From 2624ad5f7e50332eb9212877d0eefcdcb2fa399b Mon Sep 17 00:00:00 2001
From: Elliot DeNolf <denolfe@gmail.com>
Date: Tue, 17 Nov 2020 11:24:33 -0500
Subject: [PATCH] fix: properly concat verification and locking fields

---
 src/collections/sanitize.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/collections/sanitize.js b/src/collections/sanitize.js
index bf7112749b..9a97b34063 100644
--- a/src/collections/sanitize.js
+++ b/src/collections/sanitize.js
@@ -245,14 +245,14 @@ const sanitizeCollection = (collections, collection) => {
     }
 
     if (collection.auth.verify) {
-      authFields.concat(baseVerificationFields);
+      authFields = authFields.concat(baseVerificationFields);
     }
 
     sanitized.auth.maxLoginAttempts = typeof sanitized.auth.maxLoginAttempts === 'undefined' ? 5 : sanitized.auth.maxLoginAttempts;
     sanitized.auth.lockTime = sanitized.auth.lockTime || 600000; // 10 minutes
 
     if (sanitized.auth.maxLoginAttempts > 0) {
-      authFields.concat(baseAccountLockFields);
+      authFields = authFields.concat(baseAccountLockFields);
 
       if (!sanitized.access.unlock) sanitized.access.unlock = ({ req: { user } }) => Boolean(user);
     }