asonix/matrix-dimension
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'travis/security'

Browse source
This commit is contained in:
Travis Ralston 2018-09-09 09:58:25 -06:00
parent 2eaa78c1c7 edbeeb4e85
commit 60da1fc4db
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/api/scalar/ScalarService.ts
View file

@ -53,6 +53,11 @@ export class ScalarService {
const mxClient = new MatrixOpenIdClient(<OpenId>request);
const mxUserId = await mxClient.getUserId();
if (!mxUserId.endsWith(":" + request.matrix_server_name)) {
LogService.warn("ScalarService", `OpenID subject '${mxUserId}' does not belong to the homeserver '${request.matrix_server_name}'`);
throw new ApiError(401, "Invalid token");
}
const user = await User.findByPrimary(mxUserId);
if (!user) {
// There's a small chance we'll get a validation error because of: