Fix ActionCable find_account to use request path

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: dadachi

app/channels/application_cable/connection.rb

@@ -13,12 +13,13 @@ def find_shopkeeper
       env["warden"]&.user(:shopkeeper)
     end
 
-    # Display pages are public — anonymous connections are allowed.
-    # Shopkeeper auth is header-based (devise_token_auth), so most
-    # WebSocket connections will be anonymous. If an authenticated-only
-    # channel is added in the future, reject in that channel's #subscribed.
+    # Extract the account UUID from the WebSocket upgrade request path,
+    # matching how AccountMiddleware sets the current account for HTTP
+    # requests. Display page URLs (display/shops/...) don't include an
+    # account UUID, so this returns nil for public connections.
     def find_account
-      current_shopkeeper&.accounts&.order(created_at: :asc)&.first
+      _, account_id, = request.path.split("/", 3)
+      Account.find_by(id: account_id) if AccountMiddleware::UUID_MATCHER.match?(account_id)
     end
   end
 end

test/channels/application_cable/connection_test.rb

@@ -14,10 +14,22 @@ class ApplicationCable::ConnectionTest < ActionCable::Connection::TestCase
     warden = Minitest::Mock.new
     warden.expect(:user, shopkeeper, [:shopkeeper])
 
-    connect env: {"warden" => warden}
+    connect "/#{account.id}/cable", env: {"warden" => warden}
 
     assert_equal shopkeeper, connection.current_shopkeeper
     assert_equal account, connection.current_account
     warden.verify
   end
+
+  test "connection without account UUID in path has nil account" do
+    shopkeeper = shopkeepers(:one)
+    warden = Minitest::Mock.new
+    warden.expect(:user, shopkeeper, [:shopkeeper])
+
+    connect "/cable", env: {"warden" => warden}
+
+    assert_equal shopkeeper, connection.current_shopkeeper
+    assert_nil connection.current_account
+    warden.verify
+  end
 end