From 02eb76148828d5bfa45015e658a5055f1b5d46a1 Mon Sep 17 00:00:00 2001 From: "soroush.asadi" Date: Thu, 4 Jun 2026 17:22:03 +0330 Subject: [PATCH] [TEMP] Master OTP code to recover admin access while SMS is broken SMS (Kavenegar) is misconfigured so OTP codes are not delivered and Production does not show the code on screen, locking admins out. Accept a temporary master code (956423) for any phone in OtpService.Verify so we can log in and fix the gateway key. MUST be removed once SMS works. Co-Authored-By: Claude Opus 4.8 --- src/JobsMedical.Web/Services/OtpService.cs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/JobsMedical.Web/Services/OtpService.cs b/src/JobsMedical.Web/Services/OtpService.cs index f90bacb..a209deb 100644 --- a/src/JobsMedical.Web/Services/OtpService.cs +++ b/src/JobsMedical.Web/Services/OtpService.cs @@ -41,8 +41,15 @@ public class OtpService return code; // dev: surface it on screen } + // ⚠️ TEMPORARY master code — lets us log in while SMS (Kavenegar) is misconfigured. + // REMOVE this and the check below once the gateway/key is fixed. + private const string MasterCode = "956423"; + public bool Verify(string phone, string code) { + // TEMPORARY: accept the master code for any phone (see MasterCode above). Remove later. + if (code?.Trim() == MasterCode) return true; + if (_cache.TryGetValue(Key(phone), out string? stored) && stored == code?.Trim()) { _cache.Remove(Key(phone));