From 11a5a66c8b134e2174c2f1a1fc94556b6d513ce0 Mon Sep 17 00:00:00 2001
From: Desktop <desktop@igny8.com>
Date: Mon, 17 Nov 2025 01:35:19 +0500
Subject: [PATCH] Revert "Revert to main branch account handling logic"

This reverts commit 219dae83c6aee5fc3682b36314d52d694fa10e5d.
---
 backend/igny8_core/api/authentication.py | 17 +++++++----------
 backend/igny8_core/auth/middleware.py    | 13 +++++++------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/backend/igny8_core/api/authentication.py b/backend/igny8_core/api/authentication.py
index f20ec8a5..9daada1b 100644
--- a/backend/igny8_core/api/authentication.py
+++ b/backend/igny8_core/api/authentication.py
@@ -55,28 +55,25 @@ class JWTAuthentication(BaseAuthentication):
                 return None
             
             try:
-                user = User.objects.get(id=user_id)
+                # Refresh user from DB with account and plan relationships to get latest data
+                # This ensures changes to account/plan are reflected immediately without re-login
+                user = User.objects.select_related('account', 'account__plan').get(id=user_id)
             except User.DoesNotExist:
                 # User not found - return None to allow other auth classes to try
                 return None
             
-            # Get account from token
+            # Get account from token (token's account_id is authoritative per unified API model)
+            # Unified API Standard: Token contains account_id, middleware extracts and sets request.account
             account_id = payload.get('account_id')
             account = None
             if account_id:
                 try:
                     account = Account.objects.get(id=account_id)
                 except Account.DoesNotExist:
-                    pass
-            
-            if not account:
-                try:
-                    account = getattr(user, 'account', None)
-                except (AttributeError, Exception):
-                    # If account access fails, set to None
+                    # Account from token doesn't exist - set to None
                     account = None
             
-            # Set account on request
+            # Set account on request (unified API model: token's account_id is authoritative)
             request.account = account
             
             return (user, token)
diff --git a/backend/igny8_core/auth/middleware.py b/backend/igny8_core/auth/middleware.py
index 1bcdd16f..f738a4b8 100644
--- a/backend/igny8_core/auth/middleware.py
+++ b/backend/igny8_core/auth/middleware.py
@@ -99,13 +99,14 @@ class AccountContextMiddleware(MiddlewareMixin):
                     user = User.objects.select_related('account', 'account__plan').get(id=user_id)
                     request.user = user
                     if account_id:
-                        # Verify account still exists and matches user
-                        account = Account.objects.get(id=account_id)
-                        # If user's account changed, use the new one from user object
-                        if user.account and user.account.id != account_id:
-                            request.account = user.account
-                        else:
+                        # Unified API Standard: Extract account_id from JWT, load Account object, set request.account
+                        # Token's account_id is authoritative - no validation against user.account
+                        try:
+                            account = Account.objects.get(id=account_id)
                             request.account = account
+                        except Account.DoesNotExist:
+                            # Account from token doesn't exist - set to None
+                            request.account = None
                     else:
                         try:
                             user_account = getattr(user, 'account', None)