fix(auth): always seed the active account into the switch list

Sessions created before multi-session existed had no account_ids, so adding a second
account left the first one (e.g. the long-lived session) absent from the switcher.
current_user now ensures the active user_id is always present in account_ids, so the
switch list is never missing the account you're using.
This commit is contained in:
npeter83 2026-06-16 02:12:59 +02:00
parent 6fd46a8541
commit 8c77af42ff

View file

@ -232,6 +232,12 @@ def current_user(request: Request, db: Session = Depends(get_db)) -> User:
if user is None:
request.session.clear()
raise HTTPException(status_code=401, detail="Not authenticated")
# Always keep the active account in the switchable list — covers sessions created before
# multi-session existed (their account_ids was never seeded), so the switcher isn't empty.
accounts = request.session.get("account_ids") or []
if user_id not in accounts:
accounts.append(user_id)
request.session["account_ids"] = accounts[-MAX_SESSION_ACCOUNTS:]
return user