diff --git a/src/app/api/auth/wp-login/route.ts b/src/app/api/auth/wp-login/route.ts index ea0e1b9..87c76c8 100644 --- a/src/app/api/auth/wp-login/route.ts +++ b/src/app/api/auth/wp-login/route.ts @@ -17,8 +17,24 @@ export async function POST(request: NextRequest) { const { data: wpUser, error: lookupError } = await supabase .rpc('get_wp_user_hash', { p_email: email.toLowerCase().trim() }); + // No legacy WP record → fall through to native Supabase auth. + // Covers users created directly via the Auth Admin API (e.g. modern + // staff accounts that never lived in the WP install). if (lookupError || !wpUser || wpUser.length === 0) { - return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 }); + const { data: nativeSignIn, error: nativeErr } = await supabase.auth.signInWithPassword({ + email: email.toLowerCase().trim(), + password, + }); + if (nativeErr || !nativeSignIn.session) { + return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 }); + } + return NextResponse.json({ + success: true, + session: nativeSignIn.session, + user: nativeSignIn.user, + migrated: true, + legacy: false, + }); } const legacyUser = wpUser[0];