From 650e7c7354951b9a19f9c8d0885461048c96af32 Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Mon, 26 Jan 2026 21:54:53 +0530
Subject: [PATCH] Return NEEDS_ORG when no org exists

---
 .../trisolarisserver/controller/Auth.kt       | 67 ++++++++++++-------
 1 file changed, 42 insertions(+), 25 deletions(-)

diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt b/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt
index 74aefa9..08055d5 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt
@@ -32,7 +32,12 @@ class Auth(
         request: HttpServletRequest
     ): AuthResponse {
         logger.info("Auth verify hit, principalPresent={}", principal != null)
-        return buildAuthResponse(principal ?: resolvePrincipalFromHeader(request))
+        val resolved = principal ?: resolvePrincipalFromHeader(request)
+        return if (resolved == null) {
+            AuthResponse(status = "NEEDS_ORG")
+        } else {
+            buildAuthResponse(resolved)
+        }
     }
 
     @GetMapping("/me")
@@ -40,13 +45,15 @@ class Auth(
         @AuthenticationPrincipal principal: MyPrincipal?,
         request: HttpServletRequest
     ): AuthResponse {
-        return buildAuthResponse(principal ?: resolvePrincipalFromHeader(request))
+        val resolved = principal ?: resolvePrincipalFromHeader(request)
+        return if (resolved == null) {
+            AuthResponse(status = "NEEDS_ORG")
+        } else {
+            buildAuthResponse(resolved)
+        }
     }
 
-    private fun buildAuthResponse(principal: MyPrincipal?): AuthResponse {
-        if (principal == null) {
-            throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Missing principal")
-        }
+    private fun buildAuthResponse(principal: MyPrincipal): AuthResponse {
         val user = appUserRepo.findById(principal.userId).orElseThrow {
             ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
         }
@@ -58,6 +65,7 @@ class Auth(
             )
         }
         return AuthResponse(
+            status = "OK",
             user = UserResponse(
                 id = user.id!!,
                 orgId = user.org.id!!,
@@ -70,7 +78,7 @@ class Auth(
         )
     }
 
-    private fun resolvePrincipalFromHeader(request: HttpServletRequest): MyPrincipal {
+    private fun resolvePrincipalFromHeader(request: HttpServletRequest): MyPrincipal? {
         val header = request.getHeader("Authorization") ?: throw ResponseStatusException(
             HttpStatus.UNAUTHORIZED,
             "Missing Authorization token"
@@ -86,25 +94,33 @@ class Auth(
             logger.warn("Auth verify failed: {}", ex.message)
             throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid token")
         }
-        val user = appUserRepo.findByFirebaseUid(decoded.uid) ?: run {
+        val user = appUserRepo.findByFirebaseUid(decoded.uid)
+        if (user == null) {
             val orgs = organizationRepo.findAll()
-            if (orgs.size != 1) {
-                logger.warn("Auth verify user not found for uid={}, orgCount={}", decoded.uid, orgs.size)
-                throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
+            if (orgs.isEmpty()) {
+                logger.warn("Auth verify user not found for uid={}, orgCount=0", decoded.uid)
+                return null
             }
-            val org = orgs.first()
-            val phone = decoded.claims["phone_number"] as? String
-            val name = decoded.claims["name"] as? String
-            val created = appUserRepo.save(
-                com.android.trisolarisserver.models.property.AppUser(
-                    org = org,
-                    firebaseUid = decoded.uid,
-                    phoneE164 = phone,
-                    name = name
+            if (orgs.size == 1) {
+                val org = orgs.first()
+                val phone = decoded.claims["phone_number"] as? String
+                val name = decoded.claims["name"] as? String
+                val created = appUserRepo.save(
+                    com.android.trisolarisserver.models.property.AppUser(
+                        org = org,
+                        firebaseUid = decoded.uid,
+                        phoneE164 = phone,
+                        name = name
+                    )
                 )
-            )
-            logger.warn("Auth verify auto-created user uid={}, userId={}, orgId={}", decoded.uid, created.id, org.id)
-            created
+                logger.warn("Auth verify auto-created user uid={}, userId={}, orgId={}", decoded.uid, created.id, org.id)
+                return MyPrincipal(
+                    userId = created.id ?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User id missing"),
+                    firebaseUid = decoded.uid
+                )
+            }
+            logger.warn("Auth verify user not found for uid={}, orgCount={}", decoded.uid, orgs.size)
+            throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
         }
         logger.warn("Auth verify resolved uid={}, userId={}", decoded.uid, user.id)
         return MyPrincipal(
@@ -115,6 +131,7 @@ class Auth(
 }
 
 data class AuthResponse(
-    val user: UserResponse,
-    val properties: List<PropertyUserResponse>
+    val status: String,
+    val user: UserResponse? = null,
+    val properties: List<PropertyUserResponse> = emptyList()
 )