From b557b5874d77f944c3344251be347872e36d50e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Salazar?=
 <73718835+joshrs23@users.noreply.github.com>
Date: Thu, 22 Jan 2026 15:55:51 -0500
Subject: [PATCH] validation when the user is not a businnes user

---
 .../auth_repository_impl.dart                 | 29 +++++++++++++++----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart
index ede79873..3e207b2f 100644
--- a/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart
+++ b/apps/mobile/packages/features/client/authentication/lib/src/data/repositories_impl/auth_repository_impl.dart
@@ -34,12 +34,29 @@ class AuthRepositoryImpl implements AuthRepositoryInterface {
         throw Exception('Sign-in failed, no Firebase user received.');
       }
 
-      return _getUserProfile(
-        firebaseUserId: firebaseUser.uid,
-        fallbackEmail: firebaseUser.email ?? email,
-      );
+      final response = await _dataConnect.getUserById(
+        id: firebaseUser.uid,
+      ).execute();
+      final user = response.data?.user;
+      if (user == null) {
+        await _firebaseAuth.signOut();
+        throw Exception('Authenticated user profile not found in database.');
+      }
+      if (user.userRole != 'BUSINESS') {
+        await _firebaseAuth.signOut();
+        throw Exception('User is not authorized for this app.');
+      }
 
-      //TO-DO: validate that user is business role and has business account
+      final resolvedEmail = user.email ?? firebaseUser.email ?? email;
+      if (resolvedEmail.isEmpty) {
+        throw Exception('User email is missing in profile data.');
+      }
+
+      return domain.User(
+        id: user.id,
+        email: resolvedEmail,
+        role: user.role.stringValue,
+      );
 
     } on firebase.FirebaseAuthException catch (e) {
       if (e.code == 'invalid-credential' || e.code == 'wrong-password') {
@@ -47,6 +64,8 @@ class AuthRepositoryImpl implements AuthRepositoryInterface {
       } else {
         throw Exception('Authentication error: ${e.message}');
       }
+    } on Exception catch (e) {
+      throw e;
     } catch (e) {
       throw Exception('Failed to sign in and fetch user data: ${e.toString()}');
     }