From e6d28831dd85eec22d35d74781966fcd1d1b1f39 Mon Sep 17 00:00:00 2001
From: BlackDex <black.dex@gmail.com>
Date: Mon, 11 Nov 2024 14:45:46 +0100
Subject: [PATCH] Fix user uuid validation

A wrong uuid validation check was done.
This PR fixes this.

Fixes #5174
---
 src/api/core/accounts.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
index e715d8bd..b3f00268 100644
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@@ -1136,15 +1136,15 @@ async fn post_auth_request(
 
 #[get("/auth-requests/<uuid>")]
 async fn get_auth_request(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
-    if headers.user.uuid != uuid {
-        err!("AuthRequest doesn't exist", "User uuid's do not match")
-    }
-
     let auth_request = match AuthRequest::find_by_uuid(uuid, &mut conn).await {
         Some(auth_request) => auth_request,
         None => err!("AuthRequest doesn't exist", "Record not found"),
     };
 
+    if headers.user.uuid != auth_request.user_uuid {
+        err!("AuthRequest doesn't exist", "User uuid does not match")
+    }
+
     let response_date_utc = auth_request.response_date.map(|response_date| format_date(&response_date));
 
     Ok(Json(json!({