Bug: SLM login endpoint returns untyped dict, degrading OpenAPI contract

[mrveiss]

Problem

After #1922 consolidated login endpoints, POST /api/auth/login in autobot-slm-backend/api/auth.py returns -> dict instead of a typed response model. The old endpoint used response_model=TokenResponse.

This was necessary because the endpoint can now return either:

• A TokenResponse (normal login)
• An MFA challenge dict {"requires_mfa": True, "temp_token": "..."}

However, returning untyped dict degrades the OpenAPI documentation — clients lose the typed contract.

Location

• autobot-slm-backend/api/auth.py, line 67

Proposed Fix

Create a Union[TokenResponse, MfaChallengeResponse] return type:

class MfaChallengeResponse(BaseModel):
    requires_mfa: bool = True
    temp_token: str

@router.post("/login", response_model=Union[TokenResponse, MfaChallengeResponse])

Impact

Medium — no runtime breakage, but OpenAPI docs and auto-generated clients lose type information.

Discovered During

Code review of PR #2223 (#1922)

[github-actions]

PR #2247 (merged to Dev_new_gui) references this issue with a close keyword.

fix(auth): add typed response model for login endpoint (#2240)

If this issue is fully resolved, close it manually. If work remains, no action is needed.

[mrveiss]

Merged via PR. Closing.