Add secure way to genreate password, warn if no password is defined

This commit is contained in:
Matthias 2019-05-26 14:40:03 +02:00
parent 90ece09ee9
commit dab4307e04
3 changed files with 18 additions and 3 deletions

View File

@ -24,6 +24,13 @@ Sample configuration:
You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly. You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly.
To generate a secure password, either use a password manager, or use the below code snipped.
``` python
import secrets
secrets.token_hex()
```
### Configuration with docker ### Configuration with docker
If you run your bot using docker, you'll need to have the bot listen to incomming connections. The security is then handled by docker. If you run your bot using docker, you'll need to have the bot listen to incomming connections. The security is then handled by docker.

View File

@ -106,6 +106,10 @@ class ApiServer(RPC):
logger.warning("SECURITY WARNING - This is insecure please set to your loopback," logger.warning("SECURITY WARNING - This is insecure please set to your loopback,"
"e.g 127.0.0.1 in config.json") "e.g 127.0.0.1 in config.json")
if not self._config['api_server'].get('password'):
logger.warning("SECURITY WARNING - No password for local REST Server defined. "
"Please make sure that this is intentional!")
# Run the Server # Run the Server
logger.info('Starting Local Rest Server.') logger.info('Starting Local Rest Server.')
try: try:

View File

@ -156,7 +156,9 @@ def test_api_run(default_conf, mocker, caplog):
server_mock.reset_mock() server_mock.reset_mock()
apiserver._config.update({"api_server": {"enabled": True, apiserver._config.update({"api_server": {"enabled": True,
"listen_ip_address": "0.0.0.0", "listen_ip_address": "0.0.0.0",
"listen_port": "8089"}}) "listen_port": "8089",
"password": "",
}})
apiserver.run() apiserver.run()
assert server_mock.call_count == 1 assert server_mock.call_count == 1
@ -170,13 +172,15 @@ def test_api_run(default_conf, mocker, caplog):
assert log_has("SECURITY WARNING - This is insecure please set to your loopback," assert log_has("SECURITY WARNING - This is insecure please set to your loopback,"
"e.g 127.0.0.1 in config.json", "e.g 127.0.0.1 in config.json",
caplog.record_tuples) caplog.record_tuples)
assert log_has("SECURITY WARNING - No password for local REST Server defined. "
"Please make sure that this is intentional!",
caplog.record_tuples)
# Test crashing flask # Test crashing flask
caplog.clear() caplog.clear()
mocker.patch('freqtrade.rpc.api_server.make_server', MagicMock(side_effect=Exception)) mocker.patch('freqtrade.rpc.api_server.make_server', MagicMock(side_effect=Exception))
apiserver.run() apiserver.run()
assert log_has("Api server failed to start.", assert log_has("Api server failed to start.", caplog.record_tuples)
caplog.record_tuples)
def test_api_cleanup(default_conf, mocker, caplog): def test_api_cleanup(default_conf, mocker, caplog):