Do not remove client certificate, even when TLS is disabled

It does not really make sense to remove it, as it can lock someone out of their account, just by temporarily disabling TLS.
thelounge · Mar 5, 2022 · ae7020f · ae7020f
1 parent 53b4d00
commit ae7020f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 8 deletions.
diff --git a/src/models/network.js b/src/models/network.js
@@ -184,10 +184,6 @@ Network.prototype.validate = function (client) {
 		this.rejectUnauthorized = true;
 	}
 
-	if (!this.tls) {
-		ClientCertificate.remove(this.uuid);
-	}
-
 	return true;
 };
 

diff --git a/test/models/network.js b/test/models/network.js
@@ -203,7 +203,7 @@ describe("Network", function () {
 			STSPolicies.update("irc.example.com", 7000, 0); // Cleanup
 		});
 
-		it("should remove client certs if TLS is disabled", function () {
+		it("should not remove client certs if TLS is disabled", function () {
 			Helper.config.public = false;
 
 			const client = {idMsg: 1, emit() {}, messageStorage: []};
@@ -216,15 +216,15 @@ describe("Network", function () {
 			expect(client_cert).to.not.be.null;
 			expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert);
 
-			expect(network.validate(client)).to.be.true; // Deletes the cert
+			expect(network.validate(client)).to.be.true;
 
-			expect(ClientCertificate.get(network.uuid)).to.not.deep.equal(client_cert); // Because ClientCertificate.get regenerates it
+			expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert); // Should be unchanged
 
 			ClientCertificate.remove(network.uuid);
 			Helper.config.public = true;
 		});
 
-		it("should remove client certs if there is a STS policy", function () {
+		it("should not remove client certs if there is a STS policy", function () {
 			Helper.config.public = false;
 
 			const client = {idMsg: 1, emit() {}, messageStorage: []};