mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-22 20:09:41 +01:00
accounts: Only allow verified accounts to SASL auth
This commit is contained in:
parent
7bce531914
commit
658d1656fa
@ -198,6 +198,12 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
|
|||||||
// load and check acct data all in one update to prevent races.
|
// load and check acct data all in one update to prevent races.
|
||||||
// as noted elsewhere, change to proper locking for Account type later probably
|
// as noted elsewhere, change to proper locking for Account type later probably
|
||||||
err = server.store.Update(func(tx *buntdb.Tx) error {
|
err = server.store.Update(func(tx *buntdb.Tx) error {
|
||||||
|
// confirm account is verified
|
||||||
|
_, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
|
||||||
|
if err != nil {
|
||||||
|
return errSaslFail
|
||||||
|
}
|
||||||
|
|
||||||
creds, err := loadAccountCredentials(tx, accountKey)
|
creds, err := loadAccountCredentials(tx, accountKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@ -251,6 +257,12 @@ func authExternalHandler(server *Server, client *Client, mechanism string, value
|
|||||||
return errSaslFail
|
return errSaslFail
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// confirm account is verified
|
||||||
|
_, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
|
||||||
|
if err != nil {
|
||||||
|
return errSaslFail
|
||||||
|
}
|
||||||
|
|
||||||
// confirm the certfp in that account's credentials
|
// confirm the certfp in that account's credentials
|
||||||
creds, err := loadAccountCredentials(tx, accountKey)
|
creds, err := loadAccountCredentials(tx, accountKey)
|
||||||
if err != nil || creds.Certificate != client.certfp {
|
if err != nil || creds.Certificate != client.certfp {
|
||||||
|
Loading…
Reference in New Issue
Block a user