diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 9e097983bedd..e608c4d74d36 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -606,6 +606,10 @@ class LoginController extends BaseController
         if (request()->has('code')) {
             return $this->handleProviderCallback($provider);
         } else {
+        
+            if(!in_array($provider, ['google']))
+                return abort(400, 'Invalid provider');
+
             return Socialite::driver($provider)->with($parameters)->scopes($scopes)->redirect();
         }
     }
diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php
index 55a9354a4342..6d5196d536c3 100644
--- a/app/Http/Controllers/BaseController.php
+++ b/app/Http/Controllers/BaseController.php
@@ -19,6 +19,7 @@ use App\Transformers\EntityTransformer;
 use App\Utils\Ninja;
 use App\Utils\Statics;
 use App\Utils\Traits\AppSetup;
+use App\Utils\TruthSource;
 use Illuminate\Contracts\Container\BindingResolutionException;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Http\Request;
@@ -610,6 +611,7 @@ class BaseController extends Controller
 
     protected function listResponse($query)
     {
+
         $this->buildManager();
 
         $transformer = new $this->entity_transformer(request()->input('serializer'));
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 697dd36283ce..8864eb6fc9d0 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -380,7 +380,7 @@ class UserController extends BaseController
      */
     public function update(UpdateUserRequest $request, User $user)
     {
-        $old_company_user = $user->company_user;
+        $old_company_user = $user->company_user();
         $old_user = json_encode($user);
         $old_user_email = $user->getOriginal('email');
 
@@ -398,8 +398,8 @@ class UserController extends BaseController
         
         
         if(
-            strcasecmp($old_company_user->permissions, $user->company_user->permissions) != 0 ||
-            $old_company_user->is_admin != $user->company_user->is_admin
+            strcasecmp($old_company_user->permissions, $user->company_user()->permissions) != 0 ||
+            $old_company_user->is_admin != $user->company_user()->is_admin
           ){
             $user->company_user()->update(["permissions_updated_at" => now()]);
         }
diff --git a/app/Http/Middleware/TokenAuth.php b/app/Http/Middleware/TokenAuth.php
index c4122f731129..53924c89cc17 100644
--- a/app/Http/Middleware/TokenAuth.php
+++ b/app/Http/Middleware/TokenAuth.php
@@ -15,6 +15,7 @@ use App\Events\User\UserLoggedIn;
 use App\Models\CompanyToken;
 use App\Models\User;
 use App\Utils\Ninja;
+use App\Utils\TruthSource;
 use Closure;
 use Illuminate\Http\Request;
 use stdClass;
@@ -30,7 +31,7 @@ class TokenAuth
      */
     public function handle($request, Closure $next)
     {
-        if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user', 'company'])->where('token', $request->header('X-API-TOKEN'))->first())) {
+        if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user', 'company', 'cu'])->where('token', $request->header('X-API-TOKEN'))->first())) {
             $user = $company_token->user;
 
             $error = [
@@ -52,6 +53,13 @@ class TokenAuth
                 return response()->json($error, 403);
             }
 
+            $truth = app()->make(TruthSource::class);
+
+            $truth->setCompanyUser($company_token->cu);
+            $truth->setUser($company_token->user);
+            $truth->setCompany($company_token->company);
+            $truth->setCompanyToken($company_token);
+            
             /*
             |
             | Necessary evil here: As we are authenticating on CompanyToken,
@@ -65,7 +73,7 @@ class TokenAuth
             });
 
             //user who once existed, but has been soft deleted
-            if ($company_token->company_user->is_locked) {
+            if ($company_token->cu->is_locked) {
                 $error = [
                     'message' => 'User access locked',
                     'errors' => new stdClass,
diff --git a/app/Models/CompanyToken.php b/app/Models/CompanyToken.php
index 1c332e4d55fd..1ccb2d20d0c6 100644
--- a/app/Models/CompanyToken.php
+++ b/app/Models/CompanyToken.php
@@ -55,4 +55,9 @@ class CompanyToken extends BaseModel
                     ->where('company_id', $this->company_id)
                     ->where('user_id', $this->user_id);
     }
+
+    public function cu()
+    {
+        return $this->hasOneThrough(CompanyUser::class, Company::class, 'id', 'company_id', 'company_id', 'id');
+    }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index f9871a9f3191..5e0277895ae8 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -21,6 +21,7 @@ use App\Services\User\UserService;
 use App\Utils\Traits\MakesHash;
 use App\Utils\Traits\UserSessionAttributes;
 use App\Utils\Traits\UserSettings;
+use App\Utils\TruthSource;
 use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
@@ -30,8 +31,8 @@ use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Auth;
-use Laracasts\Presenter\PresentableTrait;
 use Illuminate\Support\Facades\Cache;
+use Laracasts\Presenter\PresentableTrait;
 
 class User extends Authenticatable implements MustVerifyEmail
 {
@@ -142,6 +143,22 @@ class User extends Authenticatable implements MustVerifyEmail
         return $this->hasMany(CompanyToken::class)->orderBy('id', 'ASC');
     }
 
