[SDP-1031] Coinspect SDP-012 Enhance User Awareness for SMS One-Time …

…Password (OTP) Usage (#138) Add a disclaimer to the SMS message warning users about the risk of sharing their wallet registration OTP with a third party
stellar · Jan 5, 2024 · 68032ad · 68032ad
1 parent 84349b2
commit 68032ad
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/internal/serve/httphandler/receiver_send_otp_handler.go b/internal/serve/httphandler/receiver_send_otp_handler.go
@@ -18,6 +18,10 @@ import (
 	"github.com/stellar/stellar-disbursement-platform-backend/internal/utils"
 )
 
+// OTPMessageDisclaimer contains disclaimer text that needs to be added as part of the OTP message to remind the
+// receiver how sensitive the data is.
+const OTPMessageDisclaimer = " If you did not request this code, please ignore. Do not share your code with anyone."
+
 type ReceiverSendOTPHandler struct {
 	Models             *data.Models
 	SMSMessengerClient message.MessengerClient
@@ -125,7 +129,7 @@ func (h ReceiverSendOTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 			OrganizationName: organization.Name,
 		}
 
-		otpMessageTemplate := organization.OTPMessageTemplate
+		otpMessageTemplate := organization.OTPMessageTemplate + OTPMessageDisclaimer
 		if !strings.Contains(organization.OTPMessageTemplate, "{{.OTP}}") {
 			// Adding the OTP code to the template
 			otpMessageTemplate = fmt.Sprintf(`{{.OTP}} %s`, strings.TrimSpace(otpMessageTemplate))