fix auto circumvention of solution requirement - taldir - Directory service to resolve wallet mailboxes by messenger addresses

commit 60308cb524acbe417a7272a0991cd46026a15e38
parent e0cc44800afead130af171711e38ea31f01b07dc
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Sat, 25 Jan 2025 21:16:26 +0100

fix auto circumvention of solution requirement

Diffstat:
M pkg/rest/taldir.go  | 9 ++++++++-

1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/pkg/rest/taldir.go b/pkg/rest/taldir.go
@@ -408,6 +408,7 @@ func (t *Taldir) validationRequest(w http.ResponseWriter, r *http.Request) {
 	}
 	t.Db.Save(&validation)
 	expectedSolution := util.GenerateSolution(validation.TargetUri, validation.Challenge)
+	log.Printf("Expected solution: `%s', given: `%s'\n", expectedSolution, confirm.Solution)
 	if confirm.Solution != expectedSolution {
 		w.WriteHeader(http.StatusForbidden)
 		return
@@ -665,6 +666,12 @@ func (t *Taldir) validationPage(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(404)
 		return
 	}
+	if vars["challenge"] != validation.Challenge {
+		log.Println("Solution does not match challenge!")
+		w.WriteHeader(400)
+		return
+	}
+
 	address = r.URL.Query().Get("address")
 
 	if address == "" {
@@ -678,7 +685,7 @@ func (t *Taldir) validationPage(w http.ResponseWriter, r *http.Request) {
 
 	if expectedHAddress != validation.HAddress {
 		log.Println("Address does not match challenge!")
-		w.WriteHeader(500)
+		w.WriteHeader(400)
 		return
 	}

	taldir Directory service to resolve wallet mailboxes by messenger addresses
	Log \| Files \| Refs \| Submodules \| README \| LICENSE