From 7b4be3dbc9318360936fdb211ed51038fac5be20 Mon Sep 17 00:00:00 2001
From: patrick-motsch <p.motsch@valueon.ch>
Date: Tue, 17 Feb 2026 00:33:05 +0100
Subject: [PATCH] feat: accept botEmail/botPassword from request, auto-create
 system bot in DB

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .../features/teamsbot/routeFeatureTeamsbot.py | 89 ++++++++++++-------
 1 file changed, 56 insertions(+), 33 deletions(-)

diff --git a/modules/features/teamsbot/routeFeatureTeamsbot.py b/modules/features/teamsbot/routeFeatureTeamsbot.py
index f83fc5d6..c2bc53a7 100644
--- a/modules/features/teamsbot/routeFeatureTeamsbot.py
+++ b/modules/features/teamsbot/routeFeatureTeamsbot.py
@@ -728,42 +728,65 @@ async def testAuth(
     if not meetingUrl:
         raise HTTPException(status_code=400, detail="meetingUrl is required")
 
-    # Load system bot credentials for the auth test variant
-    email = None
-    password = None
-    credentialDebug = {"mandateId": mandateId, "botFound": False, "botEmail": None, "botMandateId": None, "searchStrategy": "byMandate"}
+    # Load system bot credentials:
+    # 1. Use email/password from request body (direct override)
+    # 2. Fallback: load from DB (system bot record)
+    email = body.get("botEmail")
+    password = body.get("botPassword")
+    credentialDebug = {"mandateId": mandateId, "source": "none"}
 
-    systemBot = interface.getActiveSystemBot(mandateId)
-
-    # Fallback: if no bot found for this mandate, search ALL system bots
-    if not systemBot:
-        logger.info(f"[test-auth] No bot for mandate {mandateId}, searching all system bots...")
-        credentialDebug["searchStrategy"] = "allBots"
-        allBots = interface.db.getRecordset(TeamsbotSystemBot, recordFilter={"isActive": True})
-        if allBots:
-            systemBot = allBots[0]
-            credentialDebug["allBotsCount"] = len(allBots)
-            credentialDebug["botMandateId"] = systemBot.get("mandateId")
-            logger.info(f"[test-auth] Found {len(allBots)} active bot(s), using first: {systemBot.get('email')} (mandate={systemBot.get('mandateId')})")
-
-    if systemBot:
-        email = systemBot.get("email")
-        encryptedPwd = systemBot.get("encryptedPassword")
-        credentialDebug["botFound"] = True
+    if email and password:
+        # Direct override from request body
+        credentialDebug["source"] = "requestBody"
         credentialDebug["botEmail"] = email
-        logger.info(f"[test-auth] System bot: email={email}, hasEncryptedPwd={bool(encryptedPwd)}")
-        if encryptedPwd:
-            try:
-                from modules.shared.configuration import decryptValue
-                password = decryptValue(encryptedPwd, userId=str(context.user.id), keyName="systemBotPassword")
-                credentialDebug["passwordDecrypted"] = True
-                logger.info(f"[test-auth] Password decrypted, length={len(password) if password else 0}")
-            except Exception as e:
-                credentialDebug["passwordError"] = str(e)
-                logger.error(f"[test-auth] Password decryption failed: {e}")
+        logger.info(f"[test-auth] Using credentials from request: {email}")
+
+        # Also create/update system bot in DB for future use
+        try:
+            from modules.shared.configuration import encryptValue
+            encryptedPassword = encryptValue(password, userId=str(context.user.id), keyName="systemBotPassword")
+            existingBot = interface.getActiveSystemBot(mandateId)
+            if not existingBot:
+                botData = TeamsbotSystemBot(
+                    mandateId=mandateId,
+                    name=email.split("@")[0].replace(".", " ").title(),
+                    email=email,
+                    encryptedPassword=encryptedPassword,
+                    isActive=True,
+                ).model_dump()
+                interface.createSystemBot(botData)
+                credentialDebug["dbCreated"] = True
+                logger.info(f"[test-auth] Created system bot in DB: {email} for mandate {mandateId}")
+            else:
+                credentialDebug["dbExists"] = True
+        except Exception as e:
+            logger.warning(f"[test-auth] Could not save system bot to DB: {e}")
     else:
-        logger.warning(f"[test-auth] No active system bot found anywhere")
-        credentialDebug["searchStrategy"] = "noneFound"
+        # Try loading from DB
+        systemBot = interface.getActiveSystemBot(mandateId)
+        if not systemBot:
+            # Fallback: search ALL active bots
+            allBots = interface.db.getRecordset(TeamsbotSystemBot, recordFilter={"isActive": True})
+            if allBots:
+                systemBot = allBots[0]
+                credentialDebug["source"] = "dbFallback"
+
+        if systemBot:
+            email = systemBot.get("email")
+            encryptedPwd = systemBot.get("encryptedPassword")
+            credentialDebug["source"] = credentialDebug.get("source", "db")
+            credentialDebug["botEmail"] = email
+            if encryptedPwd:
+                try:
+                    from modules.shared.configuration import decryptValue
+                    password = decryptValue(encryptedPwd, userId=str(context.user.id), keyName="systemBotPassword")
+                    logger.info(f"[test-auth] Loaded from DB: {email}")
+                except Exception as e:
+                    credentialDebug["passwordError"] = str(e)
+                    logger.error(f"[test-auth] Password decryption failed: {e}")
+        else:
+            logger.warning(f"[test-auth] No credentials provided and no system bot in DB")
+            credentialDebug["source"] = "noneFound"
 
     # Forward to browser bot service
     browserBotUrl = effectiveConfig._getEffectiveBrowserBotUrl()