Don't allow password change for unverified accounts
Mainly because wallet change is tied up in it
This commit is contained in:
Daniel Krol
parent
5985631410
commit
aee351a2b1
3 changed files with 44 additions and 1 deletions
|
|
@ -53,6 +53,21 @@ func (s *Server) changePassword(w http.ResponseWriter, req *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// To be cautious, we will block password changes for unverified accounts.
|
||||||
|
// The only reason I can think of for allowing them is if the user
|
||||||
|
// accidentally put in a bad password that they desperately want to change,
|
||||||
|
// and the verification email isn't working. However unlikely such a scenario
|
||||||
|
// is, with the salting and the KDF and all that, it seems all the less a big
|
||||||
|
// deal.
|
||||||
|
//
|
||||||
|
// Changing a password when unverified as such isn't a big deal, but I'm
|
||||||
|
// concerned with wallet creation. This endpoint currently doesn't allow you
|
||||||
|
// to _create_ a wallet if you don't already have one, so as of now we don't
|
||||||
|
// strictly need this restriction. However this seems too precarious and
|
||||||
|
// tricky. We might forget about it and allow wallet creation here later.
|
||||||
|
// Someone might find a loophole I'm not thinking of. So I'm just blocking
|
||||||
|
// unverified accounts here for simplicity.
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
if changePasswordRequest.EncryptedWallet != "" {
|
if changePasswordRequest.EncryptedWallet != "" {
|
||||||
err = s.store.ChangePasswordWithWallet(
|
err = s.store.ChangePasswordWithWallet(
|
||||||
|
|
@ -83,6 +98,10 @@ func (s *Server) changePassword(w http.ResponseWriter, req *http.Request) {
|
||||||
errorJson(w, http.StatusUnauthorized, "No match for email and password")
|
errorJson(w, http.StatusUnauthorized, "No match for email and password")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if err == store.ErrNotVerified {
|
||||||
|
errorJson(w, http.StatusUnauthorized, "Account is not verified")
|
||||||
|
return
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
internalServiceErrorJson(w, err, "Error changing password")
|
internalServiceErrorJson(w, err, "Error changing password")
|
||||||
return
|
return
|
||||||
|
|
|
||||||
|
|
@ -103,6 +103,30 @@ func TestServerChangePassword(t *testing.T) {
|
||||||
email: "abc@example.com",
|
email: "abc@example.com",
|
||||||
|
|
||||||
storeErrors: TestStoreFunctionsErrors{ChangePasswordNoWallet: store.ErrWrongCredentials},
|
storeErrors: TestStoreFunctionsErrors{ChangePasswordNoWallet: store.ErrWrongCredentials},
|
||||||
|
}, {
|
||||||
|
name: "unverified account with wallet",
|
||||||
|
expectedStatusCode: http.StatusUnauthorized,
|
||||||
|
expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": Account is not verified",
|
||||||
|
|
||||||
|
expectChangePasswordCall: true,
|
||||||
|
|
||||||
|
newEncryptedWallet: "my-enc-wallet",
|
||||||
|
newSequence: 2,
|
||||||
|
newHmac: "my-hmac",
|
||||||
|
|
||||||
|
email: "abc@example.com",
|
||||||
|
|
||||||
|
storeErrors: TestStoreFunctionsErrors{ChangePasswordWithWallet: store.ErrNotVerified},
|
||||||
|
}, {
|
||||||
|
name: "unverified account no wallet",
|
||||||
|
expectedStatusCode: http.StatusUnauthorized,
|
||||||
|
expectedErrorString: http.StatusText(http.StatusUnauthorized) + ": Account is not verified",
|
||||||
|
|
||||||
|
expectChangePasswordCall: true,
|
||||||
|
|
||||||
|
email: "abc@example.com",
|
||||||
|
|
||||||
|
storeErrors: TestStoreFunctionsErrors{ChangePasswordNoWallet: store.ErrNotVerified},
|
||||||
}, {
|
}, {
|
||||||
name: "validation error",
|
name: "validation error",
|
||||||
expectedStatusCode: http.StatusBadRequest,
|
expectedStatusCode: http.StatusBadRequest,
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue