From a3ecd7324afbc60cda4aee6bd320b8d94ef53c72 Mon Sep 17 00:00:00 2001
From: Jacob Fletcher <jacobsfletch@gmail.com>
Date: Tue, 17 Nov 2020 16:41:15 -0500
Subject: [PATCH] - removes duplicative user lookup in login operation -
 enables depth and access control in login operation

---
 src/auth/operations/login.js | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/src/auth/operations/login.js b/src/auth/operations/login.js
index 00bf9893bf..42ad6eec3e 100644
--- a/src/auth/operations/login.js
+++ b/src/auth/operations/login.js
@@ -2,6 +2,7 @@ const jwt = require('jsonwebtoken');
 const { AuthenticationError, LockedAuth } = require('../../errors');
 const getCookieExpiration = require('../../utilities/getCookieExpiration');
 const isLocked = require('../isLocked');
+const removeInternalFields = require('../../utilities/removeInternalFields');
 
 async function login(incomingArgs) {
   const { config, operations } = this;
@@ -72,21 +73,9 @@ async function login(incomingArgs) {
     });
   }
 
-  const userQuery = await operations.collections.find({
-    where: {
-      email: {
-        equals: email,
-      },
-    },
-    collection: {
-      Model,
-      config: collectionConfig,
-    },
-    req,
-    overrideAccess: true,
-  });
-
-  let user = userQuery.docs[0];
+  let user = userDoc.toJSON({ virtuals: true });
+  user = removeInternalFields(user);
+  user = JSON.parse(JSON.stringify(user));
 
   const fieldsToSign = collectionConfig.fields.reduce((signedFields, field) => {
     const result = {
@@ -134,6 +123,8 @@ async function login(incomingArgs) {
     args.res.cookie(`${config.cookiePrefix}-token`, token, cookieOptions);
   }
 
+  req.user = user;
+
   // /////////////////////////////////////
   // afterLogin - Collection
   // /////////////////////////////////////