From 653289c446276fba930a4d3f8cdcb9539972275a Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 11 Apr 2023 18:58:24 +0200
Subject: [PATCH] Misc clarification

---
 app.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 71dc567..0c79dda 100644
--- a/app.py
+++ b/app.py
@@ -151,7 +151,7 @@ def delete_using_recovery_password_or_key(subdomain):
         with open(f"{app.config['DB_FOLDER']}/{subdomain}.key") as f:
             if not hmac.compare_digest(key, f.read()):
                 return '"Access denied"', 403
-    if recovery_password:
+    elif recovery_password:
         if not os.path.exists(
             f"{app.config['DB_FOLDER']}/{subdomain}.recovery_password"
         ):
@@ -161,6 +161,9 @@ def delete_using_recovery_password_or_key(subdomain):
 
         if not bcrypt.checkpw(recovery_password.encode(), hashed):
             return '"Access denied"', 403
+    # Shouldnt happen, this is checked before
+    else:
+        return '"Access denied"', 403
 
     if os.path.exists(f"{app.config['DB_FOLDER']}/{subdomain}.key"):
         os.remove(f"{app.config['DB_FOLDER']}/{subdomain}.key")