Merge remote-tracking branch 'origin/master'

svc/routes/login.go

@@ -133,31 +133,23 @@ func LoginHandler(db *sql.DB) http.HandlerFunc {
 		}
 
 		// ==================================================
-		// 3️⃣ MIGRATION (dfusr → mk_dfusr)
+		// 3️⃣ LEGACY SESSION (PENDING MIGRATION)
+		// - mk_dfusr migration is completed in /api/password/change
 		// ==================================================
-		newHash, err := bcrypt.GenerateFromPassword(
-			[]byte(pass),
-			bcrypt.DefaultCost,
-		)
-		if err != nil {
-			http.Error(w, "Şifre üretilemedi", http.StatusInternalServerError)
-			return
+		mkUser = &models.MkUser{
+			ID:                  int64(legacyUser.ID),
+			Username:            legacyUser.Username,
+			Email:               legacyUser.Email,
+			IsActive:            legacyUser.IsActive,
+			RoleID:              int64(legacyUser.RoleID),
+			RoleCode:            legacyUser.RoleCode,
+			ForcePasswordChange: true,
 		}
 
-		mkUser, err = mkRepo.CreateFromLegacy(legacyUser, string(newHash))
-		if err != nil {
-			log.Println("❌ CREATE_FROM_LEGACY FAILED:", err)
-			http.Error(w, "Kullanıcı migrate edilemedi", http.StatusInternalServerError)
-			return
-		}
-
-		// 🔥 KRİTİK: TOKEN GUARD İÇİN GARANTİ
-		mkUser.ForcePasswordChange = true
-
 		auditlog.Write(auditlog.ActivityLog{
-			ActionType:     "LEGACY_USER_MIGRATED",
+			ActionType:     "LEGACY_USER_LOGIN_PENDING_MIGRATION",
 			ActionCategory: "security",
-			Description:    "dfusr -> mk_dfusr on login",
+			Description:    "legacy login ok, first password change required",
 			IsSuccess:      true,
 		})