From e7f434305d348f74547d4244ab5299c77d4eb068 Mon Sep 17 00:00:00 2001 From: Ryan Salazar Date: Fri, 8 May 2026 23:05:53 +0000 Subject: [PATCH] wp-login: fall back to native signInWithPassword when no wp_legacy_users row MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The /api/auth/wp-login route previously returned 401 immediately if the email had no bb.wp_legacy_users entry. That made it impossible for modern staff accounts (created directly via the Supabase Auth Admin API, no WP migration history) to sign in via /client-login. When the legacy lookup misses, fall through to a regular supabase.auth.signInWithPassword call. If that succeeds, return a success response with legacy=false so the client can distinguish modern auth from a phpass-migrated session. Existing legacy WP users keep working — the fallback only fires when the legacy lookup returns no rows. --- src/app/api/auth/wp-login/route.ts | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/app/api/auth/wp-login/route.ts b/src/app/api/auth/wp-login/route.ts index ea0e1b9..87c76c8 100644 --- a/src/app/api/auth/wp-login/route.ts +++ b/src/app/api/auth/wp-login/route.ts @@ -17,8 +17,24 @@ export async function POST(request: NextRequest) { const { data: wpUser, error: lookupError } = await supabase .rpc('get_wp_user_hash', { p_email: email.toLowerCase().trim() }); + // No legacy WP record → fall through to native Supabase auth. + // Covers users created directly via the Auth Admin API (e.g. modern + // staff accounts that never lived in the WP install). if (lookupError || !wpUser || wpUser.length === 0) { - return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 }); + const { data: nativeSignIn, error: nativeErr } = await supabase.auth.signInWithPassword({ + email: email.toLowerCase().trim(), + password, + }); + if (nativeErr || !nativeSignIn.session) { + return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 }); + } + return NextResponse.json({ + success: true, + session: nativeSignIn.session, + user: nativeSignIn.user, + migrated: true, + legacy: false, + }); } const legacyUser = wpUser[0];