Add secure way to genreate password, warn if no password is defined
This commit is contained in:
parent
90ece09ee9
commit
dab4307e04
@ -24,6 +24,13 @@ Sample configuration:
|
||||
|
||||
You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly.
|
||||
|
||||
To generate a secure password, either use a password manager, or use the below code snipped.
|
||||
|
||||
``` python
|
||||
import secrets
|
||||
secrets.token_hex()
|
||||
```
|
||||
|
||||
### Configuration with docker
|
||||
|
||||
If you run your bot using docker, you'll need to have the bot listen to incomming connections. The security is then handled by docker.
|
||||
|
@ -106,6 +106,10 @@ class ApiServer(RPC):
|
||||
logger.warning("SECURITY WARNING - This is insecure please set to your loopback,"
|
||||
"e.g 127.0.0.1 in config.json")
|
||||
|
||||
if not self._config['api_server'].get('password'):
|
||||
logger.warning("SECURITY WARNING - No password for local REST Server defined. "
|
||||
"Please make sure that this is intentional!")
|
||||
|
||||
# Run the Server
|
||||
logger.info('Starting Local Rest Server.')
|
||||
try:
|
||||
|
@ -156,7 +156,9 @@ def test_api_run(default_conf, mocker, caplog):
|
||||
server_mock.reset_mock()
|
||||
apiserver._config.update({"api_server": {"enabled": True,
|
||||
"listen_ip_address": "0.0.0.0",
|
||||
"listen_port": "8089"}})
|
||||
"listen_port": "8089",
|
||||
"password": "",
|
||||
}})
|
||||
apiserver.run()
|
||||
|
||||
assert server_mock.call_count == 1
|
||||
@ -170,13 +172,15 @@ def test_api_run(default_conf, mocker, caplog):
|
||||
assert log_has("SECURITY WARNING - This is insecure please set to your loopback,"
|
||||
"e.g 127.0.0.1 in config.json",
|
||||
caplog.record_tuples)
|
||||
assert log_has("SECURITY WARNING - No password for local REST Server defined. "
|
||||
"Please make sure that this is intentional!",
|
||||
caplog.record_tuples)
|
||||
|
||||
# Test crashing flask
|
||||
caplog.clear()
|
||||
mocker.patch('freqtrade.rpc.api_server.make_server', MagicMock(side_effect=Exception))
|
||||
apiserver.run()
|
||||
assert log_has("Api server failed to start.",
|
||||
caplog.record_tuples)
|
||||
assert log_has("Api server failed to start.", caplog.record_tuples)
|
||||
|
||||
|
||||
def test_api_cleanup(default_conf, mocker, caplog):
|
||||
|
Loading…
Reference in New Issue
Block a user