studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

reject device keys if they dont match user ID or device ID or are missing fields

Browse Source 
Signed-off-by: June Clementine Strawberry <june@3.dog>
This commit is contained in:
June Clementine Strawberry
2025-03-06 00:14:49 -05:00
parent c10500f8ae
commit 17b625a85b
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/api/client/keys.rs
View File

@@ -48,6 +48,19 @@ pub(crate) async fn upload_keys_route(
} }
if let Some(device_keys) = &body.device_keys { if let Some(device_keys) = &body.device_keys {
let deser_device_keys = device_keys.deserialize()?;
if deser_device_keys.user_id != sender_user {
return Err!(Request(Unknown(
"User ID in keys uploaded does not match your own user ID"
)));
}
if deser_device_keys.device_id != sender_device {
return Err!(Request(Unknown(
"Device ID in keys uploaded does not match your own device ID"
)));
}
// TODO: merge this and the existing event? // TODO: merge this and the existing event?
// This check is needed to assure that signatures are kept // This check is needed to assure that signatures are kept
if services if services