From a267fc071522525ccc79c53992a87d367c998a53 Mon Sep 17 00:00:00 2001 From: "IGNY8 VPS (Salman)" Date: Sun, 16 Nov 2025 19:28:37 +0000 Subject: [PATCH] Fix authentication: Ensure correct user/account is loaded - JWTAuthentication now uses select_related('account', 'account__plan') to get fresh user data - Added check to use user's current account if it differs from token's account_id - This ensures correct user/account is shown even if account changed after token was issued - Fixes bug where wrong user was displayed after login --- backend/igny8_core/api/authentication.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/backend/igny8_core/api/authentication.py b/backend/igny8_core/api/authentication.py index f20ec8a5..e3930a88 100644 --- a/backend/igny8_core/api/authentication.py +++ b/backend/igny8_core/api/authentication.py @@ -55,7 +55,9 @@ class JWTAuthentication(BaseAuthentication): return None try: - user = User.objects.get(id=user_id) + # Refresh user from DB with account and plan relationships to get latest data + # This ensures changes to account/plan are reflected immediately without re-login + user = User.objects.select_related('account', 'account__plan').get(id=user_id) except User.DoesNotExist: # User not found - return None to allow other auth classes to try return None @@ -66,7 +68,12 @@ class JWTAuthentication(BaseAuthentication): if account_id: try: account = Account.objects.get(id=account_id) + # If user's account changed, use the new one from user object (most up-to-date) + # This ensures we always use the user's current account, not a stale token account_id + if user.account and user.account.id != account_id: + account = user.account except Account.DoesNotExist: + # Account from token doesn't exist - use user's account instead pass if not account: