From db3ba1f0148b6abc34b4606f9b8103963a3c6850 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 6 Jun 2023 22:27:07 -0400
Subject: [PATCH] fix: PostPubkeyChallenge should not be checking email, but
 pubkey

---
 controller/auth.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/controller/auth.go b/controller/auth.go
index 15a9672..6d28f71 100644
--- a/controller/auth.go
+++ b/controller/auth.go
@@ -202,14 +202,14 @@ func (a *AuthController) PostPubkeyChallenge() {
 	}
 
 	// Retrieve the account for the given email.
-	account := model.Account{}
-	if err := db.Get().Where("email = ?", r.Email).First(&account).Error; err != nil {
-		a.Ctx.StopWithError(iris.StatusBadRequest, errors.New("invalid email or password"))
+	account := model.Key{}
+	if err := db.Get().Where("pubkey = ?", r.Pubkey).First(&account).Error; err != nil {
+		a.Ctx.StopWithError(iris.StatusBadRequest, errors.New("invalid pubkey"))
 		return
 	}
 
 	// Generate a random challenge string.
-	challenge, err := generateAndSaveChallengeToken(account.ID, time.Minute)
+	challenge, err := generateAndSaveChallengeToken(account.AccountID, time.Minute)
 	if err != nil {
 		a.Ctx.StopWithError(iris.StatusInternalServerError, errors.New("failed to generate challenge"))
 		return