Revert to main branch account handling logic

- Restored fallback to user.account when token account_id is missing/invalid - Restored validation that user.account matches token account_id - If user's account changed, use user.account (the correct one) - Matches main branch behavior which has correct config - Fixes wrong user/account showing issue
2025-11-16 19:44:18 +00:00
parent 066b81dd2a
commit 219dae83c6
2 changed files with 16 additions and 14 deletions
--- a/backend/igny8_core/api/authentication.py
+++ b/backend/igny8_core/api/authentication.py
@@ -55,25 +55,28 @@ class JWTAuthentication(BaseAuthentication):
                return None
            
            try:
-                # Refresh user from DB with account and plan relationships to get latest data
-                # This ensures changes to account/plan are reflected immediately without re-login
-                user = User.objects.select_related('account', 'account__plan').get(id=user_id)
+                user = User.objects.get(id=user_id)
            except User.DoesNotExist:
                # User not found - return None to allow other auth classes to try
                return None
            
-            # Get account from token (token's account_id is authoritative per unified API model)
-            # Unified API Standard: Token contains account_id, middleware extracts and sets request.account
+            # Get account from token
            account_id = payload.get('account_id')
            account = None
            if account_id:
                try:
                    account = Account.objects.get(id=account_id)
                except Account.DoesNotExist:
-                    # Account from token doesn't exist - set to None
+                    pass
+            
+            if not account:
+                try:
+                    account = getattr(user, 'account', None)
+                except (AttributeError, Exception):
+                    # If account access fails, set to None
                    account = None
            
-            # Set account on request (unified API model: token's account_id is authoritative)
+            # Set account on request
            request.account = account
            
            return (user, token)
--- a/backend/igny8_core/auth/middleware.py
+++ b/backend/igny8_core/auth/middleware.py
@@ -99,14 +99,13 @@ class AccountContextMiddleware(MiddlewareMixin):
                    user = User.objects.select_related('account', 'account__plan').get(id=user_id)
                    request.user = user
                    if account_id:
-                        # Unified API Standard: Extract account_id from JWT, load Account object, set request.account
-                        # Token's account_id is authoritative - no validation against user.account
-                        try:
-                            account = Account.objects.get(id=account_id)
+                        # Verify account still exists and matches user
+                        account = Account.objects.get(id=account_id)
+                        # If user's account changed, use the new one from user object
+                        if user.account and user.account.id != account_id:
+                            request.account = user.account
+                        else:
                            request.account = account
-                        except Account.DoesNotExist:
-                            # Account from token doesn't exist - set to None
-                            request.account = None
                    else:
                        try:
                            user_account = getattr(user, 'account', None)