Don't allow password change for unverified accounts
Mainly because wallet change is tied up in it
This commit is contained in:
Daniel Krol
parent
5985631410
commit
aee351a2b1
3 changed files with 44 additions and 1 deletions
|
|
@ -53,6 +53,21 @@ func (s *Server) changePassword(w http.ResponseWriter, req *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
// To be cautious, we will block password changes for unverified accounts.
|
||||
// The only reason I can think of for allowing them is if the user
|
||||
// accidentally put in a bad password that they desperately want to change,
|
||||
// and the verification email isn't working. However unlikely such a scenario
|
||||
// is, with the salting and the KDF and all that, it seems all the less a big
|
||||
// deal.
|
||||
//
|
||||
// Changing a password when unverified as such isn't a big deal, but I'm
|
||||
// concerned with wallet creation. This endpoint currently doesn't allow you
|
||||
// to _create_ a wallet if you don't already have one, so as of now we don't
|
||||
// strictly need this restriction. However this seems too precarious and
|
||||
// tricky. We might forget about it and allow wallet creation here later.
|
||||
// Someone might find a loophole I'm not thinking of. So I'm just blocking
|
||||
// unverified accounts here for simplicity.
|
||||
|
||||
var err error
|
||||
if changePasswordRequest.EncryptedWallet != "" {
|
||||
err = s.store.ChangePasswordWithWallet(
|
||||
|
|
@ -83,6 +98,10 @@ func (s *Server) changePassword(w http.ResponseWriter, req *http.Request) {
|
|||
errorJson(w, http.StatusUnauthorized, "No match for email and password")
|
||||
return
|
||||
}
|
||||
if err == store.ErrNotVerified {
|
||||
errorJson(w, http.StatusUnauthorized, "Account is not verified")
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
internalServiceErrorJson(w, err, "Error changing password")
|
||||
return
|
||||
|
|
|
|||
|
|
@ -103,6 +103,30 @@ func TestServerChangePassword(t *testing.T) {
|
|||
email: "abc@example.com",
|
||||
|
||||
storeErrors: TestStoreFunctionsErrors{ChangePasswordNoWallet: store.ErrWrongCredentials},
|
||||
}, {
|
||||
name: "unverified account with wallet",
|
||||
expectedStatusCode: http.StatusUnauthorized,
|
||||
expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": Account is not verified",
|
||||
|
||||
expectChangePasswordCall: true,
|
||||
|
||||
newEncryptedWallet: "my-enc-wallet",
|
||||
newSequence: 2,
|
||||
newHmac: "my-hmac",
|
||||
|
||||
email: "abc@example.com",
|
||||
|
||||
storeErrors: TestStoreFunctionsErrors{ChangePasswordWithWallet: store.ErrNotVerified},
|
||||
}, {
|
||||
name: "unverified account no wallet",
|
||||
expectedStatusCode: http.StatusUnauthorized,
|
||||
expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": Account is not verified",
|
||||
|
||||
expectChangePasswordCall: true,
|
||||
|
||||
email: "abc@example.com",
|
||||
|
||||
storeErrors: TestStoreFunctionsErrors{ChangePasswordNoWallet: store.ErrNotVerified},
|
||||
}, {
|
||||
name: "validation error",
|
||||
expectedStatusCode: http.StatusBadRequest,
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ var (
|
|||
ErrDuplicateAccount = fmt.Errorf("User already has an account")
|
||||
|
||||
ErrWrongCredentials = fmt.Errorf("No match for email and password")
|
||||
ErrNotVerified = fmt.Errorf("User account is not verified")
|
||||
ErrNotVerified = fmt.Errorf("User account is not verified")
|
||||
)
|
||||
|
||||
// For test stubs
|
||||
|
|
|
|||
Loading…
Reference in a new issue