+    public function token()
+    {
+        $truth = app()->make(TruthSource::class);
+
+        if($truth->getCompanyToken()){
+            return $truth->getCompanyToken();
+        }
+
+        if (request()->header('X-API-TOKEN')) {
+            return CompanyToken::with(['cu'])->where('token', request()->header('X-API-TOKEN'))->first();
+        }
+
+
+        return $this->tokens()->first();
+    }
+
     /**
      * Returns all companies a user has access to.
      *
@@ -170,12 +187,16 @@ class User extends Authenticatable implements MustVerifyEmail
      */
     public function getCompany()
     {
+        $truth = app()->make(TruthSource::class);
 
         if ($this->company){
 
             return $this->company;
         
         }
+        elseif($truth->getCompany()){
+            return $truth->getCompany();
+        }
         elseif (request()->header('X-API-TOKEN')) {
             $company_token = CompanyToken::with(['company'])->where('token', request()->header('X-API-TOKEN'))->first();
 
@@ -219,31 +240,33 @@ class User extends Authenticatable implements MustVerifyEmail
 
     public function co_user()
     {
-        return $this->company_user();
+        $truth = app()->make(TruthSource::class);
+
+        if($truth->getCompanyUser()){
+            return $truth->getCompanyUser();
+        }
+        
+        return $this->token()->cu;
+        // return $this->company_user();
     }
 
     public function company_user()
     {
-        if (! $this->id && auth()->user()) {
-            $this->id = auth()->user()->id;
-        }
-
-        return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id')
-        ->withTrashed();
-
-        // if (request()->header('X-API-TOKEN')) {
-
-        //     nlog("with an API token");
-        //     nlog(request()->header('X-API-TOKEN'));
-
-        //     return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'company_id', 'id', 'company_id')
-        //     ->where('company_tokens.token', request()->header('X-API-TOKEN'))
-        //     ->withTrashed();
-        // } else {
-        //     return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'company_id', 'id', 'company_id')
-        //     ->where('company_user.user_id', $this->id)
-        //     ->withTrashed();
+        // if (! $this->id && auth()->user()) {
+        //     $this->id = auth()->user()->id;
         // }
+
+        // return $this->hasOneThrough(CompanyUser::class, CompanyToken::class, 'user_id', 'user_id', 'id', 'user_id')
+        // ->withTrashed();
+
+        $truth = app()->make(TruthSource::class);
+
+        if($truth->getCompanyUser()){
+            return $truth->getCompanyUser();
+        }
+        
+        return $this->token()->cu;
+
     }
 
     /**
@@ -268,7 +291,9 @@ class User extends Authenticatable implements MustVerifyEmail
      */
     public function permissions()
     {
-        return $this->company_user->permissions;
+        return $this->token()->cu->permissions;
+        
+        // return $this->company_user->permissions;
     }
 
     /**
@@ -278,7 +303,9 @@ class User extends Authenticatable implements MustVerifyEmail
      */
     public function settings()
     {
-        return json_decode($this->company_user->settings);
+        return json_decode($this->token()->cu->settings);
+
+        //return json_decode($this->company_user->settings);
     }
 
     /**
@@ -288,12 +315,16 @@ class User extends Authenticatable implements MustVerifyEmail
      */
     public function isAdmin() : bool
     {
-        return $this->company_user->is_admin;
+        return $this->token()->cu->is_admin;
+
+       // return $this->company_user->is_admin;
     }
 
     public function isOwner() : bool
     {
-        return $this->company_user->is_owner;
+        return $this->token()->cu->is_owner;
+        
+        // return $this->company_user->is_owner;
     }
 
