From 8084b280139a5d6a1d73fa380b278e09213704ae Mon Sep 17 00:00:00 2001 From: Hinton Date: Fri, 15 Jan 2021 10:57:09 +0100 Subject: [PATCH] Ensure we only setup a communication when userId matches --- src/services/nativeMessaging.service.ts | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/services/nativeMessaging.service.ts b/src/services/nativeMessaging.service.ts index 1b45ba27..910e5fd0 100644 --- a/src/services/nativeMessaging.service.ts +++ b/src/services/nativeMessaging.service.ts @@ -22,8 +22,9 @@ export class NativeMessagingService { private sharedSecrets = new Map(); constructor(private cryptoFunctionService: CryptoFunctionService, private cryptoService: CryptoService, - private platformUtilService: PlatformUtilsService, private logService: LogService, private i18nService: I18nService, - private userService: UserService, private messagingService: MessagingService, private vaultTimeoutService: VaultTimeoutService, private storageService: StorageService) { + private platformUtilService: PlatformUtilsService, private logService: LogService, + private i18nService: I18nService, private userService: UserService, private messagingService: MessagingService, + private vaultTimeoutService: VaultTimeoutService, private storageService: StorageService) { ipcRenderer.on('nativeMessaging', async (event: any, message: any) => { this.messageHandler(message); }); @@ -37,6 +38,12 @@ export class NativeMessagingService { if (rawMessage.command === 'setupEncryption') { const remotePublicKey = Utils.fromB64ToArray(rawMessage.publicKey).buffer; + // Valudate the UserId to ensure we are logged into the same account. + if (rawMessage.userId !== await this.userService.getUserId()) { + ipcRenderer.send('nativeMessagingReply', {command: 'wrongUserId', appId: appId}); + return; + } + if (await this.storageService.get(ElectronConstants.enableBrowserIntegrationFingerprint)) { ipcRenderer.send('nativeMessagingReply', {command: 'verifyFingerprint', appId: appId});