fix(expense): resolve current user id from 'sub' JWT claim
Live verification revealed the JWT carries the user id in the 'sub' claim (NameClaimType=sub, MapInboundClaims=false), so ClaimTypes.NameIdentifier is null at runtime. This caused ExpensesController.GetMine/GetById to throw NullReferenceException (500) on the '!.Value', and made the services fall back to 'system' — silently defeating the self-ownership guard. Resolve via NameIdentifier (unit tests) then 'sub' (real tokens). Adds a regression test. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -12,8 +12,11 @@ public class MonthlyStatementService : IMonthlyStatementService
|
||||
private readonly IHttpContextAccessor _http;
|
||||
public MonthlyStatementService(AppDbContext db, IHttpContextAccessor http) { _db = db; _http = http; }
|
||||
|
||||
// See ExpenseService: the user id lives in the "sub" claim at runtime; NameIdentifier is for tests.
|
||||
private string CurrentUserId =>
|
||||
_http.HttpContext?.User.FindFirstValue(ClaimTypes.NameIdentifier) ?? "system";
|
||||
_http.HttpContext?.User.FindFirstValue(ClaimTypes.NameIdentifier)
|
||||
?? _http.HttpContext?.User.FindFirstValue("sub")
|
||||
?? "system";
|
||||
|
||||
public async Task<List<MonthlyStatementDto>> GetAllAsync(int? year)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user