From b81fa5ed39e8b816532e97be77b0ca6836947825 Mon Sep 17 00:00:00 2001
From: James Houlahan <james.houlahan@proton.ch>
Date: Tue, 22 Nov 2022 15:13:34 +0100
Subject: [PATCH] GODT-2139: Validate key pass during login

---
 internal/bridge/user.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/bridge/user.go b/internal/bridge/user.go
index 55f6f520..c3e12a61 100644
--- a/internal/bridge/user.go
+++ b/internal/bridge/user.go
@@ -312,6 +312,12 @@ func (bridge *Bridge) loginUser(ctx context.Context, client *liteapi.Client, aut
 		return "", fmt.Errorf("failed to salt key password: %w", err)
 	}
 
+	if userKR, err := apiUser.Keys.Unlock(saltedKeyPass, nil); err != nil {
+		return "", fmt.Errorf("failed to unlock user keys: %w", err)
+	} else if userKR.CountDecryptionEntities() == 0 {
+		return "", fmt.Errorf("failed to unlock user keys")
+	}
+
 	if err := bridge.addUser(ctx, client, apiUser, authUID, authRef, saltedKeyPass, true); err != nil {
 		return "", fmt.Errorf("failed to add bridge user: %w", err)
 	}