From 441b66f80923d1f574a74582f1fb9306b99fc12a Mon Sep 17 00:00:00 2001
From: Chocobozzz <florian.bigard@gmail.com>
Date: Wed, 16 Nov 2016 20:22:17 +0100
Subject: Server: forbid to make friends with a non https server

---
 server/middlewares/validators/pods.js | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'server/middlewares')

diff --git a/server/middlewares/validators/pods.js b/server/middlewares/validators/pods.js
index 4f8bad2f9..0723871b2 100644
--- a/server/middlewares/validators/pods.js
+++ b/server/middlewares/validators/pods.js
@@ -1,8 +1,10 @@
 'use strict'
 
 const checkErrors = require('./utils').checkErrors
+const constants = require('../../initializers/constants')
 const friends = require('../../lib/friends')
 const logger = require('../../helpers/logger')
+const utils = require('../../helpers/utils')
 
 const validatorsPod = {
   makeFriends,
@@ -10,6 +12,11 @@ const validatorsPod = {
 }
 
 function makeFriends (req, res, next) {
+  // Force https if the administrator wants to make friends
+  if (utils.isTestInstance() === false && constants.CONFIG.WEBSERVER.SCHEME === 'http') {
+    return res.status(400).send('Cannot make friends with a non HTTPS webserver.')
+  }
+
   req.checkBody('hosts', 'Should have an array of unique hosts').isEachUniqueHostValid()
 
   logger.debug('Checking makeFriends parameters', { parameters: req.body })
-- 
cgit v1.2.3