auth: sanitize user for subsequent external logins

fixes #706

packages/chaire-lib-backend/src/config/auth/index.ts

@@ -29,7 +29,7 @@ export default <U extends IUserModel>(authModel: IAuthModel<U>): PassportStatic
                         .then(async (user) => {
                             if (user !== undefined) {
                                 // TODO Should sanitize user, but see if other fields need to be included
-                                done(null, { ...user });
+                                done(null, user.sanitize());
                             } else {
                                 const newUser = await authModel.createAndSave({ googleId: profile.id, isTest: false });
                                 done(null, newUser !== null ? newUser.sanitize() : false);
@@ -58,7 +58,7 @@ export default <U extends IUserModel>(authModel: IAuthModel<U>): PassportStatic
                         .then(async (user) => {
                             if (user !== undefined) {
                                 // TODO Should sanitize user, but see if other fields need to be included
-                                done(null, { ...user });
+                                done(null, user.sanitize());
                             } else {
                                 const newUser = await authModel.createAndSave({
                                     facebookId: profile.id,