fix(api): stop logging full user (incl. password hash) on update

[Kingvic300]

Summary

Removes a debug println!("Updating user: {:?}", user) in UserRepository::update that printed the entire User struct — including email and the bcrypt password_hash — to stdout on every email change, password change, password reset, and network switch.

Why

• Credentials (bcrypt hashes) and PII were written to container/stdout logs, which are frequently shipped to third-party aggregators.
• It also bypassed the tracing setup used everywhere else.

Changes

• Delete the stray println! in user_repository.rs.

Testing

• cargo check --workspace passes.

Closes #37

Summary by CodeRabbit

Release Notes

• Chores
  • Removed debug output from internal code to improve production quality.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
txio	Ready	Preview, Comment	Jun 7, 2026 11:36am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 85ba6697-cba2-43e9-b176-477a941bbe0f

📥 Commits

Reviewing files that changed from the base of the PR and between 74b9e4b and c46e76a.

📒 Files selected for processing (1)

• backend/api/src/repositories/user_repository.rs

💤 Files with no reviewable changes (1)

• backend/api/src/repositories/user_repository.rs

---

📝 Walkthrough

Walkthrough

A debug println! statement that emitted the entire User struct—including password hashes and emails—to stdout during every user update operation has been removed from UserRepository::update. The rest of the update logic remains intact.

Changes

Debug Print Removal

Layer / File(s)	Summary
Remove debug println! from user update backend/api/src/repositories/user_repository.rs	The debug println! statement at lines 66–67 that logged the entire User struct to stdout is removed. The rest of the update method (user id extraction, database replace_one, and return) is unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A careless println! once did leak,
Passwords and emails—secrets meek—
But swift the cleanup came to pass,
No more data poured like grass!
Logs now safe, and tracers guide,
With proper logging by my side. 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removing a debug println that logs sensitive user data including password hash during user updates.
Linked Issues check	✅ Passed	The code change directly addresses issue #37's primary requirement by removing the println! statement that leaked password_hash and email to stdout logs.
Out of Scope Changes check	✅ Passed	The change is narrowly scoped to removing only the problematic println! statement. No other modifications are made, staying aligned with the linked issue's core requirement.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/37-remove-user-debug-log

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}