<?php

namespace App\Passport;

use Laravel\Passport\Bridge\User;
use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use Illuminate\Support\Facades\Hash;
use App\Models\GKUser;

class CustomUserRepository extends PassportUserRepository
{
    public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $client)
    {
        $user = GKUser::where('email', $username)->first();

        if (! $user) {
            return;
        }

        $hashed = $user->password;

        if (!Hash::needsRehash($hashed)) {
            if (!Hash::check($password, $hashed)) {
                return;
            }
        } elseif (md5($password) !== $hashed) {
            return;
        } else {
            // ✅ Nếu MD5 khớp → nâng cấp lên bcrypt
            $user->password = Hash::make($password);
            $user->save();
        }

        return new User($user->getAuthIdentifier());
    }
}