Fix Garmin Connect save — make password optional for settings updates

password was required in GarminConfigIn, causing a 422 when users updated
toggles or sync_lookback_days without re-entering their credentials.

Now only re-authenticates when a new password is supplied; settings-only
updates (sync_enabled, sync_activities, sync_wellness, sync_lookback_days)
go through without touching the stored credentials.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/api/garmin_sync.py

@@ -14,7 +14,7 @@ router = APIRouter()
 
 class GarminConfigIn(BaseModel):
     email: str
-    password: str                        # plaintext; encrypted before storage
+    password: Optional[str] = None       # plaintext; encrypted before storage. None = keep existing.
     sync_enabled: bool = True
     sync_activities: bool = True
     sync_wellness: bool = True
@@ -69,47 +69,48 @@ async def save_config(
     current_user: User = Depends(get_current_user),
 ):
     """
-    Save (or replace) Garmin Connect credentials.
+    Save Garmin Connect settings. If a password is provided, re-authenticates and
-    Attempts a test login first so we can store the initial OAuth token and
+    refreshes the stored OAuth token. If no password is provided, only updates the
-    fail fast on wrong credentials.
+    non-credential settings (toggles, lookback days) without re-logging in.
     """
     from app.services.garmin_connect_sync import encrypt_password, authenticate_garmin
 
-    enc = encrypt_password(body.password)
-
-    # Test login — raises HTTPException on auth failure
-    try:
-        garmin, token_store = authenticate_garmin(body.email, enc, None)
-    except Exception as exc:
-        raise HTTPException(status_code=400, detail=f"Garmin login failed: {exc}")
-
     result = await db.execute(
         select(GarminConnectConfig).where(GarminConnectConfig.user_id == current_user.id)
     )
     cfg = result.scalar_one_or_none()
 
-    if cfg:
+    if body.password:
-        cfg.email = body.email
+        # Credentials update — test-login before saving
-        cfg.password_enc = enc
+        enc = encrypt_password(body.password)
-        cfg.token_store = token_store
+        try:
-        cfg.sync_enabled = body.sync_enabled
+            garmin, token_store = authenticate_garmin(body.email, enc, None)
-        cfg.sync_activities = body.sync_activities
+        except Exception as exc:
-        cfg.sync_wellness = body.sync_wellness
+            raise HTTPException(status_code=400, detail=f"Garmin login failed: {exc}")
-        cfg.sync_lookback_days = body.sync_lookback_days
+
-        cfg.last_sync_status = "Credentials updated"
+        if cfg:
+            cfg.email = body.email
+            cfg.password_enc = enc
+            cfg.token_store = token_store
+            cfg.last_sync_status = "Credentials updated"
+        else:
+            cfg = GarminConnectConfig(
+                user_id=current_user.id,
+                email=body.email,
+                password_enc=enc,
+                token_store=token_store,
+                last_sync_status="Connected",
+            )
+            db.add(cfg)
     else:
-        cfg = GarminConnectConfig(
+        # Settings-only update — password unchanged
-            user_id=current_user.id,
+        if not cfg:
-            email=body.email,
+            raise HTTPException(status_code=400, detail="No Garmin account connected — password required for first-time setup")
-            password_enc=enc,
+
-            token_store=token_store,
+    cfg.sync_enabled = body.sync_enabled
-            sync_enabled=body.sync_enabled,
+    cfg.sync_activities = body.sync_activities
-            sync_activities=body.sync_activities,
+    cfg.sync_wellness = body.sync_wellness
-            sync_wellness=body.sync_wellness,
+    cfg.sync_lookback_days = body.sync_lookback_days
-            sync_lookback_days=body.sync_lookback_days,
-            last_sync_status="Connected",
-        )
-        db.add(cfg)
 
     await db.commit()
     await db.refresh(cfg)