mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-10 22:19:31 +01:00
accounts: Only allow verified accounts to SASL auth
This commit is contained in:
parent
7bce531914
commit
658d1656fa
@ -198,6 +198,12 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
|
||||
// load and check acct data all in one update to prevent races.
|
||||
// as noted elsewhere, change to proper locking for Account type later probably
|
||||
err = server.store.Update(func(tx *buntdb.Tx) error {
|
||||
// confirm account is verified
|
||||
_, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
|
||||
if err != nil {
|
||||
return errSaslFail
|
||||
}
|
||||
|
||||
creds, err := loadAccountCredentials(tx, accountKey)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -251,6 +257,12 @@ func authExternalHandler(server *Server, client *Client, mechanism string, value
|
||||
return errSaslFail
|
||||
}
|
||||
|
||||
// confirm account is verified
|
||||
_, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
|
||||
if err != nil {
|
||||
return errSaslFail
|
||||
}
|
||||
|
||||
// confirm the certfp in that account's credentials
|
||||
creds, err := loadAccountCredentials(tx, accountKey)
|
||||
if err != nil || creds.Certificate != client.certfp {
|
||||
|
Loading…
Reference in New Issue
Block a user