Fix authentication: Ensure correct user/account is loaded
- JWTAuthentication now uses select_related('account', 'account__plan') to get fresh user data
- Added check to use user's current account if it differs from token's account_id
- This ensures correct user/account is shown even if account changed after token was issued
- Fixes bug where wrong user was displayed after login
This commit is contained in:
IGNY8 VPS (Salman)
@@ -55,7 +55,9 @@ class JWTAuthentication(BaseAuthentication):
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
user = User.objects.get(id=user_id)
|
# Refresh user from DB with account and plan relationships to get latest data
|
||||||
|
# This ensures changes to account/plan are reflected immediately without re-login
|
||||||
|
user = User.objects.select_related('account', 'account__plan').get(id=user_id)
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
# User not found - return None to allow other auth classes to try
|
# User not found - return None to allow other auth classes to try
|
||||||
return None
|
return None
|
||||||
@@ -66,7 +68,12 @@ class JWTAuthentication(BaseAuthentication):
|
|||||||
if account_id:
|
if account_id:
|
||||||
try:
|
try:
|
||||||
account = Account.objects.get(id=account_id)
|
account = Account.objects.get(id=account_id)
|
||||||
|
# If user's account changed, use the new one from user object (most up-to-date)
|
||||||
|
# This ensures we always use the user's current account, not a stale token account_id
|
||||||
|
if user.account and user.account.id != account_id:
|
||||||
|
account = user.account
|
||||||
except Account.DoesNotExist:
|
except Account.DoesNotExist:
|
||||||
|
# Account from token doesn't exist - use user's account instead
|
||||||
pass
|
pass
|
||||||
|
|
||||||
if not account:
|
if not account:
|
||||||
|
|||||||
Reference in New Issue
Block a user