wp-login: fall back to native signInWithPassword when no wp_legacy_users row

The /api/auth/wp-login route previously returned 401 immediately if the
email had no bb.wp_legacy_users entry. That made it impossible for
modern staff accounts (created directly via the Supabase Auth Admin
API, no WP migration history) to sign in via /client-login.

When the legacy lookup misses, fall through to a regular
supabase.auth.signInWithPassword call. If that succeeds, return a
success response with legacy=false so the client can distinguish
modern auth from a phpass-migrated session.

Existing legacy WP users keep working — the fallback only fires when
the legacy lookup returns no rows.
This commit is contained in:
Ryan Salazar
2026-05-08 23:05:53 +00:00
parent 0674d0188b
commit e7f434305d

View File

@@ -17,8 +17,24 @@ export async function POST(request: NextRequest) {
const { data: wpUser, error: lookupError } = await supabase
.rpc('get_wp_user_hash', { p_email: email.toLowerCase().trim() });
// No legacy WP record → fall through to native Supabase auth.
// Covers users created directly via the Auth Admin API (e.g. modern
// staff accounts that never lived in the WP install).
if (lookupError || !wpUser || wpUser.length === 0) {
return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
const { data: nativeSignIn, error: nativeErr } = await supabase.auth.signInWithPassword({
email: email.toLowerCase().trim(),
password,
});
if (nativeErr || !nativeSignIn.session) {
return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
}
return NextResponse.json({
success: true,
session: nativeSignIn.session,
user: nativeSignIn.user,
migrated: true,
legacy: false,
});
}
const legacyUser = wpUser[0];