From 41280fad45b200c1d1d82b1a39dc5cb0a5ff9779 Mon Sep 17 00:00:00 2001
From: mguschin <gn.mikle@gmail.com>
Date: Sun, 24 May 2026 17:27:34 +0300
Subject: [PATCH] fix: look up user by evotor_user_id first in /user/verify

Evotor sends userId but not necessarily a matching phone/email.
Now tries evotor_user_id first, then falls back to email/phone.
Also removed the requirement for username/phone when userId is present.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 web/routes/evotor_webhooks.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/web/routes/evotor_webhooks.py b/web/routes/evotor_webhooks.py
index c8d4d86..cec6d13 100644
--- a/web/routes/evotor_webhooks.py
+++ b/web/routes/evotor_webhooks.py
@@ -209,13 +209,17 @@ async def user_verify(request: Request, db: Session = Depends(get_db)):
     password: str = body.get("password", "")
 
     login = username or phone
-    if not login or not password:
-        return JSONResponse({"error": "username/phone and password required"}, status_code=400)
+    if not password:
+        return JSONResponse({"error": "password required"}, status_code=400)
 
-    # match by email, username, or phone
-    user = db.query(User).filter(
-        or_(User.email == login, User.phone == login)
-    ).first()
+    # 1. Match by evotor_user_id (most reliable — Evotor always sends userId)
+    user = db.query(User).filter(User.evotor_user_id == evotor_user_id).first() if evotor_user_id else None
+
+    # 2. Fall back to email or phone
+    if not user and login:
+        user = db.query(User).filter(
+            or_(User.email == login, User.phone == login)
+        ).first()
 
     if not user:
         return JSONResponse({"error": "Неверные данные"}, status_code=401)