- Move admin credentials from hardcoded values to configuration
- Add rate limiting (5/min) to login endpoint for brute force protection
- Extract CleanJsonResponse to shared JsonResponseHelper class
- Add DateHelpers.MonthsBetween utility and consolidate date calculations
- Update PdfReportService to use ScoreThresholds constants
- Remove 5 unused shared components (EmploymentTable, FlagsList, etc.)
- Clean up unused CSS from MainLayout.razor.css
- Create IPdfReportService interface for better testability
- Add authentication requirement to Hangfire dashboard in development
- Seal EducationVerifierService class
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When the institution name is empty, "Unknown", or "Unknown Institution",
don't show the "not found in UK database" message since it's not useful.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Features:
- Add UK institution recognition (170+ universities)
- Add diploma mill detection (100+ blacklisted institutions)
- Add education verification service with date plausibility checks
- Add local file storage option (no Azure required)
- Add default admin user seeding on startup
- Enhance Serilog logging with file output
Security fixes:
- Fix path traversal vulnerability in LocalFileStorageService
- Fix open redirect in login endpoint (use LocalRedirect)
- Fix password validation message (12 chars, not 6)
- Fix login to use HTTP POST endpoint (avoid Blazor cookie issues)
Code improvements:
- Add CancellationToken propagation to CV parser
- Add shared helpers (JsonDefaults, DateHelpers, ScoreThresholds)
- Add IUserContextService for user ID extraction
- Parallelized company verification in ProcessCVCheckJob
- Add 28 unit tests for education verification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
