Permalink
Browse files

merge setkey hotfix into production

  • Loading branch information...
2 parents 1ea7084 + 133868a commit 95e9fc58dc8f33e73c58c2d66ba31238c77ae9ae @lloyd lloyd committed Aug 22, 2011
Showing with 10 additions and 2 deletions.
  1. +10 −2 browserid/lib/wsapi.js
View
@@ -201,8 +201,16 @@ function setup(app) {
});
app.post('/wsapi/set_key', checkAuthed, checkParams(["email", "pubkey"]), function (req, resp) {
- db.addKeyToEmail(req.session.authenticatedUser, req.body.email, req.body.pubkey, function (rv) {
- resp.json(rv);
+ db.emailsBelongToSameAccount(req.session.authenticatedUser, req.body.email, function(sameAccount) {
+ // not same account? big fat error
+ if (!sameAccount) {
+ httputils.badRequest(resp, "that email does not belong to you");
+ } else {
+ // same account, we add the key
+ db.addKeyToEmail(req.session.authenticatedUser, req.body.email, req.body.pubkey, function (rv) {
+ resp.json(rv);
+ });
+ }
});
});

0 comments on commit 95e9fc5

Please sign in to comment.