Revert to main branch account handling logic
- Restored fallback to user.account when token account_id is missing/invalid - Restored validation that user.account matches token account_id - If user's account changed, use user.account (the correct one) - Matches main branch behavior which has correct config - Fixes wrong user/account showing issue
This commit is contained in:
IGNY8 VPS (Salman)
@@ -55,25 +55,28 @@ class JWTAuthentication(BaseAuthentication):
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# Refresh user from DB with account and plan relationships to get latest data
|
user = User.objects.get(id=user_id)
|
||||||
# This ensures changes to account/plan are reflected immediately without re-login
|
|
||||||
user = User.objects.select_related('account', 'account__plan').get(id=user_id)
|
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
# User not found - return None to allow other auth classes to try
|
# User not found - return None to allow other auth classes to try
|
||||||
return None
|
return None
|
||||||
|
|
||||||
# Get account from token (token's account_id is authoritative per unified API model)
|
# Get account from token
|
||||||
# Unified API Standard: Token contains account_id, middleware extracts and sets request.account
|
|
||||||
account_id = payload.get('account_id')
|
account_id = payload.get('account_id')
|
||||||
account = None
|
account = None
|
||||||
if account_id:
|
if account_id:
|
||||||
try:
|
try:
|
||||||
account = Account.objects.get(id=account_id)
|
account = Account.objects.get(id=account_id)
|
||||||
except Account.DoesNotExist:
|
except Account.DoesNotExist:
|
||||||
# Account from token doesn't exist - set to None
|
pass
|
||||||
|
|
||||||
|
if not account:
|
||||||
|
try:
|
||||||
|
account = getattr(user, 'account', None)
|
||||||
|
except (AttributeError, Exception):
|
||||||
|
# If account access fails, set to None
|
||||||
account = None
|
account = None
|
||||||
|
|
||||||
# Set account on request (unified API model: token's account_id is authoritative)
|
# Set account on request
|
||||||
request.account = account
|
request.account = account
|
||||||
|
|
||||||
return (user, token)
|
return (user, token)
|
||||||
|
|||||||
@@ -99,14 +99,13 @@ class AccountContextMiddleware(MiddlewareMixin):
|
|||||||
user = User.objects.select_related('account', 'account__plan').get(id=user_id)
|
user = User.objects.select_related('account', 'account__plan').get(id=user_id)
|
||||||
request.user = user
|
request.user = user
|
||||||
if account_id:
|
if account_id:
|
||||||
# Unified API Standard: Extract account_id from JWT, load Account object, set request.account
|
# Verify account still exists and matches user
|
||||||
# Token's account_id is authoritative - no validation against user.account
|
account = Account.objects.get(id=account_id)
|
||||||
try:
|
# If user's account changed, use the new one from user object
|
||||||
account = Account.objects.get(id=account_id)
|
if user.account and user.account.id != account_id:
|
||||||
|
request.account = user.account
|
||||||
|
else:
|
||||||
request.account = account
|
request.account = account
|
||||||
except Account.DoesNotExist:
|
|
||||||
# Account from token doesn't exist - set to None
|
|
||||||
request.account = None
|
|
||||||
else:
|
else:
|
||||||
try:
|
try:
|
||||||
user_account = getattr(user, 'account', None)
|
user_account = getattr(user, 'account', None)
|
||||||
|
|||||||
Reference in New Issue
Block a user