letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix challenge up Link relation header (#4264) 

and adds a test to check the relation is what we expect.

Fixes #4262.
This commit is contained in:
Roland Bracewell Shoemaker 2019-06-18 15:20:51 -07:00 committed by GitHub
parent 18a3c78d6f
commit 4e10063ceb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 69 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
wfe/wfe.go
View File

@ -736,12 +736,7 @@ func (wfe *WebFrontEndImpl) NewAuthorization(ctx context.Context, logEvent *web.
logEvent.Created = authz.ID
// Make a URL for this authz, then blow away the ID and RegID before serializing
var authzURL string
if authz.V2 {
authzURL = web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", authzPath, authz2Prefix, authz.ID))
} else {
authzURL = web.RelativeEndpoint(request, authzPath+string(authz.ID))
}
authzURL := urlForAuthz(authz, request)
wfe.prepAuthorizationForDisplay(request, &authz)
response.Header().Add("Location", authzURL)
@ -1158,7 +1153,7 @@ func (wfe *WebFrontEndImpl) getChallenge(
wfe.prepChallengeForDisplay(request, authz, challenge)
authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URI)
response.Header().Add("Link", link(authzURL, "up"))
@ -1249,7 +1244,7 @@ func (wfe *WebFrontEndImpl) postChallenge(
challenge := returnAuthz.Challenges[challengeIndex]
wfe.prepChallengeForDisplay(request, authz, &challenge)
authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URI)
response.Header().Add("Link", link(authzURL, "up"))
@ -1669,3 +1664,10 @@ func (wfe *WebFrontEndImpl) addIssuingCertificateURLs(response http.ResponseWrit
}
return nil
}
func urlForAuthz(authz core.Authorization, request *http.Request) string {
if authz.V2 {
return web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", authzPath, authz2Prefix, authz.ID))
}
return web.RelativeEndpoint(request, authzPath+string(authz.ID))
}

25
wfe/wfe_test.go
View File

@ -15,6 +15,7 @@ import (
"net/http"
"net/http/httptest"
"net/url"
"os"
"sort"
"strconv"
"strings"
@ -1109,6 +1110,30 @@ func TestGetChallenge(t *testing.T) {
}
}
func TestGetChallengeV2UpRel(t *testing.T) {
if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") {
return
}
wfe, _ := setupWFE(t)
_ = features.Set(map[string]bool{"NewAuthorizationSchema": true})
challengeURL := "http://localhost/acme/challenge/v2/1/-ZfxEw=="
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", challengeURL, nil)
req.URL.Path = "v2/1/-ZfxEw=="
test.AssertNotError(t, err, "Could not make NewRequest")
wfe.Challenge(ctx, newRequestEvent(), resp, req)
test.AssertEquals(t,
resp.Code,
http.StatusAccepted)
test.AssertEquals(t,
resp.Header().Get("Link"),
`<http://localhost/acme/authz/v2/1>;rel="up"`)
}
func TestChallenge(t *testing.T) {
wfe, _ := setupWFE(t)
responseWriter := httptest.NewRecorder()

11
wfe2/wfe.go
View File

@ -1088,7 +1088,7 @@ func (wfe *WebFrontEndImpl) getChallenge(
wfe.prepChallengeForDisplay(request, authz, challenge)
authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URL)
response.Header().Add("Link", link(authzURL, "up"))
@ -1183,7 +1183,7 @@ func (wfe *WebFrontEndImpl) postChallenge(
challenge := returnAuthz.Challenges[challengeIndex]
wfe.prepChallengeForDisplay(request, authz, &challenge)
authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URL)
response.Header().Add("Link", link(authzURL, "up"))
@ -2079,3 +2079,10 @@ func extractRequesterIP(req *http.Request) (net.IP, error) {
}
return net.ParseIP(host), nil
}
func urlForAuthz(authz core.Authorization, request *http.Request) string {
if authz.V2 {
return web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", authzPath, authz2Prefix, authz.ID))
}
return web.RelativeEndpoint(request, authzPath+string(authz.ID))
}

25
wfe2/wfe_test.go
View File

@ -17,6 +17,7 @@ import (
"net/http"
"net/http/httptest"
"net/url"
"os"
"sort"
"strconv"
"strings"
@ -3113,3 +3114,27 @@ func TestMandatoryPOSTAsGET(t *testing.T) {
})
}
}
func TestGetChallengeV2UpRel(t *testing.T) {
if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") {
return
}
wfe, _ := setupWFE(t)
_ = features.Set(map[string]bool{"NewAuthorizationSchema": true})
challengeURL := "http://localhost/acme/challenge/v2/1/-ZfxEw=="
resp := httptest.NewRecorder()
req, err := http.NewRequest("GET", challengeURL, nil)
req.URL.Path = "v2/1/-ZfxEw=="
test.AssertNotError(t, err, "Could not make NewRequest")
wfe.Challenge(ctx, newRequestEvent(), resp, req)
test.AssertEquals(t,
resp.Code,
http.StatusOK)
test.AssertEquals(t,
resp.Header().Get("Link"),
`<http://localhost/acme/authz/v2/1>;rel="up"`)
}