fix: verify there is a user using the API

diff --git a/src/org/cacert/gigi/api/GigiAPI.java b/src/org/cacert/gigi/api/GigiAPI.java
index a5acbe5605012fc08e3ef0b5cffc3b8228201b30..d511d315801180e2c871c50b259e3ff1c5359d7d 100644 (file)
--- a/src/org/cacert/gigi/api/GigiAPI.java
+++ b/src/org/cacert/gigi/api/GigiAPI.java
@@ -50,6 +50,10 @@ public class GigiAPI extends HttpServlet {
         }
         String serial = LoginPage.extractSerialFormCert(cert);
         User u = LoginPage.fetchUserBySerial(serial);
+        if (u == null) {
+            resp.sendError(403, "Error, cert authing required.");
+            return;
+        }
 
         if (pi.equals("/account/certs/new")) {