From b0627530d61babe15dd84369d3093ccae4b780ca Mon Sep 17 00:00:00 2001
From: David Luecke <daff@neyeon.com>
Date: Sat, 28 Mar 2020 09:11:43 -0700
Subject: [PATCH] fix(authentication): Remove entity from connection
 information on logout (#1889)

---
 packages/authentication/src/jwt.ts       | 4 ++++
 packages/authentication/test/jwt.test.ts | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/authentication/src/jwt.ts b/packages/authentication/src/jwt.ts
index 11dc6ca461..f1208d99a4 100644
--- a/packages/authentication/src/jwt.ts
+++ b/packages/authentication/src/jwt.ts
@@ -55,7 +55,11 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
     } else if (event === 'disconnect' || isValidLogout) {
       debug('Removing authentication information and expiration timer from connection');
 
+      const { entity } = this.configuration;
+
+      delete connection[entity];
       delete connection.authentication;
+
       lt.clearTimeout(this.expirationTimers.get(connection));
       this.expirationTimers.delete(connection);
     }
diff --git a/packages/authentication/test/jwt.test.ts b/packages/authentication/test/jwt.test.ts
index 327b57facb..932fa0ed74 100644
--- a/packages/authentication/test/jwt.test.ts
+++ b/packages/authentication/test/jwt.test.ts
@@ -108,7 +108,7 @@ describe('authentication/jwt', () => {
       });
     });
 
-    it('sends disconnect event when connection token expires and removes authentication', async () => {
+    it('sends disconnect event when connection token expires and removes all connection information', async () => {
       const connection: any = {};
       const token: string = await app.service('authentication').createAccessToken({}, {
         subject: `${user.id}`,
@@ -129,6 +129,8 @@ describe('authentication/jwt', () => {
       assert.strictEqual(disconnection, connection);
 
       assert.ok(!connection.authentication);
+      assert.ok(!connection.user);
+      assert.strictEqual(Object.keys(connection).length, 0);
     });
 
     it('deletes authentication information on remove', async () => {
@@ -147,6 +149,7 @@ describe('authentication/jwt', () => {
       });
 
       assert.ok(!connection.authentication);
+      assert.ok(!connection.user);
     });
 
     it('does not remove if accessToken does not match', async () => {