|
@@ -198,6 +198,12 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
|
198
|
198
|
// load and check acct data all in one update to prevent races.
|
199
|
199
|
// as noted elsewhere, change to proper locking for Account type later probably
|
200
|
200
|
err = server.store.Update(func(tx *buntdb.Tx) error {
|
|
201
|
+ // confirm account is verified
|
|
202
|
+ _, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
|
|
203
|
+ if err != nil {
|
|
204
|
+ return errSaslFail
|
|
205
|
+ }
|
|
206
|
+
|
201
|
207
|
creds, err := loadAccountCredentials(tx, accountKey)
|
202
|
208
|
if err != nil {
|
203
|
209
|
return err
|
|
@@ -251,6 +257,12 @@ func authExternalHandler(server *Server, client *Client, mechanism string, value
|
251
|
257
|
return errSaslFail
|
252
|
258
|
}
|
253
|
259
|
|
|
260
|
+ // confirm account is verified
|
|
261
|
+ _, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
|
|
262
|
+ if err != nil {
|
|
263
|
+ return errSaslFail
|
|
264
|
+ }
|
|
265
|
+
|
254
|
266
|
// confirm the certfp in that account's credentials
|
255
|
267
|
creds, err := loadAccountCredentials(tx, accountKey)
|
256
|
268
|
if err != nil || creds.Certificate != client.certfp {
|