Merge pull request #144 from shocknet/bug/auth_tokens

Trusted keys bug fixes

src/routes.js

@@ -522,17 +522,22 @@ module.exports = async (
           trustedKey => trustedKey === publicKey
         )
         const walletUnlocked = health.LNDStatus.walletStatus === 'unlocked'
+        const { authorization = '' } = req.headers
 
         if (!walletUnlocked) {
-          const unlockedWallet = await unlockWallet(password)
-
-          if (!isKeyTrusted && unlockedWallet.field !== 'walletUnlocker') {
-            await Storage.set('trustedPKs', [...trustedKeys, publicKey])
+          await unlockWallet(password)
         }
+
+        if (walletUnlocked && !authorization && !isKeyTrusted) {
+          res.status(401).json({
+            field: 'alias',
+            errorMessage: 'Invalid alias/password combination',
+            success: false
+          })
+          return
         }
 
         if (walletUnlocked && !isKeyTrusted) {
-          const { authorization = '' } = req.headers
           const validatedToken = await validateToken(
             authorization.replace('Bearer ', '')
           )
@@ -547,6 +552,10 @@ module.exports = async (
           }
         }
 
+        if (!isKeyTrusted) {
+          await Storage.set('trustedPKs', [...(trustedKeys || []), publicKey])
+        }
+
         // Send an event to update lightning's status
         mySocketsEvents.emit('updateLightning')
 
@@ -854,6 +863,9 @@ module.exports = async (
       // Register user after verifying wallet password
       const publicKey = await GunDB.register(alias, password)
 
+      const trustedKeys = await Storage.get('trustedPKs')
+      await Storage.setItem('trustedPKs', [...(trustedKeys || []), publicKey])
+
       // Generate Access Token
       const token = await auth.generateToken()