zerobyte/app/server/modules/auth
Nico 2f253d4999 fix: move active session to an existing org, when deleting (#612)
### TL;DR

Added session cleanup logic to handle active organization reassignment when user organizations are deleted.

### What changed?

Enhanced the `cleanupUserOrganizations` method in `AuthService` to reassign active organizations for users whose current active organization is being deleted. The method now:

- Identifies users who are members of organizations being deleted
- Finds alternative organizations for each affected user
- Updates their sessions to use a fallback organization or null if no alternatives exist
- Wraps the entire operation in a database transaction for consistency

### How to test?

Run the new test suite:
```bash
bun test app/server/modules/auth/__tests__/auth.cleanup-user-organizations.test.ts
```

The test verifies that when a user's organization is deleted, other members' sessions are properly updated to use their remaining organization memberships as the active organization.

### Why make this change?

Prevents orphaned session references when organizations are deleted. Without this change, users could have sessions pointing to non-existent organizations as their active workspace, leading to potential application errors or inconsistent state.

<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
  * Improved organization deletion handling. When an organization is deleted, user sessions are now automatically reassigned to a valid fallback organization, ensuring session state consistency and preventing invalid organization references.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-04 18:48:47 +01:00
..
__tests__ fix: move active session to an existing org, when deleting (#612) 2026-03-04 18:48:47 +01:00
auth.controller.ts fix(sso): prevent auto-linking with an existing account in a different org (#607) 2026-03-04 18:48:47 +01:00
auth.dto.ts feat: separate global admin page (#595) 2026-03-04 18:48:47 +01:00
auth.errors.ts refactor: sso utils (#608) 2026-03-04 18:48:47 +01:00
auth.middleware.ts refactor: sso utils (#608) 2026-03-04 18:48:47 +01:00
auth.service.ts fix: move active session to an existing org, when deleting (#612) 2026-03-04 18:48:47 +01:00
dev-panel.middleware.ts feat: dev panel (#489) 2026-02-09 22:04:21 +01:00
helpers.ts refactor: upgrade to drizzle v1 (#450) 2026-02-01 19:14:52 +01:00