From eba872966dc7482cc00cad1318abe0815350ef66 Mon Sep 17 00:00:00 2001
From: Chris Morison <cmorison@gmail.com>
Date: Sat, 14 Dec 2019 05:56:02 +1200
Subject: [PATCH] accounts-base: limit finds to required fields #10469
 (non-breaking, no new api)

---
 packages/accounts-base/accounts_server.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/packages/accounts-base/accounts_server.js b/packages/accounts-base/accounts_server.js
index fc2a89dd2f..00e5bac206 100644
--- a/packages/accounts-base/accounts_server.js
+++ b/packages/accounts-base/accounts_server.js
@@ -1150,9 +1150,9 @@ export class AccountsServer extends AccountsCommon {
     Meteor.startup(() => {
       this.users.find({
         "services.resume.haveLoginTokensToDelete": true
-      }, {
+      }, {fields: {
         "services.resume.loginTokensToDelete": 1
-      }).forEach(user => {
+      }}).forEach(user => {
         this._deleteSavedTokensForUser(
           user._id,
           user.services.resume.loginTokensToDelete
@@ -1322,7 +1322,8 @@ const defaultResumeLoginHandler = (accounts, options) => {
   // sending the unhashed token to the database in a query if we don't
   // need to.
   let user = accounts.users.findOne(
-    {"services.resume.loginTokens.hashedToken": hashedToken});
+    {"services.resume.loginTokens.hashedToken": hashedToken},
+    {fields: {"services.resume.loginTokens": 1}});
 
   if (! user) {
     // If we didn't find the hashed login token, try also looking for
@@ -1335,7 +1336,8 @@ const defaultResumeLoginHandler = (accounts, options) => {
         {"services.resume.loginTokens.hashedToken": hashedToken},
         {"services.resume.loginTokens.token": options.resume}
       ]
-    });
+    },
+    {fields: {"services.resume.loginTokens": 1}});
   }
 
   if (! user)