Implement cryptographically-correct pass validation in the server-side part (add_lease)

Like #40 (closed) but for add_leases