diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bdfc57..abcda97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,16 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), version --- +## [1.14.2] — 2026-04-22 + +### Fixed +- **Admin "Login as Partner" impersonation now completes into `/dashboard`** instead of bouncing back to `/login?error=ImpersonationFailed`. Two linked issues: + - **`ALLOWED_HOSTS`** (`eventify/settings.py`) — partner portal's server-side `authorize()` (Next.js) calls `${BACKEND_API_URL}/api/v1/auth/me/` with `BACKEND_API_URL=http://eventify-backend:8000`, so the HTTP `Host` header was `eventify-backend` — not in the Django allowlist. `SecurityMiddleware` rejected with HTTP 400 DisallowedHost, `authorize()` returned null, `signIn()` failed, and the `/impersonate` page redirected to the login error. Added `partner.eventifyplus.com`, `eventify-backend`, and `eventify-django` to `ALLOWED_HOSTS`. Same Host issue was silently breaking regular partner password login too — fixed as a side effect. + - **`UserSerializer` missing `partner` field** (`admin_api/serializers.py`) — `MeView` returned `/api/v1/auth/me/` payload with no `partner` key, so the partner portal's `auth.ts` set `partnerId: ""` on the NextAuth session. Downstream dashboard queries that filter by `partnerId` would then return empty/403. Added `partner = PrimaryKeyRelatedField(read_only=True)` to the serializer's `fields` list. Payload now includes `"partner": `. +- Deploy: `docker cp` both files into **both** `eventify-backend` and `eventify-django` containers + `kill -HUP 1` on each (per shared admin_api rule). + +--- + ## [1.14.1] — 2026-04-22 ### Fixed diff --git a/admin_api/serializers.py b/admin_api/serializers.py index f203062..cbc8470 100644 --- a/admin_api/serializers.py +++ b/admin_api/serializers.py @@ -5,9 +5,10 @@ User = get_user_model() class UserSerializer(serializers.ModelSerializer): name = serializers.SerializerMethodField() role = serializers.SerializerMethodField() + partner = serializers.PrimaryKeyRelatedField(read_only=True) class Meta: model = User - fields = ['id', 'email', 'username', 'name', 'role'] + fields = ['id', 'email', 'username', 'name', 'role', 'partner'] def get_name(self, obj): return f"{obj.first_name} {obj.last_name}".strip() or obj.username def get_role(self, obj): diff --git a/eventify/settings.py b/eventify/settings.py index 037eb8f..b0c8699 100644 --- a/eventify/settings.py +++ b/eventify/settings.py @@ -18,6 +18,9 @@ ALLOWED_HOSTS = [ 'backend.eventifyplus.com', 'admin.eventifyplus.com', 'app.eventifyplus.com', + 'partner.eventifyplus.com', + 'eventify-backend', + 'eventify-django', 'localhost', '127.0.0.1', ]