From a7138ba958314dedac1e5ac36af9d509b43c4c7c Mon Sep 17 00:00:00 2001
From: John Mizerek <mizerek@gmail.com>
Date: Sat, 7 Mar 2026 16:12:03 -0800
Subject: [PATCH] Fix loginOTP case sensitivity with preserveCaseForStructKey

The beacon app sends "Phone" (uppercase) but loginOTP.cfm checked for
"phone" (lowercase). With preserveCaseForStructKey=true this fails.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 api/auth/loginOTP.cfm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/auth/loginOTP.cfm b/api/auth/loginOTP.cfm
index 21eada2..138fdbe 100644
--- a/api/auth/loginOTP.cfm
+++ b/api/auth/loginOTP.cfm
@@ -45,7 +45,8 @@ function generateOTP() {
 
 try {
     data = readJsonBody();
-    phone = structKeyExists(data, "phone") ? normalizePhone(data.phone) : "";
+    phone = structKeyExists(data, "Phone") ? normalizePhone(data.Phone)
+          : structKeyExists(data, "phone") ? normalizePhone(data.phone) : "";
 
     if (len(phone) != 10) {
         apiAbort({ "OK": false, "ERROR": "invalid_phone", "MESSAGE": "Please enter a valid 10-digit phone number" });