diff --git a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart index ede79873..3e207b2f 100644 --- a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart +++ b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart @@ -34,12 +34,29 @@ class AuthRepositoryImpl implements AuthRepositoryInterface { throw Exception('Sign-in failed, no Firebase user received.'); } - return _getUserProfile( - firebaseUserId: firebaseUser.uid, - fallbackEmail: firebaseUser.email ?? email, - ); + final response = await _dataConnect.getUserById( + id: firebaseUser.uid, + ).execute(); + final user = response.data?.user; + if (user == null) { + await _firebaseAuth.signOut(); + throw Exception('Authenticated user profile not found in database.'); + } + if (user.userRole != 'BUSINESS') { + await _firebaseAuth.signOut(); + throw Exception('User is not authorized for this app.'); + } - //TO-DO: validate that user is business role and has business account + final resolvedEmail = user.email ?? firebaseUser.email ?? email; + if (resolvedEmail.isEmpty) { + throw Exception('User email is missing in profile data.'); + } + + return domain.User( + id: user.id, + email: resolvedEmail, + role: user.role.stringValue, + ); } on firebase.FirebaseAuthException catch (e) { if (e.code == 'invalid-credential' || e.code == 'wrong-password') { @@ -47,6 +64,8 @@ class AuthRepositoryImpl implements AuthRepositoryInterface { } else { throw Exception('Authentication error: ${e.message}'); } + } on Exception catch (e) { + throw e; } catch (e) { throw Exception('Failed to sign in and fetch user data: ${e.toString()}'); }