don't allow verified connection without username

2025-08-04 03:13:09 +02:00 · 2015-08-24 15:01:39 -07:00 · 2015-08-24 15:01:39 -07:00 · a9c04e5116
commit a9c04e5116
parent c6f1567361
1 changed files with 8 additions and 7 deletions
--- a/domain-server/src/DomainGatekeeper.cpp
+++ b/domain-server/src/DomainGatekeeper.cpp
@ -367,10 +367,6 @@ bool DomainGatekeeper::verifyUserSignature(const QString& username,
 bool DomainGatekeeper::isVerifiedAllowedUser(const QString& username, const QByteArray& usernameSignature,
                                             const HifiSockAddr& senderSockAddr) {
    
-    QStringList allowedUsers =
-        _server->_settingsManager.valueOrDefaultValueForKeyPath(ALLOWED_USERS_SETTINGS_KEYPATH).toStringList();
-    
-    if (allowedUsers.contains(username, Qt::CaseInsensitive)) {
    if (username.isEmpty()) {
        qDebug() << "Connect request denied - no username provided.";
        
@ -378,6 +374,11 @@ bool DomainGatekeeper::isVerifiedAllowedUser(const QString& username, const QByt
        
        return false;
    }
+    
+    QStringList allowedUsers =
+        _server->_settingsManager.valueOrDefaultValueForKeyPath(ALLOWED_USERS_SETTINGS_KEYPATH).toStringList();
+    
+    if (allowedUsers.contains(username, Qt::CaseInsensitive)) {
        if (!verifyUserSignature(username, usernameSignature, senderSockAddr)) {
            return false;
        }