only allow owners who have been around for more than a day to modify …

…ownership Also don’t allow recoveryKey to overwrite existing owners
uport-project · Apr 21, 2017 · c2c9cb9 · c2c9cb9
1 parent a7e465c
commit c2c9cb9
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/contracts/controllers/IdentityManager.sol b/contracts/controllers/IdentityManager.sol
@@ -30,6 +30,10 @@ contract IdentityManager {
     if (owners[identity][msg.sender] > 0 && owners[identity][msg.sender] <= now ) _; 
   }
 
+  modifier onlyOlderOwner(address identity) { 
+    if (owners[identity][msg.sender] > 0 && (owners[identity][msg.sender] + 1 days) <= now) _; 
+  }
+
   modifier onlyRecovery(address identity) { 
     if (recoveryKeys[identity] == msg.sender) _; 
   }
@@ -38,7 +42,7 @@ contract IdentityManager {
   // gas 289,311
   function CreateIdentity(address owner, address recoveryKey) {
     Proxy identity = new Proxy();
-    owners[identity][owner] = now;
+    owners[identity][owner] = now - 1 days; // This is to ensure original owner has full power from day one
     recoveryKeys[identity] = recoveryKey;
     IdentityCreated(identity, msg.sender, owner,  recoveryKey);
   }
@@ -48,25 +52,26 @@ contract IdentityManager {
   }
 
   // an owner can add a new device instantly
-  function addOwner(Proxy identity, address newOwner) onlyOwner(identity) {
+  function addOwner(Proxy identity, address newOwner) onlyOlderOwner(identity) {
     owners[identity][newOwner] = now;
     OwnerAdded(identity, newOwner, msg.sender);
   }
 
   // a recovery key owner can add a new device with 1 days wait time
   function addOwnerForRecovery(Proxy identity, address newOwner) onlyRecovery(identity) {
+    if (owners[identity][newOwner] > 0) throw;
     owners[identity][newOwner] = now + 1 days;
     OwnerAdded(identity, newOwner, msg.sender);
   }
 
   // an owner can remove another owner instantly
-  function removeOwner(Proxy identity, address owner) onlyOwner(identity) {
+  function removeOwner(Proxy identity, address owner) onlyOlderOwner(identity) {
     owners[identity][owner] = 0;
     OwnerRemoved(identity, owner, msg.sender);
   }
 
   // an owner can add change the recoverykey whenever they want to
-  function changeRecovery(Proxy identity, address recoveryKey) onlyOwner(identity) {
+  function changeRecovery(Proxy identity, address recoveryKey) onlyOlderOwner(identity) {
     recoveryKeys[identity] = recoveryKey;
     RecoveryChanged(identity, recoveryKey, msg.sender);
   }