Merge pull request #144 from shocknet/bug/auth_tokens

Trusted keys bug fixes
2020-08-12 12:40:57 -04:00 · 2020-08-12 12:40:57 -04:00 · ef55fd251a
commit ef55fd251a
parent ab786aac58 4738228d36
1 changed files with 17 additions and 5 deletions
--- a/src/routes.js
+++ b/src/routes.js
@ -522,17 +522,22 @@ module.exports = async (
          trustedKey => trustedKey === publicKey
        )
        const walletUnlocked = health.LNDStatus.walletStatus === 'unlocked'
+        const { authorization = '' } = req.headers

        if (!walletUnlocked) {
-          const unlockedWallet = await unlockWallet(password)
+          await unlockWallet(password)
+        }

-          if (!isKeyTrusted && unlockedWallet.field !== 'walletUnlocker') {
-            await Storage.set('trustedPKs', [...trustedKeys, publicKey])
-          }
+        if (walletUnlocked && !authorization && !isKeyTrusted) {
+          res.status(401).json({
+            field: 'alias',
+            errorMessage: 'Invalid alias/password combination',
+            success: false
+          })
+          return
        }

        if (walletUnlocked && !isKeyTrusted) {
-          const { authorization = '' } = req.headers
          const validatedToken = await validateToken(
            authorization.replace('Bearer ', '')
          )
@ -547,6 +552,10 @@ module.exports = async (
          }
        }

+        if (!isKeyTrusted) {
+          await Storage.set('trustedPKs', [...(trustedKeys || []), publicKey])
+        }
+
        // Send an event to update lightning's status
        mySocketsEvents.emit('updateLightning')

@ -854,6 +863,9 @@ module.exports = async (
      // Register user after verifying wallet password
      const publicKey = await GunDB.register(alias, password)

+      const trustedKeys = await Storage.get('trustedPKs')
+      await Storage.setItem('trustedPKs', [...(trustedKeys || []), publicKey])
+
      // Generate Access Token
      const token = await auth.generateToken()