diff --git a/src/server/structures/User.js b/src/server/structures/User.js
index e0b7fd1..5e4e7f6 100644
--- a/src/server/structures/User.js
+++ b/src/server/structures/User.js
@@ -3,6 +3,9 @@ const { ObjectId } = require('mongodb');
 const { Util } = require('../../util');
 const UserApplicataion = require('./UserApplication');
 
+// Fields omitted in safeJson
+const ProtectedFields = [ '_id', '_otpSecret', '_passwordHash' ];
+
 class User {
 
     static defaultPermissions = {
@@ -29,6 +32,7 @@ class User {
         this._db = db;
 
         this.temporary = data.temporary || false;
+        this.disabled = data.disabled || false;
 
         this._id = data._id || null;
         if (this.temporary) this._tempId = `temp-${Date.now()}`;
@@ -69,6 +73,7 @@ class User {
         this._2fa = data.twoFactor || false;
 
         this.cachedTimestamp = Date.now();
+        this.createdTimestamp = data.createdTimestamp || Date.now();
 
     }
 
@@ -171,21 +176,21 @@ class User {
             otpSecret: this._otpSecret,
             twoFactor: this._2fa,
             applications: this._applications,
+            createdTimestamp: this.createdTimestamp,
+            disabled: this.disabled,
         };
     }
 
     get safeJson () {
+        const { json } = this;
+        for (const key of ProtectedFields) delete json[key];
+        
         return {
+            ...json,
             id: this.id,
-            username: this.username,
-            displayName: this.displayName,
-            type: this.type,
-            permissions: this.permissions,
             externalProfiles: Object.values(this.externalProfiles).map(prof => {
-                return { id: prof.id, provider: prof.provider, username: prof.username }; 
+                return { id: prof.id, provider: prof.provider, username: prof.username };
             }),
-            twoFactor: this._2fa,
-            applications: this._applications,
         };
     }