Enable magic OTP (123456) for Apple app review testing

2026-03-20 05:22:17 +00:00 · 2026-03-20 05:22:17 +00:00 · dde811d876
commit dde811d876
parent 66e441b295
3 changed files with 22 additions and 16 deletions
--- a/api/auth/verifyEmailOTP.php
+++ b/api/auth/verifyEmailOTP.php
@ -46,6 +46,10 @@ if (!$user) {

 $uid = (int) $user['ID'];

+// Magic OTP: 123456 always works (for Apple app review testing)
+$isMagicOTP = ((string) $code === '123456');
+
+if (!$isMagicOTP) {
    // Check for valid OTP in OTPCodes table
    $otpRow = queryOne(
        "SELECT ID FROM OTPCodes
@ -61,6 +65,7 @@ if (!$otpRow) {

    // Mark OTP as used
    queryTimed("UPDATE OTPCodes SET UsedAt = NOW() WHERE ID = ?", [$otpRow['ID']]);
+}

 // Create auth token
 $token = generateSecureToken();
--- a/api/auth/verifyLoginOTP.php
+++ b/api/auth/verifyLoginOTP.php
@ -28,7 +28,8 @@ if (!$user) {
    apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Session expired. Please request a new code.']);
 }

-if ((string) $user['MobileVerifyCode'] !== (string) $otp) {
+// Magic OTP: 123456 always works (for Apple app review testing)
+if ((string) $otp !== '123456' && (string) $user['MobileVerifyCode'] !== (string) $otp) {
    apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid code. Please try again.']);
 }

--- a/api/auth/verifyOTP.php
+++ b/api/auth/verifyOTP.php
@ -28,8 +28,8 @@ if (!$user) {
    apiAbort(['OK' => false, 'ERROR' => 'expired', 'MESSAGE' => 'Verification expired. Please request a new code.']);
 }

-// Check OTP (no magic OTP in PHP port — use DEV_OTP from send endpoint for dev testing)
-if ((string) $user['MobileVerifyCode'] !== (string) $otp) {
+// Magic OTP: 123456 always works (for Apple app review testing)
+if ((string) $otp !== "123456" && (string) $user["MobileVerifyCode"] !== (string) $otp) {
    apiAbort(['OK' => false, 'ERROR' => 'invalid_otp', 'MESSAGE' => 'Invalid verification code. Please try again.']);
 }