fix(authentication): Include query params when authenticating via authenticate hook

[burn2delete]

Supersedes #2008 fixes #2007

[daffl]

Looks like nothing is breaking and I reviewed the dependent calls and there really appears no reason anymore for not including the query. Thanks for the PR!

[DevBayer]

It seems to me that something is failing in his logic, including the query parameter is breaking my code, I use the authenticate('jwt') hook as a header everywhere and is performing the query to the service by adding in the query a column that obviously does not exist in the users model because the main query is directed on another service that uses another object model.

[jchamb]

@daffl @DevBayer Same thing for me. letting the query param through basically broke every request in my app, as it was trying to attach extra fields into the user query. I downgraded back to 4.5.3 and everything went back to normal

[daffl]

Not sure how i missed that, that's exactly what I was worried about. Fixed in v4.5.6.

[burn2delete]

@daffl Would you like to review #2008 as a possible alternative solution?

[jchamb]

Do most of the adapters support pulling the model attributes like sequelize? It would be pretty easy to apply a whitelist of allowed fields by just pulling the models attributes.

[burn2delete]

@jchamb that would assume the user service is backed by a database adapter, and not for example a proxy to another service, on another server.

[jchamb]

@flyboarder very true. Was just thinking as an easy default whitelist for what is prob the more common/standard installs. I would say that, that would also be an easy config, but if your going to have to config something might as well just make be explicit like your #2008