     /**
@@ -345,8 +376,13 @@ class User extends Authenticatable implements MustVerifyEmail
 
         return  $this->isOwner() ||
                 $this->isAdmin() ||
-                (stripos($this->company_user->permissions, $all_permission) !== false) ||
-                (stripos($this->company_user->permissions, $permission) !== false);
+                (stripos($this->token()->cu->permissions, $all_permission) !== false) ||
+                (stripos($this->token()->cu->permissions, $permission) !== false);
+
+        // return  $this->isOwner() ||
+        //         $this->isAdmin() ||
+        //         (stripos($this->company_user->permissions, $all_permission) !== false) ||
+        //         (stripos($this->company_user->permissions, $permission) !== false);
     }
 
     public function documents()
@@ -370,9 +406,12 @@ class User extends Authenticatable implements MustVerifyEmail
 
     public function routeNotificationForSlack($notification)
     {
-        if ($this->company_user->slack_webhook_url) {
-            return $this->company_user->slack_webhook_url;
-        }
+
+        if($this->token()->cu->slack_webhook_url)
+            return $this->token()->cu->slack_webhook_url;
+        // if ($this->company_user->slack_webhook_url) {
+        //     return $this->company_user->slack_webhook_url;
+        // }
     }
 
     public function routeNotificationForMail($notification)
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 495ed33f2242..2206abe686fb 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -15,6 +15,7 @@ use App\Http\Middleware\SetDomainNameDb;
 use App\Models\Invoice;
 use App\Models\Proposal;
 use App\Utils\Ninja;
+use App\Utils\TruthSource;
 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Database\Eloquent\Relations\Relation;
 use Illuminate\Queue\Events\JobProcessing;
@@ -71,6 +72,9 @@ class AppServiceProvider extends ServiceProvider
         //     \Log::error('Event Job '.$event->job->getJobId);
         //     // \Log::info('Event Job '.$event->job->payload());
         // });
+ 
+        app()->instance(TruthSource::class, new TruthSource());
+
     }
 
     /**
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index fdad645cdeb9..09530467a6ad 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -200,7 +200,6 @@ class UserRepository extends BaseRepository
         $user->is_deleted = false;
         $user->save();
         $user->restore();
-        // $user->company_user->restore();
 
         $cu = CompanyUser::withTrashed()
                          ->where('user_id', $user->id)
diff --git a/app/Utils/HtmlEngine.php b/app/Utils/HtmlEngine.php
index ff6b6a1f2556..b42579eafaf3 100644
--- a/app/Utils/HtmlEngine.php
+++ b/app/Utils/HtmlEngine.php
@@ -634,9 +634,11 @@ class HtmlEngine
     {
         $country = Country::find($this->settings->country_id);
 
-        if ($country) {
-            return ctrans('texts.country_' . $country->iso_3166_2);
-        }
+        if($country)
+            return $country->iso_3166_2;
+        // if ($country) {
+        //     return ctrans('texts.country_' . $country->iso_3166_2);
+        // }
 
         return '&nbsp;';
     }
diff --git a/app/Utils/TruthSource.php b/app/Utils/TruthSource.php
new file mode 100644
index 000000000000..1e2841a38c22
--- /dev/null
+++ b/app/Utils/TruthSource.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Utils;
+
+
+class TruthSource
+{
+
+    public $company;
+
+    public $user;
+
+    public $company_user;
+
+    public $company_token;
+
+    public function setCompanyUser($company_user)
+    {
+        $this->company_user = $company_user;
+        return $this;
+    }
+
+    public function setUser($user){
+        $this->user = $user;
+        return $this;
+    }
+
+    public function setCompany($company)
+    {
+        $this->company = $company;
+        return $this;
+    }
+
+    public function setCompanyToken($company_token)
+    {
+        $this->company_token = $company_token;
+        return $this;
+    }
+
+
+    public function getCompany()
+    {
+        return $this->company;
+    }
+
+    public function getCompanyUser()
+    {
+        return $this->company_user;
+    }
+
+    public function getUser()
+    {
+        return $this->user;
+    }
+
+    public function getCompanyToken()
+    {
+        return $this->company_token;
+    }
+
+}
diff --git a/tests/Feature/LoginTest.php b/tests/Feature/LoginTest.php
index 6375dd9de736..7afee2518c74 100644
--- a/tests/Feature/LoginTest.php
+++ b/tests/Feature/LoginTest.php
@@ -175,7 +175,7 @@ class LoginTest extends TestCase
         $this->assertTrue($user->companies !== null);
         $this->assertTrue($user->company_users !== null);
         $this->assertTrue($user->company_users->first() !== null);
-        $this->assertTrue($user->company_user->account !== null);
+        $this->assertTrue($user->company_user()->account !== null);
 
         $this->assertEquals($user->email, 'test@example.com');
         $this->assertTrue(\Hash::check('123456', $user->password));