From 6b80ef83b405fb7c857f73eb91ece95236e441b7 Mon Sep 17 00:00:00 2001
From: asif <md.asif5@tcs.com>
Date: Mon, 10 Nov 2025 20:35:41 +0530
Subject: [PATCH] feat: default password for migrated users

---
 src/controllers/auth.controller.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js
index 6b80029..c6103d1 100644
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -39,6 +39,9 @@ async function login(req, res) {
     }
 
     const userCheck = await authService.findUserByCustomerNo(customerNo);
+    if (!userCheck) {
+      return res.status(404).json({ error: 'customer not found' });
+    }
 
     if (loginType.toUpperCase() === 'IB') {
       // check DB locked flag
@@ -52,9 +55,13 @@ async function login(req, res) {
     }
 
     // --- Step 2: Check migration status
-    const isMigratedUser = await authService.isMigratedUser(customerNo);
-    if (isMigratedUser)
+    const migratedPassword = `${userCheck.customer_no}@KCCB`;
+    const isMigratedUser = userCheck.password === migratedPassword;
+    if (isMigratedUser) {
+      if (password !== migratedPassword)
+        return res.status(401).json({ error: 'Invalid credentials.' });
       return res.status(401).json({ error: 'MIGRATED_USER_HAS_NO_PASSWORD' });
+    }
 
     // --- Step 3: Validate credentials ---
     const user = await authService.validateUser(customerNo, password);