- Simplified HasTenantAccess permission logic to ensure every authenticated user has an account.
- Added fallback to system account for OpenAI settings in AI configuration.
- Allowed any authenticated user to check task progress in IntegrationSettingsViewSet.
- Created a script to identify and fix orphaned users without accounts.
- Updated error response handling in business endpoints for clarity.
- Added migration to include global payment method configurations for Stripe and PayPal (both disabled).
- Ensured existing payment methods like bank transfer and manual payment are correctly configured.
- Added database constraints and indexes for improved data integrity in billing models.
- Introduced foreign key relationship between CreditTransaction and Payment models.
- Added webhook configuration fields to PaymentMethodConfig for future payment gateway integrations.
- Updated SignUpFormUnified component to handle payment method selection based on user country and plan.
- Implemented PaymentHistory component to display user's payment history with status indicators.
- Updated `DebugScopedRateThrottle` to allow public access for blueprint list requests with site filters.
- Modified `SiteViewSet` and `SiteBlueprintViewSet` to permit public read access for list requests.
- Enhanced `loadSiteDefinition` to resolve site slugs to IDs, improving the loading process for site definitions.
- Improved error handling in `SiteDefinitionView` and `loadSiteDefinition` for better user feedback.
- Adjusted CSS styles for better layout and alignment in shared components.
- Introduced a new scheduled task for executing automation rules every 5 minutes in the Celery beat schedule.
- Updated URL routing to include a new endpoint for automation-related functionalities.
- Refactored imports in various modules to align with the new business layer structure, ensuring backward compatibility for billing models, exceptions, and services.
- Introduced RefreshTokenView to allow users to refresh their access tokens using a valid refresh token.
- Enhanced LoginView to ensure correct user/account loading and improved error handling during user serialization.
- Updated API response structure to include access and refresh token expiration times.
- Adjusted frontend API handling to support both new and legacy token response formats.
- Middleware should only set request.account, not request.user
- Let DRF authentication handle request.user setting
- This prevents conflicts between middleware and DRF authentication
- Fixes /me endpoint returning wrong user issue
- Restored fallback to user.account when token account_id is missing/invalid
- Restored validation that user.account matches token account_id
- If user's account changed, use user.account (the correct one)
- Matches main branch behavior which has correct config
- Fixes wrong user/account showing issue
- Simplified authentication logic to match unified API documentation
- Token's account_id is now the sole source of truth for account context
- Removed validation against user.account (no longer valid per unified API model)
- Middleware now simply extracts account_id from JWT and sets request.account
- Matches documented flow: Extract Account ID → Load Account Object → Set request.account
- Token's account_id is now authoritative for current account context
- For developers/admins: Always use token's account_id (they can access any account)
- For regular users: Verify they belong to token's account, fallback to user.account if not
- This ensures correct account context is set, especially for developers working across accounts
- Fixes bug where wrong user/account was shown after login
- Removed all operation limit fields from Plan model
- Kept account management limits (max_users, max_sites, etc.)
- Updated PlanSerializer to remove limit fields
- Updated PlanAdmin to remove limit fieldsets
- Created migration to remove limit fields from database
- Plan model now only has credits, billing, and account management fields
- Exclude the 'MeView' endpoint from public API documentation, marking it as an internal authenticated endpoint.
- Enhance error handling in the 'IntegrationSettingsViewSet' to gracefully manage empty request data and improve logging for account and settings lookups.
- Update API key retrieval logic to ensure fallback mechanisms are more robust and informative.
- Refactor user data fetching in the auth store to utilize a unified API system, improving error handling and data consistency.
