From dc31e36decd7284f0582b8b69cc704be77aa1bbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Andr=C3=A9s=20Dorado=20Su=C3=A1rez?=
 <hola@pablodorado.com>
Date: Wed, 9 Oct 2024 19:25:17 -0500
Subject: [PATCH] change(fc-pallet-pass): ensure credential authentication is
 valid before enabling feeless execution of `authenticate`

---
 pallets/pass/src/lib.rs | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/pallets/pass/src/lib.rs b/pallets/pass/src/lib.rs
index d07d0bb..c290ee0 100644
--- a/pallets/pass/src/lib.rs
+++ b/pallets/pass/src/lib.rs
@@ -153,12 +153,20 @@ pub mod pallet {
         }
 
         #[pallet::feeless_if(
-            |_: &OriginFor<T>, device_id: &DeviceId, _: &CredentialOf<T, I>, _: &Option<BlockNumberFor<T>>| -> bool {
-                if let Ok(account_id) = Pallet::<T, I>::account_id_for(credential.user_id()) {
-                    Pallet::<T, I>::account_exists(&account_id)
-                } else {
-                    false
-                }
+            |_: &OriginFor<T>, device_id: &DeviceId, credential: &CredentialOf<T, I>, _: &Option<BlockNumberFor<T>>| -> bool {
+                Pallet::<T, I>::account_id_for(credential.user_id())
+                    .and_then(|account_id| {
+                        ensure!(
+                            Pallet::<T, I>::account_exists(&account_id),
+                            Error::<T, I>::AccountNotFound
+                        );
+                        let device = Devices::<T, I>::get(&account_id, device_id)
+                            .ok_or::<DispatchError>(Error::<T, I>::DeviceNotFound.into())?;
+                        device
+                            .verify_user(&credential)
+                            .ok_or(Error::<T, I>::CredentialInvalid.into())
+                    })
+                    .is_ok()
             }
         )]
         #[pallet::call_index(3)]