From 392e37c1983eb0169bee58b915f05acaf74c18fe Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Fri, 24 Apr 2026 15:40:44 +0300 Subject: [PATCH] Security: Fix HMAC handshake, generate API keys in Google Login, and relax JWT issuer --- app/Http/Controllers/AuthController.php | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index d51a83f..d64ae0e 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -701,6 +701,14 @@ class AuthController extends Controller ]); } + // Generate API keys if missing + $passenger = Passenger::find($row->id); + if ($passenger && empty($passenger->api_key)) { + $this->generateApiKeys($passenger); + $row->api_key = $passenger->api_key; + $row->api_secret = $passenger->api_secret; + } + // Decrypt sensitive fields (matching V1 behavior) $decryptedFields = [ 'phone', 'email', 'gender', 'birthdate', 'site', @@ -735,21 +743,29 @@ class AuthController extends Controller $encryptedEmail = $this->encryption->encrypt($request->input('email')); - $driver = DB::connection('primary') + $driverRow = DB::connection('primary') ->table('captain') ->where('email', $encryptedEmail) ->where('id', $request->input('id')) ->select('captain.*', 'captain.api_key', 'captain.api_secret') ->first(); - if (!$driver) { + if (!$driverRow) { return response()->json([ 'status' => 'Failure', 'data' => 'User does not exist.', ]); } - $data = (array) $driver; + // Generate API keys if missing + $driver = Driver::find($driverRow->id); + if ($driver && empty($driver->api_key)) { + $this->generateApiKeys($driver); + $driverRow->api_key = $driver->api_key; + $driverRow->api_secret = $driver->api_secret; + } + + $data = (array) $driverRow; $decryptedFields = [ 'phone', 'email', 'gender', 'birthdate', 'first_name', 'last_name', 'national_number',