From bd59488e423a9f25113930d5a03b34b79c7e6b02 Mon Sep 17 00:00:00 2001
From: hatim boufnichel <boufni95@gmail.com>
Date: Wed, 10 Apr 2024 01:48:05 +0200
Subject: [PATCH 1/2] check app id

---
 src/services/storage/applicationStorage.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/services/storage/applicationStorage.ts b/src/services/storage/applicationStorage.ts
index b54db0fe..f58639b0 100644
--- a/src/services/storage/applicationStorage.ts
+++ b/src/services/storage/applicationStorage.ts
@@ -94,7 +94,7 @@ export default class {
         if (!nostrPub) {
             throw new Error("no nostrPub provided")
         }
-        const user = await entityManager.getRepository(ApplicationUser).findOne({ where: { nostr_public_key: nostrPub } })
+        const user = await entityManager.getRepository(ApplicationUser).findOne({ where: { nostr_public_key: nostrPub, application: { app_id: application.app_id } } })
         if (user) {
             return user
         }
@@ -157,7 +157,7 @@ export default class {
 
     async AddNPubToApplicationUser(serialId: number, nPub: string, entityManager = this.DB) {
         return entityManager.getRepository(ApplicationUser).update(serialId, { nostr_public_key: nPub })
-    
+
     }
 
 

From dd28d9196f5e147904650bb4c87328f1b313bc68 Mon Sep 17 00:00:00 2001
From: hatim boufnichel <boufni95@gmail.com>
Date: Wed, 10 Apr 2024 01:56:44 +0200
Subject: [PATCH 2/2] fix

---
 src/services/storage/applicationStorage.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/services/storage/applicationStorage.ts b/src/services/storage/applicationStorage.ts
index f58639b0..2b81dc9d 100644
--- a/src/services/storage/applicationStorage.ts
+++ b/src/services/storage/applicationStorage.ts
@@ -94,8 +94,11 @@ export default class {
         if (!nostrPub) {
             throw new Error("no nostrPub provided")
         }
-        const user = await entityManager.getRepository(ApplicationUser).findOne({ where: { nostr_public_key: nostrPub, application: { app_id: application.app_id } } })
+        const user = await entityManager.getRepository(ApplicationUser).findOne({ where: { nostr_public_key: nostrPub } })
         if (user) {
+            if (user.application.app_id !== application.app_id) {
+                throw new Error("tried to access a user of application:" + user.application.app_id + "from application:" + application.app_id)
+            }
             return user
         }
         if (!application.allow_user_creation) {