letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WFE2: Fix GET API when used with MandatoryPOSTAsGET (#4656)

This commit is contained in:
Roland Bracewell Shoemaker 2020-01-23 11:24:05 -08:00 committed by Daniel McCarney
parent c66fd76840
commit af5b41f4c2
2 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
wfe2/wfe.go
View File

@ -218,7 +218,6 @@ func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h web
if wfe.remoteNonceService != nil {
nonceMsg, err := wfe.remoteNonceService.Nonce(ctx, &corepb.Empty{})
if err != nil {
fmt.Println("fucking broken", err)
wfe.sendError(response, logEvent, probs.ServerInternal("unable to get nonce"), err)
return
}
@ -1052,7 +1051,7 @@ func (wfe *WebFrontEndImpl) Challenge(
return
}
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost {
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost && !requiredStale(request, logEvent) {
wfe.sendError(response, logEvent, probs.MethodNotAllowed(), nil)
return
}
@ -1433,7 +1432,7 @@ func (wfe *WebFrontEndImpl) Authorization(
response http.ResponseWriter,
request *http.Request) {
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost {
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost && !requiredStale(request, logEvent) {
wfe.sendError(response, logEvent, probs.MethodNotAllowed(), nil)
return
}
@ -1532,7 +1531,7 @@ var allHex = regexp.MustCompile("^[0-9a-f]+$")
// Certificate is used by clients to request a copy of their current certificate, or to
// request a reissuance of the certificate.
func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request) {
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost {
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost && !requiredStale(request, logEvent) {
wfe.sendError(response, logEvent, probs.MethodNotAllowed(), nil)
return
}
@ -1963,7 +1962,7 @@ func (wfe *WebFrontEndImpl) NewOrder(
// GetOrder is used to retrieve a existing order object
func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request) {
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost {
if features.Enabled(features.MandatoryPOSTAsGET) && request.Method != http.MethodPost && !requiredStale(request, logEvent) {
wfe.sendError(response, logEvent, probs.MethodNotAllowed(), nil)
return
}

16
wfe2/wfe_test.go
View File

@ -3276,3 +3276,19 @@ func TestGETAPIChallenge(t *testing.T) {
}
}
}
func TestGetAPIAndMandatoryPOSTAsGET(t *testing.T) {
wfe, _ := setupWFE(t)
makeGet := func(path, endpoint string) (*http.Request, *web.RequestEvent) {
return &http.Request{URL: &url.URL{Path: path}, Method: "GET"},
&web.RequestEvent{Endpoint: endpoint, Extra: map[string]interface{}{}}
}
_ = features.Set(map[string]bool{"MandatoryPOSTAsGET": true})
defer features.Reset()
oldSerial := "0000000000000000000000000000000000b2"
req, event := makeGet(oldSerial, getCertPath)
resp := httptest.NewRecorder()
wfe.Certificate(context.Background(), event, resp, req)
test.AssertEquals(t, resp.Code, 200)
}