From 5ee3a0a1b540d2341f5a23d8cc1d6b94deec1851 Mon Sep 17 00:00:00 2001
From: Samuel Hawksby-Robinson <samuel@samyoul.com>
Date: Wed, 22 Jul 2020 01:57:44 +0100
Subject: [PATCH] Added check emoji reaction retraction sender against current
 identity

---
 protocol/messenger.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/protocol/messenger.go b/protocol/messenger.go
index 03c28a980..3ce689b44 100644
--- a/protocol/messenger.go
+++ b/protocol/messenger.go
@@ -3291,7 +3291,6 @@ func (m *Messenger) SendEmojiReaction(ctx context.Context, chatID, messageID str
 }
 
 func (m *Messenger) SendEmojiReactionRetraction(ctx context.Context, emojiReactionID string) (*MessengerResponse, error) {
-	// TODO check that the sender is the key owner
 
 	m.mutex.Lock()
 	defer m.mutex.Unlock()
@@ -3301,6 +3300,17 @@ func (m *Messenger) SendEmojiReactionRetraction(ctx context.Context, emojiReacti
 		return nil, err
 	}
 
+	// Check that the sender is the key owner
+	pk := types.EncodeHex(crypto.FromECDSAPub(&m.identity.PublicKey))
+	if emojiReaction.From != pk {
+		return nil, errors.Errorf("identity mismatch, " +
+			"emoji reactions can only be retracted by the reaction sender, " +
+			"emoji reaction sent by '%s', current identity '%s'",
+			emojiReaction.From, pk,
+		)
+	}
+
+	// Get chat and clock
 	chat, ok := m.allChats[emojiReaction.ChatID]
 	if !ok {
 		return nil, ErrChatNotFound
@@ -3328,11 +3338,13 @@ func (m *Messenger) SendEmojiReactionRetraction(ctx context.Context, emojiReacti
 		return nil, err
 	}
 
+	// Update MessengerResponse
 	response := MessengerResponse{}
 	emojiReaction.Retracted = true
 	response.EmojiReactions = []*EmojiReaction{emojiReaction}
 	response.Chats = []*Chat{chat}
 
+	// Persist retraction state for emoji reaction
 	err = m.persistence.RetractEmojiReaction(emojiReactionID)
 	if err != nil {
 		return nil, err