Skip to content

Commit 6a9e36e

Browse files
return Forbidden for organization missmatch (#1193)
* return Forbidden for organization missmatch * check updates to incorporate with api calls without org
1 parent d09060d commit 6a9e36e

1 file changed

Lines changed: 6 additions & 4 deletions

File tree

backend/account_v2/custom_auth_middleware.py

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,11 +38,13 @@ def __call__(self, request: HttpRequest) -> HttpResponse:
3838
is_authenticated = auth_service.is_authenticated(request)
3939

4040
if is_authenticated:
41+
organization_id = UserSessionUtils.get_organization_id(request=request)
42+
if request.organization_id and not organization_id:
43+
return JsonResponse(
44+
{"message": "Organization access denied"}, status=403
45+
)
4146
StateStore.set(Common.LOG_EVENTS_ID, request.session.session_key)
42-
StateStore.set(
43-
Account.ORGANIZATION_ID,
44-
UserSessionUtils.get_organization_id(request=request),
45-
)
47+
StateStore.set(Account.ORGANIZATION_ID, organization_id)
4648
response = self.get_response(request)
4749
StateStore.clear(Account.ORGANIZATION_ID)
4850
StateStore.clear(Common.LOG_EVENTS_ID)

0 commit comments

Comments
 (0)