Browse Source
Fix user uuid validation
A wrong uuid validation check was done.
This PR fixes this.
Fixes #5174
pull/5175/head
BlackDex
5 months ago
No known key found for this signature in database
GPG Key ID: 58C80A2AA6C765E1
1 changed files with
4 additions and
4 deletions
-
src/api/core/accounts.rs
|
|
|
@ -1136,15 +1136,15 @@ async fn post_auth_request( |
|
|
|
|
|
|
|
#[get("/auth-requests/<uuid>")] |
|
|
|
async fn get_auth_request(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult { |
|
|
|
if headers.user.uuid != uuid { |
|
|
|
err!("AuthRequest doesn't exist", "User uuid's do not match") |
|
|
|
} |
|
|
|
|
|
|
|
let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await { |
|
|
|
Some(auth_request) => auth_request, |
|
|
|
None => err!("AuthRequest doesn't exist", "Record not found"), |
|
|
|
}; |
|
|
|
|
|
|
|
if headers.user.uuid != auth_request.user_uuid { |
|
|
|
err!("AuthRequest doesn't exist", "User uuid does not match") |
|
|
|
} |
|
|
|
|
|
|
|
let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date)); |
|
|
|
|
|
|
|
Ok(Json(json!({ |
|
|
|
|
