<?php

namespace App\Auth;

use Illuminate\Auth\EloquentUserProvider;
use Illuminate\Contracts\Auth\Authenticatable;

class CustomUserProvider extends EloquentUserProvider
{
    public function validateCredentials(Authenticatable $user, array $credentials): bool
    {
        $plain = $credentials['password'];
        $hashed = $user->getAuthPassword();

        if ($this->isBcryptHash($hashed)) {
            if ($this->hasher->check($plain, $hashed)) {
                return true;
            }
        } else {
            if (md5($plain) === $hashed) {
                // Upgrade lên bcrypt
                $user->password = $this->hasher->make($plain);
                $user->save();
                return true;
            }
        }

        return false;
    }

    protected function isBcryptHash($hashedPassword): bool
    {
        return password_get_info($hashedPassword)['algo'] === PASSWORD_BCRYPT;
    }
}