zerobyte/app/server/modules/auth/__tests__
Nico 7dc017f4b6
fix: move active session to an existing org, when deleting (#612)
### TL;DR

Added session cleanup logic to handle active organization reassignment when user organizations are deleted.

### What changed?

Enhanced the `cleanupUserOrganizations` method in `AuthService` to reassign active organizations for users whose current active organization is being deleted. The method now:

- Identifies users who are members of organizations being deleted
- Finds alternative organizations for each affected user
- Updates their sessions to use a fallback organization or null if no alternatives exist
- Wraps the entire operation in a database transaction for consistency

### How to test?

Run the new test suite:
```bash
bun test app/server/modules/auth/__tests__/auth.cleanup-user-organizations.test.ts
```

The test verifies that when a user's organization is deleted, other members' sessions are properly updated to use their remaining organization memberships as the active organization.

### Why make this change?

Prevents orphaned session references when organizations are deleted. Without this change, users could have sessions pointing to non-existent organizations as their active workspace, leading to potential application errors or inconsistent state.

<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
  * Improved organization deletion handling. When an organization is deleted, user sessions are now automatically reassigned to a valid fallback organization, ensuring session state consistency and preventing invalid organization references.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-04 18:45:01 +01:00
..
auth.cleanup-user-organizations.test.ts fix: move active session to an existing org, when deleting (#612) 2026-03-04 18:45:01 +01:00
auth.controller.security.test.ts test: increase coverage for existing controllers 2026-03-02 21:16:48 +01:00
auth.service.sso-provider.test.ts feat: OIDC (#564) 2026-02-27 23:13:54 +01:00
auth.sso-security.test.ts test: use better-auth built-in test plugin (#599) 2026-03-01 15:10:50 +01:00