salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
IGNY8 VPS (Salman)
2025-12-08 07:11:06 +00:00
parent 7483de6aba
commit d144f5d19a
13 changed files with 2209 additions and 842 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/igny8_core/api/authentication.py
View File

@@ -109,9 +109,11 @@ class APIKeyAuthentication(BaseAuthentication):
try:
from igny8_core.auth.models import Site, User
from igny8_core.auth.utils import validate_account_and_plan
from rest_framework.exceptions import AuthenticationFailed
# Find site by API key
site = Site.objects.select_related('account', 'account__owner').filter(
site = Site.objects.select_related('account', 'account__owner', 'account__plan').filter(
wp_api_key=api_key,
is_active=True
).first()
@@ -119,8 +121,17 @@ class APIKeyAuthentication(BaseAuthentication):
if not site:
return None # API key not found or site inactive
# Get account and user (prefer owner but gracefully fall back)
# Get account and validate it
account = site.account
if not account:
raise AuthenticationFailed('No account associated with this API key.')
# CRITICAL FIX: Validate account and plan status
is_valid, error_message, http_status = validate_account_and_plan(account)
if not is_valid:
raise AuthenticationFailed(error_message)
# Get user (prefer owner but gracefully fall back)
user = account.owner
if not user or not getattr(user, 'is_active', False):
# Fall back to any active developer/owner/admin in the account