From ab0a53b6e4fc88800ab80592a23417c79d8a3080 Mon Sep 17 00:00:00 2001
From: David Luecke <daff@neyeon.com>
Date: Tue, 24 Mar 2020 08:23:26 -0700
Subject: [PATCH 1/2] fix(authentication): Fully clear connection information
 on logout

---
 packages/authentication/src/jwt.ts       | 5 ++++-
 packages/authentication/test/jwt.test.ts | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/packages/authentication/src/jwt.ts b/packages/authentication/src/jwt.ts
index 11dc6ca461..6207f59579 100644
--- a/packages/authentication/src/jwt.ts
+++ b/packages/authentication/src/jwt.ts
@@ -55,7 +55,10 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
     } else if (event === 'disconnect' || isValidLogout) {
       debug('Removing authentication information and expiration timer from connection');
 
-      delete connection.authentication;
+      Object.keys(connection).forEach(name => {
+        delete connection[name];
+      });
+      
       lt.clearTimeout(this.expirationTimers.get(connection));
       this.expirationTimers.delete(connection);
     }
diff --git a/packages/authentication/test/jwt.test.ts b/packages/authentication/test/jwt.test.ts
index 327b57facb..41186fabc5 100644
--- a/packages/authentication/test/jwt.test.ts
+++ b/packages/authentication/test/jwt.test.ts
@@ -108,7 +108,7 @@ describe('authentication/jwt', () => {
       });
     });
 
-    it('sends disconnect event when connection token expires and removes authentication', async () => {
+    it('sends disconnect event when connection token expires and removes all connection information', async () => {
       const connection: any = {};
       const token: string = await app.service('authentication').createAccessToken({}, {
         subject: `${user.id}`,
@@ -129,6 +129,8 @@ describe('authentication/jwt', () => {
       assert.strictEqual(disconnection, connection);
 
       assert.ok(!connection.authentication);
+      assert.ok(!connection.user);
+      assert.strictEqual(Object.keys(connection).length, 0);
     });
 
     it('deletes authentication information on remove', async () => {

From 058f35a635e7039b43f436757fa8637925b8f740 Mon Sep 17 00:00:00 2001
From: David Luecke <daff@neyeon.com>
Date: Wed, 25 Mar 2020 14:11:15 -0700
Subject: [PATCH 2/2] Only delete entity and nothing else from the connection

---
 packages/authentication/src/jwt.ts       | 9 +++++----
 packages/authentication/test/jwt.test.ts | 1 +
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/packages/authentication/src/jwt.ts b/packages/authentication/src/jwt.ts
index 6207f59579..f1208d99a4 100644
--- a/packages/authentication/src/jwt.ts
+++ b/packages/authentication/src/jwt.ts
@@ -55,10 +55,11 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
     } else if (event === 'disconnect' || isValidLogout) {
       debug('Removing authentication information and expiration timer from connection');
 
-      Object.keys(connection).forEach(name => {
-        delete connection[name];
-      });
-      
+      const { entity } = this.configuration;
+
+      delete connection[entity];
+      delete connection.authentication;
+
       lt.clearTimeout(this.expirationTimers.get(connection));
       this.expirationTimers.delete(connection);
     }
diff --git a/packages/authentication/test/jwt.test.ts b/packages/authentication/test/jwt.test.ts
index 41186fabc5..932fa0ed74 100644
--- a/packages/authentication/test/jwt.test.ts
+++ b/packages/authentication/test/jwt.test.ts
@@ -149,6 +149,7 @@ describe('authentication/jwt', () => {
       });
 
       assert.ok(!connection.authentication);
+      assert.ok(!connection.user);
     });
 
     it('does not remove if accessToken does not match', async () => {