From cf80244005adaf62869cfcdc9c123d00d59ebb61 Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Fri, 1 May 2026 00:49:58 +0300 Subject: [PATCH] admin 13 --- Admin/auth/loginWallet.php | 4 +++- core/Auth/JwtService.php | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Admin/auth/loginWallet.php b/Admin/auth/loginWallet.php index 05edf31..c9ba336 100644 --- a/Admin/auth/loginWallet.php +++ b/Admin/auth/loginWallet.php @@ -14,6 +14,8 @@ use Firebase\JWT\JWT; $jwtService = new JwtService($redis ?? null); $admin = $jwtService->authenticate(); +error_log("[Wallet_SSO] Authenticated Admin ID: " . ($admin->user_id ?? 'N/A') . " | Role: " . ($admin->role ?? 'N/A')); + if ($admin->role !== 'admin' && $admin->role !== 'super_admin') { jsonError("Unauthorized. Admin access required."); exit; @@ -47,7 +49,7 @@ try { 'iss' => $issuer, 'aud' => $audience, 'user_id' => $admin->user_id, - 'role' => $admin->role, // استخدام الـ role الحالي (admin أو super_admin) + 'role' => 'admin', // نرسل 'admin' للمحفظة لضمان التوافق مع برمجياتها القديمة 'iat' => $iat, 'exp' => $exp, 'jti' => $jti diff --git a/core/Auth/JwtService.php b/core/Auth/JwtService.php index 48fa42b..4e481b0 100644 --- a/core/Auth/JwtService.php +++ b/core/Auth/JwtService.php @@ -134,9 +134,9 @@ class JwtService self::abort(401, 'Invalid token'); } - // 3. Issuer - if (($decoded->iss ?? '') !== $this->issuer) { - self::abort(401, 'Invalid token issuer'); + // 3. Issuer (Only check if configured) + if (!empty($this->issuer) && ($decoded->iss ?? '') !== $this->issuer) { + self::abort(401, 'Invalid token issuer: expected ' . $this->issuer . ' but got ' . ($decoded->iss ?? 'none')); } // 4. User ID @@ -232,6 +232,7 @@ class JwtService private static function abort(int $code, string $message): never { + error_log("[JWT_AUTH_FAILED] Code: $code | Message: $message | IP: " . ($_SERVER['REMOTE_ADDR'] ?? '?') . " | URI: " . ($_SERVER['REQUEST_URI'] ?? '?')); http_response_code($code); echo json_encode(['error' => $message]); exit;