letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WFE2: Remove secondary ToS check. (#3274) 

`terms-of-service-agreed` is checked at initial signup and doesn't need
to be rechecked. Worse, since the V2 registration only accepts a bool
the "Agreement" field is never set and checking it against != "" will
always fail for v2 accounts.

This was already done for Pebble[0] but was missed in the Boulder 
WFE2.

[0] - 6d6e811c1d
This commit is contained in:
Daniel McCarney 2017-12-14 13:58:01 -05:00 committed by GitHub
parent de5fbbdb67
commit b3d7665d4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wfe2/wfe.go
View File

@ -1617,17 +1617,6 @@ func (wfe *WebFrontEndImpl) finalizeOrder(
return return
} }
// The account must have agreed to the subscriber agreement to finalize an
// order since it will result in the issuance of a certificate.
// Any version of the agreement is acceptable here. Version match is enforced in
// wfe.Registration when agreeing the first time. Agreement updates happen
// by mailing subscribers and don't require a registration update.
if acct.Agreement == "" {
wfe.sendError(response, logEvent,
probs.Unauthorized("Must agree to subscriber agreement before any further actions"), nil)
return
}
// If the order's status is not pending we can not finalize it and must // If the order's status is not pending we can not finalize it and must
// return an error // return an error
if *order.Status != string(core.StatusPending) { if *order.Status != string(core.StatusPending) {

8
wfe2/wfe_test.go
View File

@ -1933,14 +1933,6 @@ func TestFinalizeOrder(t *testing.T) {
Request: signAndPost(t, "2/1/finalize-order", "http://localhost/2/1/finalize-order", "{}", 1, wfe.nonceService), Request: signAndPost(t, "2/1/finalize-order", "http://localhost/2/1/finalize-order", "{}", 1, wfe.nonceService),
ExpectedBody: `{"type":"` + probs.V2ErrorNS + `malformed","detail":"No order found for account ID 2","status":404}`, ExpectedBody: `{"type":"` + probs.V2ErrorNS + `malformed","detail":"No order found for account ID 2","status":404}`,
}, },
{
Name: "Account without Subscriber agreement",
// mocks/mocks.go's StorageAuthority's GetRegistration mock treats ID 6
// as an account without the agreement set. Order ID 6 is mocked to belong
// to it.
Request: signAndPost(t, "6/6/finalize-order", "http://localhost/6/6/finalize-order", "{}", 6, wfe.nonceService),
ExpectedBody: `{"type":"` + probs.V2ErrorNS + `unauthorized","detail":"Must agree to subscriber agreement before any further actions","status":403}`,
},
{ {
Name: "Order ID is invalid", Name: "Order ID is invalid",
Request: signAndPost(t, "1/okwhatever/finalize-order", "http://localhost/1/okwhatever/finalize-order", "{}", 1, wfe.nonceService), Request: signAndPost(t, "1/okwhatever/finalize-order", "http://localhost/1/okwhatever/finalize-order", "{}", 1, wfe.nonceService),