diff --git a/backend/igny8_core/auth/middleware.py b/backend/igny8_core/auth/middleware.py index 1bcdd16f..1e6bb292 100644 --- a/backend/igny8_core/auth/middleware.py +++ b/backend/igny8_core/auth/middleware.py @@ -76,7 +76,6 @@ class AccountContextMiddleware(MiddlewareMixin): if not JWT_AVAILABLE: # JWT library not installed yet - skip for now request.account = None - request.user = None return None # Decode JWT token with signature verification @@ -94,10 +93,9 @@ class AccountContextMiddleware(MiddlewareMixin): if user_id: from .models import User, Account try: - # Refresh user from DB with account and plan relationships to get latest data - # This ensures changes to account/plan are reflected immediately without re-login + # Get user from DB (but don't set request.user - let DRF authentication handle that) + # Only set request.account for account context user = User.objects.select_related('account', 'account__plan').get(id=user_id) - request.user = user if account_id: # Verify account still exists and matches user account = Account.objects.get(id=account_id) @@ -118,18 +116,14 @@ class AccountContextMiddleware(MiddlewareMixin): request.account = None except (User.DoesNotExist, Account.DoesNotExist): request.account = None - request.user = None else: request.account = None - request.user = None except jwt.InvalidTokenError: request.account = None - request.user = None except Exception: # Fail silently for now - allow unauthenticated access request.account = None - request.user = None return None