Fix driver JWT handshake password checking logic

app/Http/Controllers/AuthController.php

@@ -549,15 +549,20 @@ class AuthController extends Controller
         $driver = Driver::where('id', $request->input('id'))->first();
         if (!$driver) return $this->failure('User not found');
 
-        // Verify the email (sent as password from Flutter) matches
+        // The Flutter app sends the app-level secret (passnpassenger) in the 'password' field
-        $decryptedEmail = $this->encryption->decrypt($driver->email);
+        $appSecret = config('intaleq.wallet_app_password', '');
-        if (!$decryptedEmail) {
+        if ($appSecret !== '') {
-             // Fallback if decryption fails (e.g. invalid IV)
+            if ($request->input('password') !== $appSecret) {
-             if ($driver->email !== $request->input('password')) {
+                // Try email as fallback for old app versions
-                 return $this->failure('Security mismatch: Invalid email verification (Decryption Failed)', 403);
+                if ($request->input('password') !== $this->encryption->decrypt($driver->email)) {
+                    return $this->failure('Security mismatch: Invalid app verification', 403);
+                }
+            }
+        } else {
+            // If app secret is not configured, fallback strictly to email
+            if ($request->input('password') !== $this->encryption->decrypt($driver->email)) {
+                return $this->failure('Security mismatch: Invalid email verification (Secret missing)', 403);
             }
-        } elseif ($decryptedEmail !== $request->input('password') && $driver->email !== $request->input('password')) {
-            return $this->failure('Security mismatch: Invalid email verification', 403);
         }
 
         // Security Check: Verify fingerprint matches stored token