From 307787526dc8091ebbfbe8b4cf8e09648cdc1592 Mon Sep 17 00:00:00 2001 From: Dave Horton Date: Tue, 30 May 2023 14:58:42 -0400 Subject: [PATCH] bugfix: one account could potentially use speech creds from a different account --- lib/models/speech-credential.js | 2 +- lib/routes/api/speech-credentials.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/models/speech-credential.js b/lib/models/speech-credential.js index ff529cc..6f70357 100644 --- a/lib/models/speech-credential.js +++ b/lib/models/speech-credential.js @@ -1,7 +1,7 @@ const Model = require('./model'); const {promisePool} = require('../db'); const retrieveSql = 'SELECT * from speech_credentials WHERE account_sid = ?'; -const retrieveSqlForSP = 'SELECT * from speech_credentials WHERE service_provider_sid = ?'; +const retrieveSqlForSP = 'SELECT * from speech_credentials WHERE service_provider_sid = ? and account_sid is null'; class SpeechCredential extends Model { constructor() { diff --git a/lib/routes/api/speech-credentials.js b/lib/routes/api/speech-credentials.js index 04823c6..273d6d2 100644 --- a/lib/routes/api/speech-credentials.js +++ b/lib/routes/api/speech-credentials.js @@ -103,7 +103,7 @@ const obscureKey = (key) => { const key_spoiler_length = 6; const key_spoiler_char = 'X'; - if (key.length <= key_spoiler_length) { + if (!key || key.length <= key_spoiler_length) { return key; }