From 0f5731fcc5a65e716356db4b55e4a9f2ae7d2198 Mon Sep 17 00:00:00 2001
From: mohammed-alkhazrji <M.Alkhazrji@exp-sa.com>
Date: Mon, 28 Jul 2025 15:05:09 +0300
Subject: [PATCH] checked the db_name

---
 .../controllers/authentication.py             |  8 +++---
 odex25_mobile/odex_web_app/controllers/web.py | 25 ++++++++++++-------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/odex25_mobile/odex_web_app/controllers/authentication.py b/odex25_mobile/odex_web_app/controllers/authentication.py
index fd281ff20..d5d7ab04c 100644
--- a/odex25_mobile/odex_web_app/controllers/authentication.py
+++ b/odex25_mobile/odex_web_app/controllers/authentication.py
@@ -38,9 +38,11 @@ class AuthenticationController(http.Controller):
             return http_helper.response(code=400, message=_('FCM Token is missing'), success=False)
 
         # Set the database for the request environment
-        if db:
-            ensure_db()
-
+        # if db:
+        #     ensure_db()
+        if request.session.db and request.session.db != db:
+            request.session.logout()
+        request.session.db = db
         # Authenticate user
         uid = http_helper.is_authentic(login, password)
         if not uid:
diff --git a/odex25_mobile/odex_web_app/controllers/web.py b/odex25_mobile/odex_web_app/controllers/web.py
index 2c893e3dc..ef3455aba 100644
--- a/odex25_mobile/odex_web_app/controllers/web.py
+++ b/odex25_mobile/odex_web_app/controllers/web.py
@@ -1,18 +1,25 @@
 import odoo
 from odoo import http
 from odoo.http import request
-
+from odoo import tools
+from odoo.addons.web.controllers.main import ensure_db
+from odoo.http import request, db_filter
 
 class WebController(http.Controller):
     @http.route('/web/session/authenticate', type='json', auth="none")
-    def authenticate(self, login, password, base_location=None):
-        db = odoo.tools.config.get('db_name')
-        if not db:
-            response_data = {
-                "error": "Database name should be specified in Conf File",
-                "status": 400
-            }
-            return response_data
+    def authenticate(self, login, password, base_location=None, db=None):
+        if db:
+            if db not in http.db_filter([db]):
+                return {"error": "Database not allowed", "status": 403}
+            if request.session.db and request.session.db != db:
+                request.session.logout()
+            request.session.db = db
+        else:
+            db = tools.config.get('db_name')
 
+        if not db:
+            return {"error": "Database name should be specified in Conf File or passed in request", "status": 400}
+
+        ensure_db()
         request.session.authenticate(db, login, password)
         return request.env['ir.http'].session_info()