bug: Auth Endpoint - Wrong member returned in the response

[nora-weisser]

Bug Report

Describe the bug

ENV: dev swagger

Endpoint: POST /api/auth/login

When a user logs in, the member field in the response belongs to a different user. user_account.member_id for some accounts is incorrectly set to another member's ID (e.g. Adriana's account has member_id = 1, pointing to Sonali Goel).
Trace from automated test:

[AUTH-01] POST /api/auth/login as adriana@womencodingcommunity.com
[AUTH-01] Response status: 200
[AUTH-01] Response body: {"token":"afXUZBoR1a...","expiresAt":"2026-03-28T22:02:58.846815972Z","roles":["ADMIN","MENTOR"],"member":{"id":1,"fullName":"Sonali Goel","position":"Senior Software Engineer","email":"sonali.learn.ai@gmail.com","slackDisplayName":"sonaligoel","country":{"countryCode":"GB","countryName":"United Kingdom"},"city":"London","companyName":"Tesco Technology","memberTypes":[],"images":[],"network":[],"isWomen":true}}

The login flow blindly fetches whichever member is stored in that column,
so the authenticated user receives someone else's member data.

Steps to reproduce:

1. POST /api/auth/login with valid credentials
2. Inspect member in the response body
3. member.email does not match the login email

Expected: member belongs to the authenticated user
Actual: member belongs to a different user (first member in the database)

Reproducibility

• The bug is reproducible consistently.

Impact

• The bug affects critical functionality.