From 8ac6ee68bc3e7c5251501c33cb2fdded20a90432 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?So=CC=88nmez=20Kartal?= Date: Thu, 29 Feb 2024 23:04:47 +0300 Subject: [PATCH] feat(identity): throw `UnauthorizedError` if input and context identity URNs do not match --- platform/identity/src/jsonrpc/methods/getAuthorizedApps.ts | 2 ++ platform/identity/src/jsonrpc/methods/hasAccounts.ts | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/platform/identity/src/jsonrpc/methods/getAuthorizedApps.ts b/platform/identity/src/jsonrpc/methods/getAuthorizedApps.ts index 7d020298e1..bc58678130 100644 --- a/platform/identity/src/jsonrpc/methods/getAuthorizedApps.ts +++ b/platform/identity/src/jsonrpc/methods/getAuthorizedApps.ts @@ -45,6 +45,8 @@ export const getAuthorizedAppsMethod = async ({ if (!ctx.identityURN) throw new UnauthorizedError({ message: 'identity not found' }) + if (ctx.identityURN !== input.identity) throw new UnauthorizedError() + const caller = router.createCaller(ctx) const edgesResult = await caller.edges.getEdges({ query: { diff --git a/platform/identity/src/jsonrpc/methods/hasAccounts.ts b/platform/identity/src/jsonrpc/methods/hasAccounts.ts index 7de38c0048..1af746f41b 100644 --- a/platform/identity/src/jsonrpc/methods/hasAccounts.ts +++ b/platform/identity/src/jsonrpc/methods/hasAccounts.ts @@ -1,6 +1,8 @@ import * as set from 'ts-set-utils' import { z } from 'zod' +import { UnauthorizedError } from '@proofzero/errors' + import { router } from '@proofzero/platform.core' import { inputValidators } from '@proofzero/platform-middleware' @@ -39,9 +41,8 @@ export const hasAccountsMethod = async ({ input: HasAccountsInput ctx: Context }): Promise => { - if (input.identity !== ctx.identityURN) { - throw Error('Invalid identity input') - } + if (ctx.identityURN !== input.identity) throw new UnauthorizedError() + // Return the list of edges between the identity node and any // account nodes. Don't filter the accounts by type, we want them // all (the total number is normally going to be small).