From ff5a7bdc0eaf1100956870b6f461ae4a204bbf17 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Fri, 24 Apr 2026 16:55:56 +0300
Subject: [PATCH] Security:5 Fix HMAC handshake, generate API keys in Google
 Login, and relax JWT issuer

---
 app/Http/Controllers/OtpController.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/OtpController.php b/app/Http/Controllers/OtpController.php
index 12fcf6f..074ef92 100644
--- a/app/Http/Controllers/OtpController.php
+++ b/app/Http/Controllers/OtpController.php
@@ -108,8 +108,10 @@ class OtpController extends Controller
         // TODO: Send SMS/WhatsApp via external provider
 
         // Check if passenger exists to allow immediate login (V1 style)
+        // Note: Phone is stored ENCRYPTED in passengers table in V1
+        $encPhone = $this->encryption->encrypt($phone);
         $passenger = DB::connection('primary')->table('passengers')
-            ->where('phone', $phone)
+            ->where('phone', $encPhone)
             ->first();
 
         return $this->success([