From b4dd178075f9fcface58cabe2108c817da9248f6 Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Sat, 25 Apr 2026 12:01:06 +0300 Subject: [PATCH] Relax app verification check --- app/Http/Controllers/AuthController.php | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index a570ab2..eace7e6 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -549,19 +549,16 @@ class AuthController extends Controller $driver = Driver::where('id', $request->input('id'))->first(); if (!$driver) return $this->failure('User not found'); - // The Flutter app sends the app-level secret (passnpassenger) in the 'password' field + // The Flutter app sends the app-level secret (passnpassenger) in the 'password' field. + // Since the Flutter app modifies this string locally (e.g., split(Env.addd)[0]), + // it may not match the raw env('passwordnewpassenger') on the server exactly. + // We will rely on the fingerprint check below for security, as done in passengerJwtHandshake. $appSecret = config('intaleq.wallet_app_password', ''); if ($appSecret !== '') { - if ($request->input('password') !== $appSecret) { - // Try email as fallback for old app versions - if ($request->input('password') !== $this->encryption->decrypt($driver->email)) { - return $this->failure('Security mismatch: Invalid app verification', 403); - } - } - } else { - // If app secret is not configured, fallback strictly to email - if ($request->input('password') !== $this->encryption->decrypt($driver->email)) { - return $this->failure('Security mismatch: Invalid email verification (Secret missing)', 403); + if ($request->input('password') !== $appSecret && $request->input('password') !== $this->encryption->decrypt($driver->email)) { + \Log::warning('App verification mismatch, proceeding to fingerprint check', [ + 'driver_id' => $driver->id, + ]); } }