# Phase 11 Rollback — 2-Step XML Auth with OTP

## What Phase 11 Added

**New files:**
- `app/Http/Controllers/Wani/OtpAuthController.php` — OTP-first auth flow
- `app/Models/WaniAuthTransaction.php` — transaction record
- `database/migrations/2026_04_22_120000_create_wani_auth_transactions_table.php` — table

**Modified files:**
- `routes/api.php` — added 2 new routes

**Database changes:** NEW table `wani_auth_transactions`

## What's Unchanged

- Existing `/auth/initiate` + `/auth/validate` still work exactly as before
- Existing signup + login flow unchanged
- Mobile app unchanged
- No other Controllers modified

## Endpoints Added

| Method | URL | Purpose |
|---|---|---|
| POST | `/api/wani/v1/auth/request-otp` | Send OTP SMS, return TxnID |
| POST | `/api/wani/v1/auth/verify-otp` | Validate OTP, return Token + Expiry |

## Full Flow Example

**Step 1: Request OTP**
```bash
curl -X POST https://flutter.pmwani.net/api/wani/v1/auth/request-otp \
  -H "Content-Type: application/xml" \
  -d '<AuthRequest>
    <User><Mobile>9999999999</Mobile></User>
    <Device><MAC>AA:BB:CC:DD:EE:FF</MAC></Device>
    <Hotspot><SSID>PM-WANI</SSID><BSSID>00:11:22:33:44:55</BSSID></Hotspot>
  </AuthRequest>'
```
Returns:
```xml
<AuthResponse>
  <TxnID>abc123...</TxnID>
  <OTPStatus>Sent</OTPStatus>
  <ExpirySeconds>300</ExpirySeconds>
</AuthResponse>
```

User receives OTP SMS on their phone.

**Step 2: Verify OTP**
```bash
curl -X POST https://flutter.pmwani.net/api/wani/v1/auth/verify-otp \
  -H "Content-Type: application/xml" \
  -d '<OTPVerify>
    <TxnID>abc123...</TxnID>
    <OTP>123456</OTP>
  </OTPVerify>'
```
Returns:
```xml
<AuthSuccess>
  <Status>SUCCESS</Status>
  <Token>48charsessiontoken</Token>
  <Expiry>300</Expiry>
  <SessionTime>1800</SessionTime>
</AuthSuccess>
```

**Step 3: Validate Token** (use existing `/auth/validate`)
```bash
curl -X POST https://flutter.pmwani.net/api/wani/v1/auth/validate \
  -H "Content-Type: application/xml" \
  -d '<TokenValidation><Token>48charsessiontoken</Token></TokenValidation>'
```
Creates a wifi_session → returns access + session token.

## Error Cases

| Error | Status | Meaning |
|---|---|---|
| `MISSING_MOBILE` | 400 | Mobile not provided |
| `USER_NOT_FOUND` | 404 | Mobile not registered |
| `USER_NOT_VERIFIED` | 403 | Signup OTP not verified yet |
| `INVALID_TXN` | 404 | TxnID not found |
| `ALREADY_VERIFIED` | 409 | Transaction already consumed |
| `OTP_EXPIRED` | 401 | OTP > 5 min old |
| `TOO_MANY_ATTEMPTS` | 429 | >5 wrong OTP attempts |
| `INVALID_OTP` | 401 | OTP doesn't match |

## How to Roll Back (Local)

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# 1. Rollback migration
php artisan migrate:rollback --path=database/migrations/2026_04_22_120000_create_wani_auth_transactions_table.php

# 2. Restore routes
cp rollback/phase-11/api.php.before routes/api.php

# 3. Delete new files
rm app/Http/Controllers/Wani/OtpAuthController.php
rm app/Models/WaniAuthTransaction.php
rm database/migrations/2026_04_22_120000_create_wani_auth_transactions_table.php

# 4. Clear cache
php artisan config:clear
php artisan route:clear
```

## Server Deployment

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# Upload to staging
scp -P 21212 app/Http/Controllers/Wani/OtpAuthController.php immunity@147.93.30.127:/tmp/OtpAuthController.php
scp -P 21212 app/Models/WaniAuthTransaction.php immunity@147.93.30.127:/tmp/WaniAuthTransaction.php
scp -P 21212 database/migrations/2026_04_22_120000_create_wani_auth_transactions_table.php immunity@147.93.30.127:/tmp/wani_auth_tx_migration.php
scp -P 21212 routes/api.php immunity@147.93.30.127:/tmp/api.php

# Move with sudo, run migration, clear cache
ssh immunity@147.93.30.127 -p 21212 "\
  sudo cp /tmp/OtpAuthController.php /var/www/mobile_app_backend/app/Http/Controllers/Wani/OtpAuthController.php && \
  sudo cp /tmp/WaniAuthTransaction.php /var/www/mobile_app_backend/app/Models/WaniAuthTransaction.php && \
  sudo cp /tmp/wani_auth_tx_migration.php /var/www/mobile_app_backend/database/migrations/2026_04_22_120000_create_wani_auth_transactions_table.php && \
  sudo cp /tmp/api.php /var/www/mobile_app_backend/routes/api.php && \
  sudo chown www-data:www-data /var/www/mobile_app_backend/app/Http/Controllers/Wani/OtpAuthController.php /var/www/mobile_app_backend/app/Models/WaniAuthTransaction.php /var/www/mobile_app_backend/database/migrations/2026_04_22_120000_create_wani_auth_transactions_table.php /var/www/mobile_app_backend/routes/api.php && \
  cd /var/www/mobile_app_backend && sudo php artisan migrate --force && sudo php artisan config:clear && sudo php artisan route:clear"
```