fix: use fresh user data when refreshing sessions (#36)

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

Author: nicknisi

src/session.spec.ts

@@ -717,6 +717,20 @@ describe('session', () => {
       authenticateWithRefreshToken.mockResolvedValue({
         accessToken: 'new.valid.token',
         refreshToken: 'new.refresh.token',
+        user: {
+          object: 'user',
+          id: 'user-1',
+          email: '[email protected]',
+          emailVerified: true,
+          profilePictureUrl: null,
+          firstName: 'Test',
+          lastName: 'User',
+          lastSignInAt: '2021-01-01T00:00:00Z',
+          createdAt: '2021-01-01T00:00:00Z',
+          updatedAt: '2021-01-01T00:00:00Z',
+          externalId: null,
+        },
+        impersonator: undefined,
       } as AuthenticationResponse);
 
       // Mock JWT decoding

src/session.ts

@@ -45,17 +45,18 @@ export async function refreshSession(request: Request, { organizationId }: { org
   }
 
   try {
-    const { accessToken, refreshToken } = await getWorkOS().userManagement.authenticateWithRefreshToken({
-      clientId: getConfig('clientId'),
-      refreshToken: session.refreshToken,
-      organizationId,
-    });
+    const { accessToken, refreshToken, user, impersonator } =
+      await getWorkOS().userManagement.authenticateWithRefreshToken({
+        clientId: getConfig('clientId'),
+        refreshToken: session.refreshToken,
+        organizationId,
+      });
 
     const newSession = {
       accessToken,
       refreshToken,
-      user: session.user,
-      impersonator: session.impersonator,
+      user,
+      impersonator,
       headers: {} as Record<string, string>,
     };
 
@@ -77,15 +78,15 @@ export async function refreshSession(request: Request, { organizationId }: { org
     } = getClaimsFromAccessToken(accessToken);
 
     return {
-      user: session.user,
+      user,
       sessionId,
       accessToken,
       organizationId: newOrgId,
       role,
       permissions,
       entitlements,
       featureFlags,
-      impersonator: session.impersonator || null,
+      impersonator: impersonator ?? null,
       sealedSession: cookieSession.get('jwt'),
       headers: newSession.headers,
     };
@@ -119,20 +120,21 @@ async function updateSession(request: Request, debug: boolean) {
 
     const { organizationId } = getClaimsFromAccessToken(session.accessToken);
     // If the session is invalid (i.e. the access token has expired) attempt to re-authenticate with the refresh token
-    const { accessToken, refreshToken } = await getWorkOS().userManagement.authenticateWithRefreshToken({
-      clientId: getConfig('clientId'),
-      refreshToken: session.refreshToken,
-      organizationId,
-    });
+    const { accessToken, refreshToken, user, impersonator } =
+      await getWorkOS().userManagement.authenticateWithRefreshToken({
+        clientId: getConfig('clientId'),
+        refreshToken: session.refreshToken,
+        organizationId,
+      });
 
     // istanbul ignore next
     if (debug) console.log(`Refresh successful. New access token ends in ${accessToken.slice(-10)}`);
 
     const newSession = {
       accessToken,
       refreshToken,
-      user: session.user,
-      impersonator: session.impersonator,
+      user,
+      impersonator,
       headers: {},
     };