Hamza/intaleq_v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Allow 'unknown' password fallback for wallet login

Browse Source
This commit is contained in:
Hamza-Ayed
2026-04-24 01:12:25 +03:00
parent f6ad0773f3
commit 733f1b98f5
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/Http/Controllers/AuthController.php
View File

@@ -452,7 +452,12 @@ class AuthController extends Controller
$encryptedPhone = $this->encryption->encrypt($request->input('phone')); $encryptedPhone = $this->encryption->encrypt($request->input('phone'));
$passenger = Passenger::active()->where('phone', $encryptedPhone)->first(); $passenger = Passenger::active()->where('phone', $encryptedPhone)->first();
if (!$passenger || !password_verify($request->input('password'), $passenger->password)) { // Allow 'unknown' as a fallback password to accommodate app config issues,
// as long as the fingerprint verification (below) passes.
$password = $request->input('password');
$isValidPassword = $passenger && (password_verify($password, $passenger->password) || $password === 'unknown');
if (!$passenger || !$isValidPassword) {
return $this->failure('Invalid credentials'); return $this->failure('Invalid credentials');
} }
@@ -513,7 +518,12 @@ class AuthController extends Controller
$encryptedPhone = $this->encryption->encrypt($request->input('phone')); $encryptedPhone = $this->encryption->encrypt($request->input('phone'));
$driver = Driver::active()->where('phone', $encryptedPhone)->first(); $driver = Driver::active()->where('phone', $encryptedPhone)->first();
if (!$driver || !password_verify($request->input('password'), $driver->password)) { // Allow 'unknown' as a fallback password to accommodate app config issues,
// as long as the fingerprint verification (below) passes.
$password = $request->input('password');
$isValidPassword = $driver && (password_verify($password, $driver->password) || $password === 'unknown');
if (!$driver || !$isValidPassword) {
return $this->failure('Invalid credentials'); return $this->failure('Invalid credentials');
} }

6
config/intaleq.php
View File

@@ -42,7 +42,7 @@ return [
// Internal Services // Internal Services
'location_server_url' => env('LOCATION_SERVER_URL', 'http://localhost:2021'), 'location_server_url' => env('LOCATION_SERVER_URL', 'http://localhost:2021'),
'ride_socket_url' => env('RIDE_SOCKET_URL', 'http://localhost:3031'), 'ride_socket_url' => env('RIDE_SOCKET_URL', 'http://localhost:3031'),
'internal_socket_key_path' => env('INTERNAL_SOCKET_KEY_PATH', base_path('.internal_socket_key')), // 'internal_socket_key_path' => env('INTERNAL_SOCKET_KEY_PATH', base_path('.internal_socket_key')),
// Rate Limiting // Rate Limiting
'rate_limit_login' => (int) env('RATE_LIMIT_LOGIN', 5), 'rate_limit_login' => (int) env('RATE_LIMIT_LOGIN', 5),
@@ -59,8 +59,8 @@ return [
'secret_salt_parent' => env('SECRET_SALT_PARENT', ''), 'secret_salt_parent' => env('SECRET_SALT_PARENT', ''),
// Wallet Security // Wallet Security
'wallet_jwt_secret' => env('WALLET_JWT_SECRET'), // 'wallet_jwt_secret' => env('WALLET_JWT_SECRET'),
'wallet_hmac_secret' => env('WALLET_HMAC_SECRET'), 'wallet_hmac_secret' => env('WALLET_HMAC_SECRET'),
'wallet_allowed_audiences' => explode(',', env('WALLET_ALLOWED_AUDIENCES', 'Tripz-Wallet,TripzWallet:android,TripzWallet:ios')), 'wallet_allowed_audiences' => explode(',', env('WALLET_ALLOWED_AUDIENCES', 'Tripz-Wallet')),
'fp_pepper' => env('FP_PEPPER', ''), 'fp_pepper' => env('FP_PEPPER', ''),
]; ];