{
  "_endpoint": "/api/dr/user/orphan-users",
  "_auth_required": false,
  "_collection": "RgntUser — Orphaned User Records (organisationId = 0)",
  "_total_records": 1072,
  "_critical": "HIGH — 1,072 records with bcrypt password hashes, OTP hashes, mobile numbers. All assigned Super Admin role by default during incomplete registration.",
  "_verified_date": "2026-06-08",
  "statistics": {
    "total_records": 1072,
    "records_with_bcrypt_hash": 1072,
    "records_with_otp_hash": 1052,
    "records_with_previous_password": 170,
    "active_accounts": 1026,
    "inactive_accounts": 46,
    "unique_email_domains": 579,
    "all_assigned_role": "Super Admin"
  },
  "fields_summary": {
    "id": "int64 — database primary key",
    "userId": "string — email address",
    "userName": "string — full name",
    "mobileNumber": "string — phone number",
    "encryptedPassword": "string — bcrypt $2a$10$ hash",
    "otp": "string — bcrypt hash of live OTP",
    "previousPassword": "string — bcrypt hash of previous password",
    "userRoles": "array — [{roleId, roleName}] — ALL are 'Super Admin'",
    "organisationId": "int64 — always 0 (orphan indicator)",
    "active": "boolean",
    "loginAttemptedClientIP": "string — client IP",
    "loginAttemptCount": "int32",
    "createdDateTime": "ISO8601"
  },
  "note": "Orphan users appear in BOTH /dr/user/all (n=5461) AND /dr/user/orphan-users (n=1072). 1,072 of the 5,461 main users have organisationId=0 and appear in both endpoints. Unique user count across all 3 user endpoints: 5,576."
}