Baguette
/
authd
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More precise permission checking during EditProfile requests.

authc
Luka Vandervelden 2020-10-02 22:03:07 +02:00
parent bda24247f0
commit 0508c99b43
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main.cr
View File

@ -432,8 +432,10 @@ class AuthD::Service
new_profile = request.new_profile new_profile = request.new_profile
profile = user.profile || Hash(String, JSON::Any).new
@read_only_profile_keys.each do |key| @read_only_profile_keys.each do |key|
if new_profile.has_key? key if new_profile[key]? != profile[key]?
return Response::Error.new "tried to edit read only key" return Response::Error.new "tried to edit read only key"
end end
end end