fix: add source to session on cred update

When updateSourceCredentials was called for a source not yet in the
active session (e.g. because credentials were missing at config time),
the source was never instantiated despite being enabled in the DB.

Now, if the source row is enabled but absent from the session, the
source is added instead of skipped.

Co-authored-by: Ona <no-reply@ona.com>

apps/aelis-backend/src/session/user-session-manager.test.ts

@@ -806,6 +806,31 @@ describe("UserSessionManager.updateSourceCredentials", () => {
 		expect(receivedCredentials).toEqual({ token: "refreshed" })
 	})
 
+	test("adds source to session when source is enabled but not yet in session", async () => {
+		// Simulate a source that was never added to the session (e.g. credentials
+		// were missing at config time), but is enabled in the DB.
+		setEnabledSources([]) // no sources during session creation
+		const factory = mock(async () => createStubSource("test"))
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		const session = await manager.getOrCreate("user-1")
+		// Source is NOT in the session
+		expect(session.hasSource("test")).toBe(false)
+
+		// mockFindResult returns an enabled row by default, so the source
+		// row exists and is enabled in the DB.
+		await manager.updateSourceCredentials("user-1", "test", { token: "new-token" })
+
+		// Source should now be added to the session
+		expect(session.hasSource("test")).toBe(true)
+		expect(factory).toHaveBeenCalledTimes(1)
+	})
+
 	test("persists credentials without session refresh when no active session", async () => {
 		setEnabledSources(["test"])
 		const factory = mock(async () => createStubSource("test"))

apps/aelis-backend/src/session/user-session-manager.ts

@@ -249,11 +249,15 @@ export class UserSessionManager {
 		// the DB already has the new credentials but the session keeps the old
 		// source. The next session creation will pick up the persisted credentials.
 		const session = this.sessions.get(userId)
-		if (session && session.hasSource(sourceId)) {
+		if (session) {
 			const row = await sources(this.db, userId).find(sourceId)
 			if (row?.enabled) {
 				const source = await provider.feedSourceForUser(userId, row.config ?? {}, credentials)
-				session.replaceSource(sourceId, source)
+				if (session.hasSource(sourceId)) {
+					session.replaceSource(sourceId, source)
+				} else {
+					session.addSource(source)
+				}
 			}
 		}
 	}