Enhancement/Security: Restrict Teacher Registration with Secret Code #23#57
Merged
Eswaramuthu merged 1 commit intoFeb 7, 2026
Conversation
|
@VishalRaut2106 is attempting to deploy a commit to the 007's projects Team on Vercel. A member of the Team first needs to authorize it. |
![entelligence-ai-pr-reviews[bot]](https://avatars.githubusercontent.com/in/932812?s=60&v=4){kind=small}
|
|
||
| # Check for Teacher Code | ||
| teacher_code = request.form.get("teacher_code") | ||
| # Get the secret code from environment variable or use default |
Contributor
There was a problem hiding this comment.
Correctness: The hardcoded default 'admin123' for TEACHER_REGISTRATION_CODE is a security vulnerability. Remove the default and modify the logic to prevent registration if the environment variable is not configured.
🤖 AI Agent Prompt for Cursor/Windsurf
📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue
File: app.py. At the teacher registration handler where `required_code` is set (around line 392), remove the hardcoded fallback value. Require `TEACHER_REGISTRATION_CODE` to be present and return an error if it is missing. Update the code block to fail closed when the env var is not configured, then compare `teacher_code` against it as before.
Contributor
Author
|
hey @Eswaramuthu i dont got any point for this successfull PR |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements a security restriction for the teacher registration flow as requested in issue #23. It introduces a mandatory "Teacher Code" verification step to prevent unauthorised users from registering as teachers.
Changes Implemented
teacher_new
route to validate the submitted teacher_code. It checks against an environment variable TEACHER_REGISTRATION_CODE (defaults to admin123 if not set).
Verification
I verified these changes with both manual testing and a regression script:
New Feature: Attempting to register with an invalid code correctly denies access and shows an error.
New Feature: Registering with the correct code (admin123) proceeds successfully.
Regression: Student registration and login flows remain unaffected.
Related Issue
Closes #23