diff --git a/package.json b/package.json index 5123853..521b5a4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "krist", - "version": "3.5.1", + "version": "3.5.2", "description": "The new Krist node written in TypeScript.", "type": "module", "scripts": { diff --git a/src/krist/addresses/verify.ts b/src/krist/addresses/verify.ts index 676c51f..3740bfb 100644 --- a/src/krist/addresses/verify.ts +++ b/src/krist/addresses/verify.ts @@ -69,7 +69,9 @@ export async function verifyAddress( return { authed: true, address: newAddress }; } - if (address.privatekey) { // Address exists, auth if the privatekey is equal + // Address exists, auth if the privatekey is equal, or handle the locked flow if it's locked (even if there's no + // privatekey set) + if (address.privatekey || address.locked) { const authed = !address.locked && address.privatekey === hash; if (authed) { diff --git a/test/routes/login.test.ts b/test/routes/login.test.ts index 84ce646..099ae72 100644 --- a/test/routes/login.test.ts +++ b/test/routes/login.test.ts @@ -20,6 +20,7 @@ */ import { expect } from "chai"; +import { Address } from "../../src/database/index.js"; import { api } from "../api.js"; import { seed } from "../seed.js"; @@ -56,5 +57,21 @@ describe("v2 routes: login", function() { expect(res).to.be.json; expect(res.body).to.deep.include({ ok: true, authed: true, address: "k8juvewcui" }); }); + + it("should error for locked addresses even without a privatekey", async function() { + const address = await Address.findOne({ where: { address: "kwsgj3x184" } }); + if (!address) throw new Error("Address not found"); + + const oldPrivatekey = address.privatekey; + address.privatekey = null; + await address.save(); + + const res = await api().post("/login").send({ privatekey: "c" }); + expect(res).to.be.json; + expect(res.body).to.deep.include({ ok: true, authed: false }); + + address.privatekey = oldPrivatekey; + await address.save(); + }); }); });