Permalink
Browse files

Fix token overwrite bug

  • Loading branch information...
dsamarin committed May 23, 2018
1 parent 0f3c430 commit 37172701fc62c59bd532371d2bc20e7e518b3efd
Showing with 10 additions and 10 deletions.
  1. +10 −10 db.go
20 db.go
@@ -184,15 +184,15 @@ func (d *ZerodropDB) List(token string) ([]*ZerodropEntry, error) {

// Update adds an entry to the database.
func (d *ZerodropDB) Update(entry *ZerodropEntry, claims *AdminClaims) error {
if !claims.Admin {
// Validate token if exists
var token string
err := d.UpdateCheckTokenStmt.QueryRow(entry.Name).Scan(&token)
if err == nil {
if token != claims.Token {
return ErrNotAuthorized
}
}
var token string

err := d.UpdateCheckTokenStmt.QueryRow(entry.Name).Scan(&token)
if err != nil {
// The entry does not exist.
token = claims.Token
} else if !claims.Admin && token != claims.Token {
// The entry exists and the tokens do not match.
return ErrNotAuthorized
}

var buffer bytes.Buffer
@@ -201,7 +201,7 @@ func (d *ZerodropDB) Update(entry *ZerodropEntry, claims *AdminClaims) error {
return err
}

if _, err := d.AdminUpdateStmt.Exec(entry.Name, claims.Token, entry.Creation.Unix(), buffer.Bytes()); err != nil {
if _, err := d.AdminUpdateStmt.Exec(entry.Name, token, entry.Creation.Unix(), buffer.Bytes()); err != nil {
return err
}

0 comments on commit 3717270

Please sign in to comment.