5 files changed, 13 insertions, 12 deletions

diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index e6616731..9c6f2335 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -72,14 +72,13 @@ router.post(
 				"id",
 				"disabled",
 				"deleted",
-				"settings",
 				"totp_secret",
 				"mfa_enabled",
 				"webauthn_enabled",
 				"security_keys",
 				"verified",
 			],
-			relations: ["security_keys"],
+			relations: ["security_keys", "settings"],
 		}).catch(() => {
 			throw FieldErrors({
 				login: {
@@ -187,7 +186,7 @@ router.post(
 		// Discord header is just the user id as string, which is not possible with npm-jsonwebtoken package
 		// https://user-images.githubusercontent.com/6506416/81051916-dd8c9900-8ec2-11ea-8794-daf12d6f31f0.png
 
-		res.json({ token, settings: user.settings });
+		res.json({ token, settings: { ...user.settings, index: undefined } });
 	},
 );
 
diff --git a/src/api/routes/auth/mfa/totp.ts b/src/api/routes/auth/mfa/totp.ts
index 65cdd397..6236d209 100644
--- a/src/api/routes/auth/mfa/totp.ts
+++ b/src/api/routes/auth/mfa/totp.ts
@@ -34,7 +34,8 @@ router.post(
 			where: {
 				totp_last_ticket: ticket,
 			},
-			select: ["id", "totp_secret", "settings"],
+			select: ["id", "totp_secret"],
+			relations: ["settings"],
 		});
 
 		const backup = await BackupCode.findOne({
diff --git a/src/api/routes/auth/mfa/webauthn.ts b/src/api/routes/auth/mfa/webauthn.ts
index c4334c4c..a9fa78b2 100644
--- a/src/api/routes/auth/mfa/webauthn.ts
+++ b/src/api/routes/auth/mfa/webauthn.ts
@@ -54,7 +54,8 @@ router.post(
 			where: {
 				totp_last_ticket: ticket,
 			},
-			select: ["id", "settings"],
+			select: ["id"],
+			relations: ["settings"],
 		});
 
 		const ret = await verifyWebAuthnToken(ticket);
diff --git a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
index a33e06ce..85fb251c 100644
--- a/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
+++ b/src/api/routes/users/@me/mfa/webauthn/credentials/index.ts
@@ -89,11 +89,11 @@ router.post(
 				"id",
 				"disabled",
 				"deleted",
-				"settings",
 				"totp_secret",
 				"mfa_enabled",
 				"username",
 			],
+			relations: ["settings"],
 		});
 
 		if (isGenerateSchema(req.body)) {
diff --git a/src/cdn/routes/embed.ts b/src/cdn/routes/embed.ts
index 90ec25a9..d49d69f7 100644
--- a/src/cdn/routes/embed.ts
+++ b/src/cdn/routes/embed.ts
@@ -23,12 +23,12 @@ import { HTTPError } from "lambert-server";
 import { join } from "path";
 
 const defaultAvatarHashMap = new Map([
-	["0", "1f0bfc0865d324c2587920a7d80c609b"],
-	["1", "c09a43a372ba81e3018c3151d4ed4773"],
-	["2", "7c8f476123d28d103efe381543274c25"],
-	["3", "6f26ddd1bf59740c536d2274bb834a05"],
-	["4", "3c6ccb83716d1e4fb91d3082f6b21d77"],
-	["5", "4c1b599b1ef5b9f1874fdb9933f3e03b"],
+	["0", "823a3de61c4dc2415cc4dbc38fca4299"],
+	["1", "e56a89224be0b2b1f7c04eca975be468"],
+	["2", "0c8138dcc0dfe2689cdd73f7952c2475"],
+	["3", "5ac2728593bb455250d11b848a0c36c6"],
+	["4", "addd2f3268df46459e1d6012ad8e75bd"],
+	["5", "c4e0c8300fa491d94acfd2a1fb26cea8"],
 ]);
 
 const defaultGroupDMAvatarHashMap = new Map([