From ae7020f569367090eb18a6f8976759d31aed3165 Mon Sep 17 00:00:00 2001 From: Val Lorentz Date: Sat, 5 Mar 2022 11:20:57 +0100 Subject: [PATCH] Do not remove client certificate, even when TLS is disabled It does not really make sense to remove it, as it can lock someone out of their account, just by temporarily disabling TLS. --- src/models/network.js | 4 ---- test/models/network.js | 8 ++++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/src/models/network.js b/src/models/network.js index 822afdf2..bfd14c06 100644 --- a/src/models/network.js +++ b/src/models/network.js @@ -184,10 +184,6 @@ Network.prototype.validate = function (client) { this.rejectUnauthorized = true; } - if (!this.tls) { - ClientCertificate.remove(this.uuid); - } - return true; }; diff --git a/test/models/network.js b/test/models/network.js index 6abdb3e4..1b5a1ed1 100644 --- a/test/models/network.js +++ b/test/models/network.js @@ -203,7 +203,7 @@ describe("Network", function () { STSPolicies.update("irc.example.com", 7000, 0); // Cleanup }); - it("should remove client certs if TLS is disabled", function () { + it("should not remove client certs if TLS is disabled", function () { Helper.config.public = false; const client = {idMsg: 1, emit() {}, messageStorage: []}; @@ -216,15 +216,15 @@ describe("Network", function () { expect(client_cert).to.not.be.null; expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert); - expect(network.validate(client)).to.be.true; // Deletes the cert + expect(network.validate(client)).to.be.true; - expect(ClientCertificate.get(network.uuid)).to.not.deep.equal(client_cert); // Because ClientCertificate.get regenerates it + expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert); // Should be unchanged ClientCertificate.remove(network.uuid); Helper.config.public = true; }); - it("should remove client certs if there is a STS policy", function () { + it("should not remove client certs if there is a STS policy", function () { Helper.config.public = false; const client = {idMsg: 1, emit() {}, messageStorage: []};