From 265849eaa96fa3d7a157dea582dbc93bb159d9b1 Mon Sep 17 00:00:00 2001
From: "Juan Picado @jotadeveloper" <juanpicado19@gmail.com>
Date: Sat, 30 Mar 2019 09:42:46 +0100
Subject: [PATCH] fix: potential issue on sign new jwt tokens

If the user was already loged, we were unwraping the token and signing a new token, passing through previous payload props to new token, this might causes https://github.com/auth0/node-jsonwebtoken/issues/326#issuecomment-288124020
This commit ensure the new token will be based on sign options defined on config file.
---
 src/lib/auth.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/lib/auth.js b/src/lib/auth.js
index 9bf67c7d5..9cf5bf31d 100644
--- a/src/lib/auth.js
+++ b/src/lib/auth.js
@@ -411,10 +411,13 @@ class Auth implements IAuth {
   }
 
   async jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): string {
-    const { real_groups } = user;
+    const { real_groups, name, groups } = user;
+    const realGroupsValidated = _.isNil(real_groups) ? [] : real_groups;
+    const groupedGroups = _.isNil(groups) ? real_groups : groups.concat(realGroupsValidated);
     const payload: RemoteUser = {
-      ...user,
-      group: real_groups && real_groups.length ? real_groups : undefined,
+      real_groups: realGroupsValidated,
+      name,
+      groups: groupedGroups,
     };
 
     const token: string = await signPayload(payload, this.secret, signOptions);