From d949296104bafa919507f9ebd3da5b17270f2e33 Mon Sep 17 00:00:00 2001
From: kenneth <kenneth@nym.sh>
Date: Sun, 12 Apr 2026 11:40:56 +0000
Subject: [PATCH] fix: add source to session on cred update

When updateSourceCredentials was called for a source not yet in the
active session (e.g. because credentials were missing at config time),
the source was never instantiated despite being enabled in the DB.

Now, if the source row is enabled but absent from the session, the
source is added instead of skipped.

Co-authored-by: Ona <no-reply@ona.com>
---
 .../src/session/user-session-manager.test.ts  | 25 +++++++++++++++++++
 .../src/session/user-session-manager.ts       |  8 ++++--
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/apps/aelis-backend/src/session/user-session-manager.test.ts b/apps/aelis-backend/src/session/user-session-manager.test.ts
index 5d08924..b89dc44 100644
--- a/apps/aelis-backend/src/session/user-session-manager.test.ts
+++ b/apps/aelis-backend/src/session/user-session-manager.test.ts
@@ -806,6 +806,31 @@ describe("UserSessionManager.updateSourceCredentials", () => {
 		expect(receivedCredentials).toEqual({ token: "refreshed" })
 	})
 
+	test("adds source to session when source is enabled but not yet in session", async () => {
+		// Simulate a source that was never added to the session (e.g. credentials
+		// were missing at config time), but is enabled in the DB.
+		setEnabledSources([]) // no sources during session creation
+		const factory = mock(async () => createStubSource("test"))
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		const session = await manager.getOrCreate("user-1")
+		// Source is NOT in the session
+		expect(session.hasSource("test")).toBe(false)
+
+		// mockFindResult returns an enabled row by default, so the source
+		// row exists and is enabled in the DB.
+		await manager.updateSourceCredentials("user-1", "test", { token: "new-token" })
+
+		// Source should now be added to the session
+		expect(session.hasSource("test")).toBe(true)
+		expect(factory).toHaveBeenCalledTimes(1)
+	})
+
 	test("persists credentials without session refresh when no active session", async () => {
 		setEnabledSources(["test"])
 		const factory = mock(async () => createStubSource("test"))
diff --git a/apps/aelis-backend/src/session/user-session-manager.ts b/apps/aelis-backend/src/session/user-session-manager.ts
index d9dcc86..3524ac8 100644
--- a/apps/aelis-backend/src/session/user-session-manager.ts
+++ b/apps/aelis-backend/src/session/user-session-manager.ts
@@ -249,11 +249,15 @@ export class UserSessionManager {
 		// the DB already has the new credentials but the session keeps the old
 		// source. The next session creation will pick up the persisted credentials.
 		const session = this.sessions.get(userId)
-		if (session && session.hasSource(sourceId)) {
+		if (session) {
 			const row = await sources(this.db, userId).find(sourceId)
 			if (row?.enabled) {
 				const source = await provider.feedSourceForUser(userId, row.config ?? {}, credentials)
-				session.replaceSource(sourceId, source)
+				if (session.hasSource(sourceId)) {
+					session.replaceSource(sourceId, source)
+				} else {
+					session.addSource(source)
+				}
 			}
 		}
 	}