Enforce login on tenant domains in OrganizationMiddleware and add tests by oumafreddy · Pull Request #10 · oumafreddy/oreno

oumafreddy · 2026-03-31T18:17:41Z

Ensure tenant (per-organization) sites require authentication before processing requests to prevent anonymous access to tenant domains.
Clarify middleware processing order by enforcing authentication early for tenant requests.

Updated apps/core/middleware.py OrganizationMiddleware to return a redirect to the login page when a request.tenant is present and the request.user is not authenticated, moving the authentication enforcement earlier in the request flow.
Preserved existing tenant-access controls for authenticated users, including logout and an error message when a user lacks access to the current tenant.
Added tests in apps/users/tests/test_organization_middleware.py to cover anonymous access on the public site, required login for tenant sites, and allowed access for authenticated users belonging to the tenant.

Ran the new middleware tests with python manage.py test apps.users.tests.test_organization_middleware and all tests passed.

Scope auth enforcement to tenant domains only

96052f2

oumafreddy added the codex label Mar 31, 2026 — with ChatGPT Codex Connector

Provide feedback