From 355eb782b862a84a973eccefe47e9f38addb30ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Iv=C3=A1n=20Vieitez=20Parra?= <3857362+corrideat@users.noreply.github.com> Date: Thu, 12 Dec 2024 12:43:19 +0000 Subject: [PATCH] Types and comments --- backend/routes.js | 7 ++++++- shared/domains/chelonia/Secret.js | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/backend/routes.js b/backend/routes.js index d2c51c084..b61a06c8a 100644 --- a/backend/routes.js +++ b/backend/routes.js @@ -119,7 +119,9 @@ route.POST('/event', { const saltUpdateToken = request.headers['shelter-salt-update-token'] let updateSalts if (saltUpdateToken) { - // .. + // If we've got a salt update token (i.e., a password change), fetch + // the username associated to the contract to see if they match, and + // then validate the token const name = request.headers['shelter-name'] const namedContractID = name && await sbp('backend/db/lookupName', name) if (namedContractID !== deserializedHEAD.contractID) { @@ -128,6 +130,9 @@ route.POST('/event', { updateSalts = await redeemSaltUpdateToken(name, saltUpdateToken) } await sbp('backend/server/handleEntry', deserializedHEAD, request.payload) + // If it's a salt update, do it now after handling the message. This way + // we make it less likely that someone will end up locked out from their + // identity contract. await updateSalts?.(deserializedHEAD.hash) if (deserializedHEAD.isFirstMessage) { // Store attribution information diff --git a/shared/domains/chelonia/Secret.js b/shared/domains/chelonia/Secret.js index 27620860d..da7e2b4ab 100644 --- a/shared/domains/chelonia/Secret.js +++ b/shared/domains/chelonia/Secret.js @@ -23,10 +23,13 @@ export class Secret<T> { } constructor (value: T) { + // $FlowFixMe[escaped-generic] wm.set(this, value) } valueOf (): T { + // $FlowFixMe[escaped-generic] + // $FlowFixMe[incompatible-return] return wm.get(this) } }