From 886213d98818ef46f2f0382d2d9756a893c733d2 Mon Sep 17 00:00:00 2001
From: chabanyknikita <nikchabanyk@gmail.com>
Date: Wed, 23 Oct 2024 14:29:58 +0300
Subject: [PATCH] add nullifier check in light

---
 .../service/handlers/verification_callback_light.go    | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/internal/service/handlers/verification_callback_light.go b/internal/service/handlers/verification_callback_light.go
index b69d141..5b32a5d 100644
--- a/internal/service/handlers/verification_callback_light.go
+++ b/internal/service/handlers/verification_callback_light.go
@@ -126,7 +126,15 @@ func VerificationSignatureCallback(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		if byAnonymousID != nil && byAnonymousID.UserIDHash != verifiedUser.UserIDHash {
+		byNullifier, dbErr := VerifyUsersQ(r).FilterByNullifier(nullifierHex).Get()
+		if dbErr != nil {
+			Log(r).Error("Failed to get user by nullifier")
+			ape.RenderErr(w, problems.BadRequest(dbErr)...)
+			return
+		}
+
+		if byNullifier != nil && byNullifier.UserIDHash != verifiedUser.UserIDHash &&
+			byAnonymousID != nil && byAnonymousID.UserIDHash != verifiedUser.UserIDHash {
 			Log(r).WithError(err).Errorf("User with anonymous_id [%s] but a different userIDHash already exists", anonymousIDHex)
 			verifiedUser.Status = "failed_verification"
 		} else {