feat(system_users): Add merchant_id field to user model and authentication tokens

- Add merchant_id field to SystemUserModel to track user's associated merchant
- Include merchant_id in JWT token payload for both auth and system_users login endpoints
- Update CreateUserRequest schema to require merchant_id during user creation
- Populate merchant_id when creating new users in service layer
- Initialize all default users with merchant_id in database setup script
- Fix refresh_token endpoint to return new_access_token instead of stale access_token
- Standardize token payload structure across auth endpoints to include merchant_id
- Update initial user creation logs to display merchant information and correct passwords

app/auth/controllers/router.py

@@ -154,7 +154,7 @@ async def login(
         # Create tokens
         access_token_expires = timedelta(minutes=30)
         access_token = user_service.create_access_token(
-            data={"sub": user.user_id, "username": user.username, "role": user.role},
+            data={"sub": user.user_id, "username": user.username, "role": user.role, "merchant_id": user.merchant_id},
             expires_delta=access_token_expires
         )
         
@@ -244,12 +244,12 @@ async def refresh_token(
         # Create new access token
         access_token_expires = timedelta(minutes=30)
         new_access_token = user_service.create_access_token(
-            data={"sub": user_id, "username": username, "role": user.role},
+            data={"sub": user_id, "username": username, "role": user.role, "merchant_id": user.merchant_id},
             expires_delta=access_token_expires
         )
         
         return {
-            "access_token": access_token,
+            "access_token": new_access_token,
             "token_type": "bearer",
             "expires_in": 1800
         }

app/system_users/controllers/router.py

@@ -69,7 +69,7 @@ async def login(
             access_token_expires = timedelta(hours=24)  # Longer expiry for remember me
         
         access_token = user_service.create_access_token(
-            data={"sub": user.user_id, "username": user.username, "role_id": user.role},
+            data={"sub": user.user_id, "username": user.username, "role": user.role, "merchant_id": user.merchant_id},
             expires_delta=access_token_expires
         )
         

app/system_users/models/model.py

@@ -54,6 +54,7 @@ class SystemUserModel(BaseModel):
     user_id: str = Field(..., description="Unique user identifier (UUID/ULID)")
     username: str = Field(..., description="Unique username (lowercase alphanumeric)")
     email: EmailStr = Field(..., description="User email address")
+    merchant_id: str = Field(..., description="User Merchant Information")
     
     # Authentication
     password_hash: str = Field(..., description="Bcrypt hashed password")

app/system_users/schemas/schema.py

@@ -40,6 +40,7 @@ class CreateUserRequest(BaseModel):
     """Create user request schema."""
     username: str = Field(..., description="Unique username", min_length=3, max_length=30)
     email: EmailStr = Field(..., description="Email address")
+    merchant_id: str = Field(..., description="Merchant ID for the user")
     password: str = Field(..., description="Password", min_length=8, max_length=100)
     first_name: str = Field(..., description="First name", min_length=1, max_length=50)
     last_name: Optional[str] = Field(None, description="Last name", max_length=50)

app/system_users/services/service.py

@@ -167,6 +167,7 @@ class SystemUserService:
                 user_id=user_id,
                 username=user_data.username.lower(),
                 email=user_data.email.lower(),
+                merchant_id=user_data.merchant_id,
                 password_hash=password_hash,
                 first_name=user_data.first_name,
                 last_name=user_data.last_name,

create_initial_users.py

@@ -27,6 +27,7 @@ async def create_initial_users():
                 "user_id": "usr_superadmin_001",
                 "username": "superadmin",
                 "email": "superadmin@cuatrolabs.com",
+                "merchant_id": "company_cuatro_beauty_ltd",
                 "password_hash": pwd_context.hash("SuperAdmin@123!"),
                 "first_name": "Super",
                 "last_name": "Admin",
@@ -48,6 +49,7 @@ async def create_initial_users():
                 "user_id": "usr_admin_001",
                 "username": "admin",
                 "email": "admin@cuatrolabs.com",
+                "merchant_id": "company_cuatro_beauty_ltd",
                 "password_hash": pwd_context.hash("CompanyAdmin@123!"),
                 "first_name": "Company",
                 "last_name": "Admin",
@@ -69,10 +71,11 @@ async def create_initial_users():
                 "user_id": "usr_manager_001",
                 "username": "manager",
                 "email": "manager@cuatrolabs.com",
+                "merchant_id": "company_cuatro_beauty_ltd",
                 "password_hash": pwd_context.hash("Manager@123!"),
                 "first_name": "Team",
                 "last_name": "Manager",
-                "phone": "+919999999997",
+                "phone": "+919999997",
                 "role_id": "manager",
                 
                 "status": "active",
@@ -97,9 +100,9 @@ async def create_initial_users():
                 logger.info(f"Created user: {user['email']} (password: see script)")
         
         logger.info("\n=== Initial Users Created ===")
-        logger.info("1. superadmin@cuatrolabs.com / SuperAdmin@123")
-        logger.info("2. admin@cuatrolabs.com / CompanyAdmin@123")
-        logger.info("3. manager@cuatrolabs.com / Manager@123")
+        logger.info("1. superadmin@cuatrolabs.com / SuperAdmin@123! (merchant: merchant_cuatrolabs_001)")
+        logger.info("2. admin@cuatrolabs.com / CompanyAdmin@123! (merchant: merchant_cuatrolabs_001)")
+        logger.info("3. manager@cuatrolabs.com / Manager@123! (merchant: merchant_cuatrolabs_001)")
         logger.info("=============================\n")
         
     except Exception as e: