zerobyte/app
Nico 2f253d4999 fix: move active session to an existing org, when deleting (#612)
### TL;DR

Added session cleanup logic to handle active organization reassignment when user organizations are deleted.

### What changed?

Enhanced the `cleanupUserOrganizations` method in `AuthService` to reassign active organizations for users whose current active organization is being deleted. The method now:

- Identifies users who are members of organizations being deleted
- Finds alternative organizations for each affected user
- Updates their sessions to use a fallback organization or null if no alternatives exist
- Wraps the entire operation in a database transaction for consistency

### How to test?

Run the new test suite:
```bash
bun test app/server/modules/auth/__tests__/auth.cleanup-user-organizations.test.ts
```

The test verifies that when a user's organization is deleted, other members' sessions are properly updated to use their remaining organization memberships as the active organization.

### Why make this change?

Prevents orphaned session references when organizations are deleted. Without this change, users could have sessions pointing to non-existent organizations as their active workspace, leading to potential application errors or inconsistent state.

<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
  * Improved organization deletion handling. When an organization is deleted, user sessions are now automatically reassigned to a valid fallback organization, ensuring session state consistency and preventing invalid organization references.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-04 18:48:47 +01:00
..
client feat: change email by cli (#611) 2026-03-04 18:48:47 +01:00
drizzle feat: OIDC (#564) 2026-03-04 18:48:00 +01:00
lib refactor: sso utils (#608) 2026-03-04 18:48:47 +01:00
middleware feat: OIDC (#564) 2026-03-04 18:48:00 +01:00
routes fix(sso): prevent auto-linking with an existing account in a different org (#607) 2026-03-04 18:48:47 +01:00
schemas chore: gen api-client 2026-02-25 23:19:34 +01:00
server fix: move active session to an existing org, when deleting (#612) 2026-03-04 18:48:47 +01:00
test test: increase coverage for existing controllers 2026-03-04 18:48:47 +01:00
utils refactor: render cached data directly if available during ssr 2026-03-04 18:48:47 +01:00
app.css fix: multiple mobile and responsiveness issues (#537) 2026-02-17 18:44:22 +01:00
context.ts feat: OIDC (#564) 2026-03-04 18:48:00 +01:00
router.tsx refactor: render repo stats directly in ssr if cache is available 2026-03-04 18:48:47 +01:00
routeTree.gen.ts feat: separate global admin page (#595) 2026-03-04 18:48:47 +01:00
server.ts fix: apply fk db constraint on app creation 2026-02-16 23:09:18 +01:00