fix: only bind auth server to 127.0.0.1 (#4726)

jpinkney-aws · web-flow · commit 6c3eb5e380ee · 2024-04-17T11:48:10.000-04:00
* fix: only bind auth server to 127.0.0.1

Problem:
- Auth server was being bound to all interfaces

Solution:
- Bind it only to 127.0.0.1
diff --git a/packages/core/src/auth/sso/server.ts b/packages/core/src/auth/sso/server.ts
@@ -107,7 +107,7 @@ export class AuthSSOServer {
                 resolve()
             })
 
-            this.server.listen()
+            this.server.listen(0, '127.0.0.1')
         })
     }
 
@@ -134,8 +134,12 @@ export class AuthSSOServer {
         return `${this.baseUrl}:${this.getPort()}`
     }
 
+    public getAddress() {
+        return this.server.address()
+    }
+
     private getPort(): number {
-        const addr = this.server.address()
+        const addr = this.getAddress()
         if (addr instanceof Object) {
             return addr.port
         } else if (typeof addr === 'string') {
diff --git a/packages/core/src/test/credentials/sso/server.test.ts b/packages/core/src/test/credentials/sso/server.test.ts
@@ -105,4 +105,13 @@ describe('AuthSSOServer', function () {
         const token = await server.waitForAuthorization()
         assert.deepStrictEqual(code, token)
     })
+
+    it('address is bound to localhost', function () {
+        const address = server.getAddress()
+        if (address instanceof Object) {
+            assert.deepStrictEqual(address.address, '127.0.0.1')
+            return
+        }
+        assert.fail('Expected address 127.0.0.1')
+    })
 })
