about summary refs log tree commit diff
path: root/app/controllers
diff options
context:
space:
mode:
authormultiple creatures <dev@multiple-creature.party>2020-02-14 04:06:35 -0600
committermultiple creatures <dev@multiple-creature.party>2020-02-14 04:06:35 -0600
commitaade8a3f756f517401ca7f3a135c4840b952c13a (patch)
tree36ae8b9a7ba52a08a4a5384966bbac4b4eb9b1c8 /app/controllers
parent10c619500af6432b1f1c5f2856be31268a92a50b (diff)
make `reject_unknown` policy bidirectional when server has secure mode enabled
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/concerns/signature_verification.rb14
1 files changed, 13 insertions, 1 deletions
diff --git a/app/controllers/concerns/signature_verification.rb b/app/controllers/concerns/signature_verification.rb
index 64eb20913..42f4d969e 100644
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -24,7 +24,15 @@ module SignatureVerification
   end
 
   def signed_request_account
-    return @signed_request_account if defined?(@signed_request_account)
+    if defined?(@signed_request_account)
+      if @signed_request_account.known?
+        return @signed_request_account
+      else
+        @signature_verification_failure_reason = 'Not authorized'
+        @signed_request_account = nil
+        return
+      end
+    end
 
     unless signed_request?
       @signature_verification_failure_reason = 'Request not signed'
@@ -59,6 +67,10 @@ module SignatureVerification
       @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
       @signed_request_account = nil
       return
+    elsif !account.known?
+      @signature_verification_failure_reason = 'Not authorized'
+      @signed_request_account = nil
+      return
     end
 
     signature             = Base64.decode64(signature_params['signature'])