Revert to main branch account handling logic

- Restored fallback to user.account when token account_id is missing/invalid - Restored validation that user.account matches token account_id - If user's account changed, use user.account (the correct one) - Matches main branch behavior which has correct config - Fixes wrong user/account showing issue
2025-11-16 19:44:18 +00:00
parent 066b81dd2a
commit 219dae83c6
2 changed files with 16 additions and 14 deletions
--- a/backend/igny8_core/auth/middleware.py
+++ b/backend/igny8_core/auth/middleware.py
@@ -99,14 +99,13 @@ class AccountContextMiddleware(MiddlewareMixin):
                    user = User.objects.select_related('account', 'account__plan').get(id=user_id)
                    request.user = user
                    if account_id:
-                        # Unified API Standard: Extract account_id from JWT, load Account object, set request.account
-                        # Token's account_id is authoritative - no validation against user.account
-                        try:
-                            account = Account.objects.get(id=account_id)
+                        # Verify account still exists and matches user
+                        account = Account.objects.get(id=account_id)
+                        # If user's account changed, use the new one from user object
+                        if user.account and user.account.id != account_id:
+                            request.account = user.account
+                        else:
                            request.account = account
-                        except Account.DoesNotExist:
-                            # Account from token doesn't exist - set to None
-                            request.account = None
                    else:
                        try:
                            user_account = getattr(user, 'account', None)