diff options
author | pennae <github@quasiparticle.net> | 2022-08-10 01:54:20 +0200 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2022-08-10 01:58:29 +0200 |
commit | aeb116bace23f66a86caf6d5868ea82dfb901e36 (patch) | |
tree | d634ec843f6d5513f487b82331fff23e23f3f20f /migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql | |
parent | 6fdf7e463ee939c7f8eacf89d820e7ab405de587 (diff) | |
download | minor-skulk-aeb116bace23f66a86caf6d5868ea82dfb901e36.tar.gz minor-skulk-aeb116bace23f66a86caf6d5868ea82dfb901e36.tar.xz minor-skulk-aeb116bace23f66a86caf6d5868ea82dfb901e36.zip |
don't allow users to edit devices of other users
while device ids should be impossible to guess (being as long as oauth
tokens), we should still guard against malicious activity if they should
ever leak.
Diffstat (limited to 'migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql')
-rw-r--r-- | migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql b/migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql new file mode 100644 index 0000000..51d1743 --- /dev/null +++ b/migrations/20220809225706_add_user_id_check_to_insert_or_update_device.down.sql @@ -0,0 +1,4 @@ +drop function insert_or_update_device(device_id, user_id, text, text, device_push_info, + device_command[], jsonb, out device); +alter function insert_or_update_device_1(device_id, user_id, text, text, device_push_info, + device_command[], jsonb, out device) rename to insert_or_update_device; |