fix: Bypass RLS for login

Bulletdev · Bulletdev · commit 368b8ac39a78 · 2026-02-11T08:45:11.000-03:00
The authenticate_user! method in AuthController also needs to bypass
RLS when finding users by email during login, since we don't have RLS  context yet at that point.
diff --git a/app/modules/authentication/controllers/auth_controller.rb b/app/modules/authentication/controllers/auth_controller.rb
@@ -340,7 +340,8 @@ def authenticate_user!
 
         return nil if email.blank? || password.blank?
 
-        user = User.find_by(email: email)
+        # Bypass RLS for login - we don't have RLS context yet during authentication
+        user = User.unscoped.find_by(email: email)
         user&.authenticate(password) ? user : nil
       end
 
