Fix middleware to properly trigger authentication using get_user_auth

enterprise/server/middleware.py

@@ -217,10 +217,11 @@ class LLMSettingsMiddleware:
                 f"LLM settings middleware intercepting POST /api/settings from {request.client.host if request.client else 'unknown'}"
             )
 
-            # Get user_id from request state (set by auth middleware)
-            user_auth = getattr(request.state, 'user_auth', None)
-            if not user_auth:
-                logger.info('No user auth found, letting route handle request')
+            # Get user authentication - this will trigger authentication if not already done
+            try:
+                user_auth = await get_user_auth(request)
+            except Exception as e:
+                logger.info(f'No valid user auth found ({e}), letting route handle request')
                 return  # No user auth, let the route handle it
 
             user_id = await user_auth.get_user_id()

enterprise/tests/unit/test_llm_settings_middleware.py

@@ -311,3 +311,15 @@ class TestLLMSettingsMiddleware:
         result = await middleware(mock_request, mock_call_next)
         mock_call_next.assert_called_once_with(mock_request)
         assert result is not None
+
+        # Test POST /api/settings request without authentication passes through
+        mock_request = MagicMock()
+        mock_request.method = 'POST'
+        mock_request.url.path = '/api/settings'
+        mock_call_next = AsyncMock(return_value=MagicMock())
+
+        with patch('enterprise.server.middleware.get_user_auth') as mock_get_user_auth:
+            mock_get_user_auth.side_effect = Exception('No auth')
+            result = await middleware(mock_request, mock_call_next)
+            mock_call_next.assert_called_once_with(mock_request)
+            assert result is not None