orgtoken.Validate now returns org_id (the org workspace UUID stored on org_api_tokens rows, populated by #1212). Both call sites in wsauth_middleware.go — WorkspaceAuth and AdminAuth — call c.Set("org_id", orgID) after successful org-token validation. This unbreaks orgCallerID(c) for org-token callers. Previously the middleware populated org_token_id and org_token_prefix but never org_id, so any handler reading c.Get("org_id") (e.g. requireCallerOwnsOrg) got "" even for valid org tokens. The change is additive: orgID may be empty for pre-migration tokens minted before #1212. requireCallerOwnsOrg already handles empty org_id by denying by default. Co-authored-by: Molecule AI CP-BE <cp-be@agents.moleculesai.app> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
molecule-ai[bot]
GitHub
parent
217cdce306
commit
52709718ec