LeapSyncTarget checks whether document has been correctly encrypted.

1 files changed, 14 insertions, 2 deletions

diff --git a/src/leap/soledad/backends/leap_backend.py b/src/leap/soledad/backends/leap_backend.py
index ec26dca4..f73698f2 100644
--- a/src/leap/soledad/backends/leap_backend.py
+++ b/src/leap/soledad/backends/leap_backend.py
@@ -20,6 +20,10 @@ class NoSoledadInstance(Exception):
     pass
 
 
+class DocumentEncryptionFailed(Exception):
+    pass
+
+
 class LeapDocument(Document):
     """
     LEAP Documents are standard u1db documents with cabability of returning an
@@ -181,9 +185,17 @@ class LeapSyncTarget(HTTPSyncTarget):
         comma = ','
         for doc, gen, trans_id in docs_by_generations:
             if doc.syncable:
-                # encrypt before sending to server.
+                # encrypt and verify before sending to server.
+                doc_content = doc.get_encrypted_json()
+                if doc_content == doc.get_json():
+                    raise DocumentEncryptionFailed
+                enc_doc = LeapDocument(doc.doc_id, doc.rev,
+                                       encrypted_json=doc_content,
+                                       soledad=self._soledad)
+                if doc.get_json() != enc_doc.get_json():
+                    raise DocumentEncryptionFailed
                 size += prepare(id=doc.doc_id, rev=doc.rev,
-                                content=doc.get_encrypted_json(),
+                                content=doc_content,
                                 gen=gen, trans_id=trans_id)
         entries.append('\r\n]')
         size += len(entries[-1])