Skip to content
This repository has been archived by the owner on Apr 3, 2019. It is now read-only.

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@philbooth
philbooth committed Jun 22, 2017
1 parent 49df07b commit 05432ed
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 8 deletions.
6 changes: 5 additions & 1 deletion lib/server.js
View file
Expand Up @@ -205,10 +205,14 @@ module.exports = function createServer(config, log) {
// a blocked ip should just be ignored completely
// it's malicious, it shouldn't penalize emails or allow
// (most) escape hatches. just abort!
return {
const result = {
block: true,
retryAfter: ipRecord.retryAfter()
}

if (! allowWhitelisted(result, ip, email)) {
return result
}
}

var wantsUnblock = req.body.payload && req.body.payload.unblockCode
Expand Down
17 changes: 10 additions & 7 deletions test/remote/check_tests.js
View file
@@ -1,10 +1,13 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */

var test = require('tap').test
var restify = require('restify')
var TestServer = require('../test_server')
var mcHelper = require('../memcache-helper')
'use strict'

const mcHelper = require('../memcache-helper')
const Promise = require('bluebird')
const restify = require('restify')
const test = require('tap').test
const TestServer = require('../test_server')

const ALLOWED_EMAIL = 'test@restmail.net'
const TEST_EMAIL = 'test@example.com'
Expand Down Expand Up @@ -93,15 +96,15 @@ test(
)

test('allowed email addresses in /check do not block subsequent requests to /checkIpOnly', t => {
return client.post('/check', {
return client.postAsync('/check', {
email: ALLOWED_EMAIL,
ip: TEST_IP,
action: 'recoveryEmailVerifyCode'
}).spread((req, res, obj) => {
t.equal(res.statusCode, 200, '/check succeeded')
t.equal(obj.block, false, 'request was not blocked')

return client.post('/check', {
return client.postAsync('/check', {
email: ALLOWED_EMAIL,
ip: TEST_IP,
action: 'recoveryEmailVerifyCode'
Expand All @@ -111,7 +114,7 @@ test('allowed email addresses in /check do not block subsequent requests to /che
t.equal(res.statusCode, 200, '/check succeeded')
t.equal(obj.block, false, 'request was not blocked')

return client.post('/checkIpOnly', {
return client.postAsync('/checkIpOnly', {
ip: TEST_IP,
action: 'consumeSigninCode'
})
Expand Down

0 comments on commit 05432ed

Please sign in to comment.