Do not remove client certificate, even when TLS is disabled
It does not really make sense to remove it, as it can lock someone out of their account, just by temporarily disabling TLS.
This commit is contained in:
parent
53b4d00732
commit
ae7020f569
@ -184,10 +184,6 @@ Network.prototype.validate = function (client) {
|
||||
this.rejectUnauthorized = true;
|
||||
}
|
||||
|
||||
if (!this.tls) {
|
||||
ClientCertificate.remove(this.uuid);
|
||||
}
|
||||
|
||||
return true;
|
||||
};
|
||||
|
||||
|
@ -203,7 +203,7 @@ describe("Network", function () {
|
||||
STSPolicies.update("irc.example.com", 7000, 0); // Cleanup
|
||||
});
|
||||
|
||||
it("should remove client certs if TLS is disabled", function () {
|
||||
it("should not remove client certs if TLS is disabled", function () {
|
||||
Helper.config.public = false;
|
||||
|
||||
const client = {idMsg: 1, emit() {}, messageStorage: []};
|
||||
@ -216,15 +216,15 @@ describe("Network", function () {
|
||||
expect(client_cert).to.not.be.null;
|
||||
expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert);
|
||||
|
||||
expect(network.validate(client)).to.be.true; // Deletes the cert
|
||||
expect(network.validate(client)).to.be.true;
|
||||
|
||||
expect(ClientCertificate.get(network.uuid)).to.not.deep.equal(client_cert); // Because ClientCertificate.get regenerates it
|
||||
expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert); // Should be unchanged
|
||||
|
||||
ClientCertificate.remove(network.uuid);
|
||||
Helper.config.public = true;
|
||||
});
|
||||
|
||||
it("should remove client certs if there is a STS policy", function () {
|
||||
it("should not remove client certs if there is a STS policy", function () {
|
||||
Helper.config.public = false;
|
||||
|
||||
const client = {idMsg: 1, emit() {}, messageStorage: []};
|
||||
|
Loading…
Reference in New Issue
Block a user