fix: fallback to any active system bot if mandate mismatch, add credentialDebug to response

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-17 00:03:01 +01:00 · 2026-02-17 00:03:01 +01:00 · f743932768
commit f743932768
parent 1b2ca9512f
1 changed files with 25 additions and 5 deletions
--- a/modules/features/teamsbot/routeFeatureTeamsbot.py
+++ b/modules/features/teamsbot/routeFeatureTeamsbot.py
@ -731,20 +731,39 @@ async def testAuth(
    # Load system bot credentials for the auth test variant
    email = None
    password = None
+    credentialDebug = {"mandateId": mandateId, "botFound": False, "botEmail": None, "botMandateId": None, "searchStrategy": "byMandate"}
+
    systemBot = interface.getActiveSystemBot(mandateId)
+
+    # Fallback: if no bot found for this mandate, search ALL system bots
+    if not systemBot:
+        logger.info(f"[test-auth] No bot for mandate {mandateId}, searching all system bots...")
+        credentialDebug["searchStrategy"] = "allBots"
+        allBots = interface.db.getRecordset(TeamsbotSystemBot, recordFilter={"isActive": True})
+        if allBots:
+            systemBot = allBots[0]
+            credentialDebug["allBotsCount"] = len(allBots)
+            credentialDebug["botMandateId"] = systemBot.get("mandateId")
+            logger.info(f"[test-auth] Found {len(allBots)} active bot(s), using first: {systemBot.get('email')} (mandate={systemBot.get('mandateId')})")
+
    if systemBot:
        email = systemBot.get("email")
        encryptedPwd = systemBot.get("encryptedPassword")
-        logger.info(f"[test-auth] System bot found: email={email}, hasEncryptedPwd={bool(encryptedPwd)}")
+        credentialDebug["botFound"] = True
+        credentialDebug["botEmail"] = email
+        logger.info(f"[test-auth] System bot: email={email}, hasEncryptedPwd={bool(encryptedPwd)}")
        if encryptedPwd:
            try:
                from modules.shared.configuration import decryptValue
                password = decryptValue(encryptedPwd, userId=str(context.user.id), keyName="systemBotPassword")
-                logger.info(f"[test-auth] Password decrypted successfully, length={len(password) if password else 0}")
+                credentialDebug["passwordDecrypted"] = True
+                logger.info(f"[test-auth] Password decrypted, length={len(password) if password else 0}")
            except Exception as e:
+                credentialDebug["passwordError"] = str(e)
                logger.error(f"[test-auth] Password decryption failed: {e}")
    else:
-        logger.warn(f"[test-auth] No active system bot found for mandate {mandateId}")
+        logger.warning(f"[test-auth] No active system bot found anywhere")
+        credentialDebug["searchStrategy"] = "noneFound"

    # Forward to browser bot service
    browserBotUrl = effectiveConfig._getEffectiveBrowserBotUrl()
@ -759,12 +778,13 @@ async def testAuth(
    }

    try:
-        # Generous timeout: 5 variants × ~45s each = ~225s max
        timeout = aiohttp.ClientTimeout(total=300)
        async with aiohttp.ClientSession(timeout=timeout) as session:
            async with session.post(f"{browserBotUrl}/api/bot/test-auth", json=payload) as resp:
                if resp.status == 200:
-                    return await resp.json()
+                    result = await resp.json()
+                    result["credentialDebug"] = credentialDebug
+                    return result
                else:
                    errorText = await resp.text()
                    logger.error(f"Auth test failed: {resp.status} - {errorText}")