From a75bdf44a499e5c1b6bcef76f820062185e4c9f4 Mon Sep 17 00:00:00 2001
From: Thibault Duplessis <thibault.duplessis@gmail.com>
Date: Sat, 5 Nov 2016 12:00:17 +0100
Subject: [PATCH] secure resign endpoint

---
 app/controllers/Round.scala | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/app/controllers/Round.scala b/app/controllers/Round.scala
index 1b1c7ea263..2ad646be2a 100644
--- a/app/controllers/Round.scala
+++ b/app/controllers/Round.scala
@@ -272,10 +272,16 @@ object Round extends LilaController with TheftPrevention {
 
   def resign(fullId: String) = Open { implicit ctx =>
     OptionFuRedirect(GameRepo pov fullId) { pov =>
-      env resign pov
-      import scala.concurrent.duration._
-      val scheduler = lila.common.PlayApp.system.scheduler
-      akka.pattern.after(500 millis, scheduler)(fuccess(routes.Lobby.home))
+      if (isTheft(pov)) {
+        controllerLogger.warn(s"theft resign $fullId ${HTTPRequest.lastRemoteAddress(ctx.req)}")
+        fuccess(routes.Lobby.home)
+      }
+      else {
+        env resign pov
+        import scala.concurrent.duration._
+        val scheduler = lila.common.PlayApp.system.scheduler
+        akka.pattern.after(500 millis, scheduler)(fuccess(routes.Lobby.home))
+      }
     }
   }