fix!: selectedProfile is not guaranteed, fallback
this could possibly allow to claim any username? registration flow needs to be rechecked!
This commit is contained in:
parent
c09f67ec55
commit
8f33686a76
4 changed files with 7 additions and 5 deletions
|
@ -2,7 +2,7 @@ use chrono::{Utc, Duration};
|
|||
use hmac::{Hmac, Mac};
|
||||
use jwt::SignWithKey;
|
||||
use rand::{rngs::OsRng, Rng, distributions::Alphanumeric};
|
||||
use sea_orm::{EntityTrait, DatabaseConnection, ActiveValue::NotSet, Set, DbErr, QueryFilter, DeleteResult, ColumnTrait};
|
||||
use sea_orm::{EntityTrait, DatabaseConnection, ActiveValue::NotSet, Set, DbErr, QueryFilter, ColumnTrait};
|
||||
use sha2::Sha384;
|
||||
use tracing::info;
|
||||
use std::collections::BTreeMap;
|
||||
|
|
|
@ -112,7 +112,8 @@ pub struct RefreshRequest {
|
|||
pub struct RefreshResponse {
|
||||
pub accessToken: String,
|
||||
pub clientToken: String,
|
||||
pub selectedProfile: Profile,
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub selectedProfile: Option<Profile>,
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub user: Option<User>,
|
||||
}
|
||||
|
|
|
@ -58,7 +58,7 @@ pub async fn refresh(State(state): State<AppState>, Json(payload): Json<proto::R
|
|||
let response = proto::RefreshResponse {
|
||||
accessToken: new_access_token.to_string(),
|
||||
clientToken: payload.clientToken,
|
||||
selectedProfile: proto::Profile { id: user.uuid, name: user.name },
|
||||
selectedProfile: Some(proto::Profile { id: user.uuid, name: user.name }),
|
||||
user: None,
|
||||
};
|
||||
|
||||
|
|
|
@ -26,9 +26,10 @@ pub async fn register_unmigrated(State(state): State<AppState>, Json(payload): J
|
|||
let doc = serde_json::from_str::<proto::RefreshResponse>(&response)
|
||||
.map_err(|_| (StatusCode::UNAUTHORIZED, Json(proto::Error::simple("invalid token"))))?;
|
||||
|
||||
let profile = doc.selectedProfile.unwrap_or(payload.token.selectedProfile);
|
||||
let user = doc.user.expect("user not found in response, even though we requested it!");
|
||||
let name = doc.selectedProfile.name.clone();
|
||||
let uuid = doc.selectedProfile.id;
|
||||
let name = profile.name.clone();
|
||||
let uuid = profile.id;
|
||||
|
||||
entities::user::Entity::insert(
|
||||
entities::user::ActiveModel {
|
||||
|
|
Loading…
Reference in a new issue