krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 07:07:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

add extra condition to skip ssl check

Browse Source
This commit is contained in:
Matteo Pagliazzi
2019-01-23 17:19:57 +01:00
parent a63ba51497
commit 6ea4d96830
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
test/api/unit/middlewares/redirects.js
View File

@@ -106,6 +106,23 @@ describe('redirects middleware', () => {
expect(res.redirect).to.be.calledOnce;
expect(res.redirect).to.be.calledWith('https://habitica.com/static/front?skipSSLCheck=INVALID');
});
it('does redirect if skip ssl check key is not set', () => {
let nconfStub = sandbox.stub(nconf, 'get');
nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
nconfStub.withArgs('IS_PROD').returns(true);
nconfStub.withArgs('SKIP_SSL_CHECK_KEY').returns(null);
req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
req.originalUrl = '/static/front';
req.query.skipSSLCheck = 'INVALID';
const attachRedirects = requireAgain(pathToRedirectsMiddleware);
attachRedirects.forceSSL(req, res, next);
expect(res.redirect).to.be.calledOnce;
expect(res.redirect).to.be.calledWith('https://habitica.com/static/front');
});
});
context('forceHabitica', () => {

2
website/server/middlewares/redirects.js
View File

@@ -21,7 +21,7 @@ function isHTTP (req) {
export function forceSSL (req, res, next) {
const skipSSLCheck = req.query.skipSSLCheck;
if (isHTTP(req) && (!skipSSLCheck || skipSSLCheck !== SKIP_SSL_CHECK_KEY)) {
if (isHTTP(req) && (!SKIP_SSL_CHECK_KEY || !skipSSLCheck || skipSSLCheck !== SKIP_SSL_CHECK_KEY)) {
return res.redirect(BASE_URL + req.originalUrl);
}