From 38e3f6a5a22fc518ffb9306c3dee728824e1b398 Mon Sep 17 00:00:00 2001 From: "soroush.asadi" Date: Sun, 31 May 2026 21:00:37 +0330 Subject: [PATCH] fix(admin-auth): normalize phone before OTP validation to fix 400 on verify-otp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit VerifyOtpRequestValidator was passing the raw phone string to IsValidIranMobile which requires a pre-normalized 11-digit "09…" string. Any other format (country code prefix, Persian digits, etc.) failed validation instantly — causing verify-otp to return HTTP 400 in ~2ms before the service logic could ever run. Co-Authored-By: Claude Sonnet 4.6 --- src/Meezi.Admin.API/Validators/AuthValidators.cs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Meezi.Admin.API/Validators/AuthValidators.cs b/src/Meezi.Admin.API/Validators/AuthValidators.cs index c4cbed7..08f6356 100644 --- a/src/Meezi.Admin.API/Validators/AuthValidators.cs +++ b/src/Meezi.Admin.API/Validators/AuthValidators.cs @@ -8,7 +8,9 @@ public class SendOtpRequestValidator : AbstractValidator { public SendOtpRequestValidator() { - RuleFor(x => x.Phone).Must(PhoneNormalizer.IsValidIranMobile).WithMessage("Invalid phone number."); + RuleFor(x => x.Phone) + .Must(p => PhoneNormalizer.IsValidIranMobile(PhoneNormalizer.Normalize(p))) + .WithMessage("Invalid phone number."); } } @@ -16,7 +18,9 @@ public class VerifyOtpRequestValidator : AbstractValidator { public VerifyOtpRequestValidator() { - RuleFor(x => x.Phone).Must(PhoneNormalizer.IsValidIranMobile); + RuleFor(x => x.Phone) + .Must(p => PhoneNormalizer.IsValidIranMobile(PhoneNormalizer.Normalize(p))) + .WithMessage("Invalid phone number."); RuleFor(x => x.Code) .Must(OtpNormalizer.IsValidSixDigitCode) .WithMessage("OTP must be 6 digits.");