magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reject device keys if they dont match user ID or device ID or are missing fields

Browse source 
Signed-off-by: June Clementine Strawberry <june@3.dog>
This commit is contained in:
June Clementine Strawberry 2025-03-06 00:14:49 -05:00
parent c10500f8ae
commit 17b625a85b
No known key found for this signature in database
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/api/client/keys.rs
View file

@ -48,6 +48,19 @@ pub(crate) async fn upload_keys_route(
}
if let Some(device_keys) = &body.device_keys {
let deser_device_keys = device_keys.deserialize()?;
if deser_device_keys.user_id != sender_user {
return Err!(Request(Unknown(
"User ID in keys uploaded does not match your own user ID"
)));
}
if deser_device_keys.device_id != sender_device {
return Err!(Request(Unknown(
"Device ID in keys uploaded does not match your own device ID"
)));
}
// TODO: merge this and the existing event?
// This check is needed to assure that signatures are kept
if services