mirror
/
conduit
mirror of https://gitlab.com/famedly/conduit.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix: check that keys uploaded by clients are valid 

clients uploading invalid keys can cause errors later when trying to add signatures
merge-requests/626/merge
Matthias Ahouansou 1 year ago
parent
a3386f405e
commit
be3187fda7
No known key found for this signature in database
1 changed files with 8 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      src/api/client_server/keys.rs

8
src/api/client_server/keys.rs
Unescape View File

@ -36,6 +36,10 @@ pub async fn upload_keys_route(
let sender_device = body.sender_device.as_ref().expect("user is authenticated"); let sender_device = body.sender_device.as_ref().expect("user is authenticated");
for (key_key, key_value) in &body.one_time_keys { for (key_key, key_value) in &body.one_time_keys {
key_value.deserialize().map_err(|_| {
Error::BadRequest(ErrorKind::BadJson, "Body contained invalid one-time key")
})?;
services() services()
.users .users
.add_one_time_key(sender_user, sender_device, key_key, key_value)?; .add_one_time_key(sender_user, sender_device, key_key, key_value)?;
@ -49,6 +53,10 @@ pub async fn upload_keys_route(
.get_device_keys(sender_user, sender_device)? .get_device_keys(sender_user, sender_device)?
.is_none() .is_none()
{ {
device_keys.deserialize().map_err(|_| {
Error::BadRequest(ErrorKind::BadJson, "Body contained invalid device keys")
})?;
services() services()
.users .users
.add_device_keys(sender_user, sender_device, device_keys)?; .add_device_keys(sender_user, sender_device, device_keys)?;

Write Preview
Loading…
Cancel
Save