From 53f6ec0a7161644c4c6c99fd462475add60642e3 Mon Sep 17 00:00:00 2001
From: Addison Beck <addisonbeck1@gmail.com>
Date: Thu, 29 Sep 2022 14:10:21 -0400
Subject: [PATCH] [SG-692] Block unknown devices from using passwordless auth
 (#2315)

* Block unknown devices from initiating auth requests

* Rename anonymousHub route to anonymous-hub
---
 src/Api/Controllers/AuthRequestsController.cs | 4 ++--
 src/Notifications/Startup.cs                  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Api/Controllers/AuthRequestsController.cs b/src/Api/Controllers/AuthRequestsController.cs
index 32c4ef846..82a22f6fe 100644
--- a/src/Api/Controllers/AuthRequestsController.cs
+++ b/src/Api/Controllers/AuthRequestsController.cs
@@ -89,9 +89,9 @@ public class AuthRequestsController : Controller
         {
             throw new BadRequestException("Device type not provided.");
         }
-        if (!_globalSettings.PasswordlessAuth.KnownDevicesOnly)
+        if (_globalSettings.PasswordlessAuth.KnownDevicesOnly)
         {
-            var d = await _deviceRepository.GetByIdentifierAsync(_currentContext.DeviceIdentifier);
+            var d = await _deviceRepository.GetByIdentifierAsync(model.DeviceIdentifier);
             if (d == null || d.UserId != user.Id)
             {
                 throw new NotFoundException();
diff --git a/src/Notifications/Startup.cs b/src/Notifications/Startup.cs
index c548e9072..14f88f7b2 100644
--- a/src/Notifications/Startup.cs
+++ b/src/Notifications/Startup.cs
@@ -113,7 +113,7 @@ public class Startup
                 options.ApplicationMaxBufferSize = 2048;
                 options.TransportMaxBufferSize = 4096;
             });
-            endpoints.MapHub<AnonymousNotificationsHub>("/anonymousHub", options =>
+            endpoints.MapHub<AnonymousNotificationsHub>("/anonymous-hub", options =>
             {
                 options.ApplicationMaxBufferSize = 2048;
                 options.TransportMaxBufferSize = 4096;