Fix authentication: Ensure correct user/account is loaded
- JWTAuthentication now uses select_related('account', 'account__plan') to get fresh user data
- Added check to use user's current account if it differs from token's account_id
- This ensures correct user/account is shown even if account changed after token was issued
- Fixes bug where wrong user was displayed after login
This commit is contained in:
IGNY8 VPS (Salman)
@@ -55,7 +55,9 @@ class JWTAuthentication(BaseAuthentication):
|
||||
return None
|
||||
|
||||
try:
|
||||
user = User.objects.get(id=user_id)
|
||||
# Refresh user from DB with account and plan relationships to get latest data
|
||||
# This ensures changes to account/plan are reflected immediately without re-login
|
||||
user = User.objects.select_related('account', 'account__plan').get(id=user_id)
|
||||
except User.DoesNotExist:
|
||||
# User not found - return None to allow other auth classes to try
|
||||
return None
|
||||
@@ -66,7 +68,12 @@ class JWTAuthentication(BaseAuthentication):
|
||||
if account_id:
|
||||
try:
|
||||
account = Account.objects.get(id=account_id)
|
||||
# If user's account changed, use the new one from user object (most up-to-date)
|
||||
# This ensures we always use the user's current account, not a stale token account_id
|
||||
if user.account and user.account.id != account_id:
|
||||
account = user.account
|
||||
except Account.DoesNotExist:
|
||||
# Account from token doesn't exist - use user's account instead
|
||||
pass
|
||||
|
||||
if not account:
|
||||
|
||||
Reference in New Issue
Block a user