GODT-2139: Validate key pass during login

2025-12-10 04:36:43 +00:00 · 2022-11-22 15:13:34 +01:00
parent 1375f42869
commit b81fa5ed39
1 changed files with 6 additions and 0 deletions
--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@ -312,6 +312,12 @@ func (bridge *Bridge) loginUser(ctx context.Context, client *liteapi.Client, aut
 		return "", fmt.Errorf("failed to salt key password: %w", err)
 	}

+	if userKR, err := apiUser.Keys.Unlock(saltedKeyPass, nil); err != nil {
+		return "", fmt.Errorf("failed to unlock user keys: %w", err)
+	} else if userKR.CountDecryptionEntities() == 0 {
+		return "", fmt.Errorf("failed to unlock user keys")
+	}
+
 	if err := bridge.addUser(ctx, client, apiUser, authUID, authRef, saltedKeyPass, true); err != nil {
 		return "", fmt.Errorf("failed to add bridge user: %w", err)
 	}