Skip to content

Commit

Permalink
feat(identity): throw UnauthorizedError if input and context identi…
Browse files Browse the repository at this point in the history
…ty URNs do not match
  • Loading branch information
szkl committed Feb 29, 2024
1 parent 225dfb7 commit 8ac6ee6
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
2 changes: 2 additions & 0 deletions platform/identity/src/jsonrpc/methods/getAuthorizedApps.ts
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ export const getAuthorizedAppsMethod = async ({
if (!ctx.identityURN)
throw new UnauthorizedError({ message: 'identity not found' })

if (ctx.identityURN !== input.identity) throw new UnauthorizedError()

const caller = router.createCaller(ctx)
const edgesResult = await caller.edges.getEdges({
query: {
Expand Down
7 changes: 4 additions & 3 deletions platform/identity/src/jsonrpc/methods/hasAccounts.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import * as set from 'ts-set-utils'
import { z } from 'zod'

import { UnauthorizedError } from '@proofzero/errors'

import { router } from '@proofzero/platform.core'
import { inputValidators } from '@proofzero/platform-middleware'

Expand Down Expand Up @@ -39,9 +41,8 @@ export const hasAccountsMethod = async ({
input: HasAccountsInput
ctx: Context
}): Promise<HasAccountsOutput> => {
if (input.identity !== ctx.identityURN) {
throw Error('Invalid identity input')
}
if (ctx.identityURN !== input.identity) throw new UnauthorizedError()

// Return the list of edges between the identity node and any
// account nodes. Don't filter the accounts by type, we want them
// all (the total number is normally going to be small).
Expand Down

0 comments on commit 8ac6ee6

Please sign in to comment.