soroushdes/hamkadr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[TEMP] Remove master OTP backdoor (956423)

Browse Source 
Admin access is restored, so drop the temporary always-accepted login code.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-04 17:39:03 +03:30
parent 02eb761488
commit 70bab6b916
1 changed files with 0 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/JobsMedical.Web/Services/OtpService.cs
-7
View File
@@ -41,15 +41,8 @@ public class OtpService
return code; // dev: surface it on screen return code; // dev: surface it on screen
} }
// ⚠️ TEMPORARY master code — lets us log in while SMS (Kavenegar) is misconfigured.
// REMOVE this and the check below once the gateway/key is fixed.
private const string MasterCode = "956423";
public bool Verify(string phone, string code) public bool Verify(string phone, string code)
{ {
// TEMPORARY: accept the master code for any phone (see MasterCode above). Remove later.
if (code?.Trim() == MasterCode) return true;
if (_cache.TryGetValue(Key(phone), out string? stored) && stored == code?.Trim()) if (_cache.TryGetValue(Key(phone), out string? stored) && stored == code?.Trim())
{ {
_cache.Remove(Key(phone)); _cache.Remove(Key(phone));