             )?;
+        }
 
         Ok(())
     }