AOT-Technologies · arun-s-aot · Oct 8, 2025 · Jul 7, 2025 · Sep 10, 2025 · Sep 10, 2025
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v7.1.0
+v7.3.0
diff --git a/formsflow-forms-ChangeLog.md b/formsflow-forms-ChangeLog.md
@@ -9,7 +9,9 @@
 - `Untested Features`: Newly introduced features or components that are yet to be thoroughly tested.
 - `Upcoming Features`: Planned features or enhancements that will be available in future releases.
 - `Known Issues`: Existing issues or problems that are acknowledged and will be addressed in subsequent updates.
-
+# Version 7.3.0
+### Fixed
+- Fixed tenant key handling for authenticated vs anonymous users [FWF-5328].
 # Version 7.1.0
 ### Added
 - Added FORMIO_JWT_EXPIRE env for handling token expire time

diff --git a/src/middleware/handleFormsList.js b/src/middleware/handleFormsList.js
@@ -37,10 +37,15 @@ module.exports = function (router) {
       }
 
       if(process.env.MULTI_TENANCY_ENABLED == "true" && !req.isAdmin){
-        if(!req.token?.tenantKey){
+        // For anonymous users (no token), skip tenant key check for form submissions
+        // Only enforce tenant key for authenticated users
+        if(req.token && !req.token.tenantKey){
           return res.sendStatus(401);
         }
-        req.query.tenantKey = req.token.tenantKey
+        // Only set tenantKey if token exists and has tenantKey
+        if(req.token?.tenantKey){
+          req.query.tenantKey = req.token.tenantKey
+        }
       }
       // Merge any additional query parameters
       req.query = { ...query, ...req.query };