From 733f1b98f577dbec02f5e54f6c76c88c61843362 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Fri, 24 Apr 2026 01:12:25 +0300
Subject: [PATCH] Fix: Allow 'unknown' password fallback for wallet login

---
 app/Http/Controllers/AuthController.php | 14 ++++++++++++--
 config/intaleq.php                      |  6 +++---
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index b341141..cf677c5 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -452,7 +452,12 @@ class AuthController extends Controller
         $encryptedPhone = $this->encryption->encrypt($request->input('phone'));
         $passenger = Passenger::active()->where('phone', $encryptedPhone)->first();
 
-        if (!$passenger || !password_verify($request->input('password'), $passenger->password)) {
+        // Allow 'unknown' as a fallback password to accommodate app config issues,
+        // as long as the fingerprint verification (below) passes.
+        $password = $request->input('password');
+        $isValidPassword = $passenger && (password_verify($password, $passenger->password) || $password === 'unknown');
+
+        if (!$passenger || !$isValidPassword) {
             return $this->failure('Invalid credentials');
         }
 
@@ -513,7 +518,12 @@ class AuthController extends Controller
         $encryptedPhone = $this->encryption->encrypt($request->input('phone'));
         $driver = Driver::active()->where('phone', $encryptedPhone)->first();
 
-        if (!$driver || !password_verify($request->input('password'), $driver->password)) {
+        // Allow 'unknown' as a fallback password to accommodate app config issues,
+        // as long as the fingerprint verification (below) passes.
+        $password = $request->input('password');
+        $isValidPassword = $driver && (password_verify($password, $driver->password) || $password === 'unknown');
+
+        if (!$driver || !$isValidPassword) {
             return $this->failure('Invalid credentials');
         }
 
diff --git a/config/intaleq.php b/config/intaleq.php
index d65653d..3806c59 100644
--- a/config/intaleq.php
+++ b/config/intaleq.php
@@ -42,7 +42,7 @@ return [
     // Internal Services
     'location_server_url' => env('LOCATION_SERVER_URL', 'http://localhost:2021'),
     'ride_socket_url' => env('RIDE_SOCKET_URL', 'http://localhost:3031'),
-    'internal_socket_key_path' => env('INTERNAL_SOCKET_KEY_PATH', base_path('.internal_socket_key')),
+    // 'internal_socket_key_path' => env('INTERNAL_SOCKET_KEY_PATH', base_path('.internal_socket_key')),
 
     // Rate Limiting
     'rate_limit_login' => (int) env('RATE_LIMIT_LOGIN', 5),
@@ -59,8 +59,8 @@ return [
     'secret_salt_parent' => env('SECRET_SALT_PARENT', ''),
 
     // Wallet Security
-    'wallet_jwt_secret' => env('WALLET_JWT_SECRET'),
+    // 'wallet_jwt_secret' => env('WALLET_JWT_SECRET'),
     'wallet_hmac_secret' => env('WALLET_HMAC_SECRET'),
-    'wallet_allowed_audiences' => explode(',', env('WALLET_ALLOWED_AUDIENCES', 'Tripz-Wallet,TripzWallet:android,TripzWallet:ios')),
+    'wallet_allowed_audiences' => explode(',', env('WALLET_ALLOWED_AUDIENCES', 'Tripz-Wallet')),
     'fp_pepper' => env('FP_PEPPER', ''),
 ];