Security: limit Masterkey remote access (#4017)

* update choose_password to have the confirmation * add comment mark * First version, no test * throw error right away instead of just use masterKey false * fix the logic * move it up before the masterKey check * adding some test * typo * remove the choose_password * newline * add cli options * remove trailing space * handle in case the server is behind proxy * add getting the first ip in the ip list of xff * sanity check the ip in config if it is a valid ip address * split ip extraction to another function * trailing spaces
2017-07-23 18:26:30 +02:00
parent 811d8b0c7a
commit 7e54265f6d
7 changed files with 223 additions and 2 deletions
--- a/spec/index.spec.js
+++ b/spec/index.spec.js
@@ -419,4 +419,18 @@ describe('server', () => {
    reconfigureServer({ revokeSessionOnPasswordReset: 'non-bool' })
      .catch(done);
  });
+
+  it('fails if you provides invalid ip in masterKeyIps', done => {
+    reconfigureServer({ masterKeyIps: ['invalidIp','1.2.3.4'] })
+      .catch(error => {
+        expect(error).toEqual('Invalid ip in masterKeyIps: invalidIp');
+        done();
+      })
+  });
+
+  it('should suceed if you provide valid ip in masterKeyIps', done => {
+    reconfigureServer({ masterKeyIps: ['1.2.3.4','2001:0db8:0000:0042:0000:8a2e:0370:7334'] })
+      .then(done)
+  });
+
 });