deblan-mirror/thelounge
deblan-mirror/thelounge
1
0
Fork 0
mirror of https://github.com/thelounge/thelounge.git synced 2024-05-07 00:36:42 +02:00
Code Issues Projects Releases Wiki Activity

Do not remove client certificate, even when TLS is disabled

Browse source 
It does not really make sense to remove it, as it can lock someone out of
their account, just by temporarily disabling TLS.
This commit is contained in:
Val Lorentz 2022-03-05 11:20:57 +01:00
parent 53b4d00732
commit ae7020f569
2 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/models/network.js
View file

@ -184,10 +184,6 @@ Network.prototype.validate = function (client) {
this.rejectUnauthorized = true;
}
if (!this.tls) {
ClientCertificate.remove(this.uuid);
}
return true;
};

8
test/models/network.js
View file

@ -203,7 +203,7 @@ describe("Network", function () {
STSPolicies.update("irc.example.com", 7000, 0); // Cleanup
});
it("should remove client certs if TLS is disabled", function () {
it("should not remove client certs if TLS is disabled", function () {
Helper.config.public = false;
const client = {idMsg: 1, emit() {}, messageStorage: []};
@ -216,15 +216,15 @@ describe("Network", function () {
expect(client_cert).to.not.be.null;
expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert);
expect(network.validate(client)).to.be.true; // Deletes the cert
expect(network.validate(client)).to.be.true;
expect(ClientCertificate.get(network.uuid)).to.not.deep.equal(client_cert); // Because ClientCertificate.get regenerates it
expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert); // Should be unchanged
ClientCertificate.remove(network.uuid);
Helper.config.public = true;
});
it("should remove client certs if there is a STS policy", function () {
it("should not remove client certs if there is a STS policy", function () {
Helper.config.public = false;
const client = {idMsg: 1, emit() {}, messageStorage: []};