From 0eb78d530376c43d228e3e071e032fe9849149ed Mon Sep 17 00:00:00 2001
From: Chocobozzz <florian.bigard@gmail.com>
Date: Sat, 1 Oct 2016 09:09:07 +0200
Subject: Server: do not forget to check the signature when another pod wants
 to quit us

---
 server/controllers/api/v1/pods.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'server/controllers/api/v1/pods.js')

diff --git a/server/controllers/api/v1/pods.js b/server/controllers/api/v1/pods.js
index 2bdfe0c92..d509db964 100644
--- a/server/controllers/api/v1/pods.js
+++ b/server/controllers/api/v1/pods.js
@@ -10,6 +10,7 @@ const friends = require('../../../lib/friends')
 const middlewares = require('../../../middlewares')
 const admin = middlewares.admin
 const oAuth = middlewares.oauth
+const checkSignature = middlewares.secure.checkSignature
 const validators = middlewares.validators.pods
 const signatureValidator = middlewares.validators.remote.signature
 
@@ -31,7 +32,11 @@ router.get('/quitfriends',
   quitFriends
 )
 // Post because this is a secured request
-router.post('/remove', signatureValidator, removePods)
+router.post('/remove',
+  signatureValidator,
+  checkSignature,
+  removePods
+)
 
 // ---------------------------------------------------------------------------
 
-- 
cgit v1.2.3