From ffb618ee6539ea9ffb0f46d95ed8cf180a38faed Mon Sep 17 00:00:00 2001
From: Thomas Reitz <T.Reitz@xinion.de>
Date: Sun, 8 Mar 2026 21:13:31 +0100
Subject: [PATCH] fix: make refreshToken optional in LoginResponse for 2FA flow

The 2FA challenge response does not include a refreshToken (token is only
issued after successful 2FA verification). Making the field optional fixes
the TS2741 compilation error that prevented the core service from starting.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 packages/core-service/src/core/auth/auth.controller.ts | 2 +-
 packages/core-service/src/core/auth/auth.service.ts    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/core-service/src/core/auth/auth.controller.ts b/packages/core-service/src/core/auth/auth.controller.ts
index 4566aa9..697669b 100644
--- a/packages/core-service/src/core/auth/auth.controller.ts
+++ b/packages/core-service/src/core/auth/auth.controller.ts
@@ -45,7 +45,7 @@ export class AuthController {
 
     // Refresh-Token als HttpOnly Cookie setzen (NICHT im localStorage!)
     // Regel: Kein localStorage fuer Tokens
-    this.setRefreshTokenCookie(res, result.refreshToken);
+    this.setRefreshTokenCookie(res, result.refreshToken!);
 
     return {
       accessToken: result.accessToken,
diff --git a/packages/core-service/src/core/auth/auth.service.ts b/packages/core-service/src/core/auth/auth.service.ts
index f12c20f..cc5f937 100644
--- a/packages/core-service/src/core/auth/auth.service.ts
+++ b/packages/core-service/src/core/auth/auth.service.ts
@@ -21,7 +21,7 @@ interface TokenPair {
 
 interface LoginResponse {
   accessToken: string;
-  refreshToken: string;
+  refreshToken?: string;
   user: {
     id: string;
     email: string;