c38271da3b
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
The CurrentUser decorator previously returned undefined when no user was found on the request object. This silently propagated undefined to downstream code, risking null reference errors or authorization bypasses. Now throws UnauthorizedException when user is missing, providing defense-in-depth beyond the AuthGuard. All controllers using @CurrentUser() already have AuthGuard applied, so this is a safety net. Added comprehensive test suite for the decorator covering: - User present on request (happy path) - User with optional fields - Missing user throws UnauthorizedException - Request without user property throws UnauthorizedException - Data parameter is ignored Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>