Implement "onlyReturnExisting" for new-account. (#3295)
This commit adds support for the "onlyReturnExisting" field of new-account requests. If present & true then new-account will check if an existing account for the provided key exists. If it does a Location header is returned with the existing account's URL. If it does not exist an error is returned. This is contrary to the "onlyReturnExisting=false" behaviour that creates an account if an existing account with the same key does not exist. Resolves #3281
This commit is contained in:
Daniel McCarney
Roland Bracewell Shoemaker
parent
fdd854a7e5
commit
b489669d73
27
wfe2/wfe.go
27
wfe2/wfe.go
|
|
@ -481,6 +481,18 @@ func (wfe *WebFrontEndImpl) NewAccount(
|
|||
return
|
||||
}
|
||||
|
||||
var accountCreateRequest struct {
|
||||
Contact *[]string `json:"contact"`
|
||||
TermsOfServiceAgreed bool `json:"termsOfServiceAgreed"`
|
||||
OnlyReturnExisting bool `json:"onlyReturnExisting"`
|
||||
}
|
||||
|
||||
err := json.Unmarshal(body, &accountCreateRequest)
|
||||
if err != nil {
|
||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling JSON"), err)
|
||||
return
|
||||
}
|
||||
|
||||
existingAcct, err := wfe.SA.GetRegistrationByKey(ctx, key)
|
||||
if err == nil {
|
||||
response.Header().Set("Location",
|
||||
|
|
@ -493,16 +505,15 @@ func (wfe *WebFrontEndImpl) NewAccount(
|
|||
return
|
||||
}
|
||||
|
||||
var accountCreateRequest struct {
|
||||
Contact *[]string `json:"contact"`
|
||||
TermsOfServiceAgreed bool `json:"termsOfServiceAgreed"`
|
||||
}
|
||||
|
||||
err = json.Unmarshal(body, &accountCreateRequest)
|
||||
if err != nil {
|
||||
wfe.sendError(response, logEvent, probs.Malformed("Error unmarshaling JSON"), err)
|
||||
// If the request included a true "OnlyReturnExisting" field and we did not
|
||||
// find an existing registration with the key specified then we must return an
|
||||
// error and not create a new account.
|
||||
if accountCreateRequest.OnlyReturnExisting {
|
||||
wfe.sendError(response, logEvent, probs.AccountDoesNotExist(
|
||||
"No account exists with the provided key"), nil)
|
||||
return
|
||||
}
|
||||
|
||||
if !accountCreateRequest.TermsOfServiceAgreed {
|
||||
wfe.sendError(response, logEvent, probs.Malformed("must agree to terms of service"), nil)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -2408,21 +2408,37 @@ func (sa *mockSAGetRegByKeyNotFound) GetRegistrationByKey(ctx context.Context, j
|
|||
return core.Registration{}, berrors.NotFoundError("not found")
|
||||
}
|
||||
|
||||
// When SA.GetRegistrationByKey returns NotFound, NewAccount should
|
||||
// succeed.
|
||||
func TestNewAccountWhenGetRegByKeyNotFound(t *testing.T) {
|
||||
wfe, fc := setupWFE(t)
|
||||
wfe.SA = &mockSAGetRegByKeyNotFound{mocks.NewStorageAuthority(fc)}
|
||||
key := loadKey(t, []byte(testE2KeyPrivatePEM))
|
||||
_, ok := key.(*ecdsa.PrivateKey)
|
||||
test.Assert(t, ok, "Couldn't load ECDSA key")
|
||||
// When SA.GetRegistrationByKey returns NotFound, and no onlyReturnExisting
|
||||
// field is sent, NewAccount should succeed.
|
||||
payload := `{"contact":["mailto:person@mail.com"],"termsOfServiceAgreed":true}`
|
||||
signedURL := "http://localhost/new-account"
|
||||
responseWriter := httptest.NewRecorder()
|
||||
_, _, body := signRequestEmbed(t, key, "http://localhost/new-account", payload, wfe.nonceService)
|
||||
_, _, body := signRequestEmbed(t, key, signedURL, payload, wfe.nonceService)
|
||||
wfe.NewAccount(ctx, newRequestEvent(), responseWriter, makePostRequestWithPath("/new-account", body))
|
||||
if responseWriter.Code != http.StatusCreated {
|
||||
t.Errorf("Bad response to NewRegistration: %d, %s", responseWriter.Code, responseWriter.Body)
|
||||
}
|
||||
|
||||
// When SA.GetRegistrationByKey returns NotFound, and onlyReturnExisting
|
||||
// field **is** sent, NewAccount should fail with the expected error.
|
||||
payload = `{"contact":["mailto:person@mail.com"],"termsOfServiceAgreed":true,"onlyReturnExisting":true}`
|
||||
responseWriter = httptest.NewRecorder()
|
||||
_, _, body = signRequestEmbed(t, key, signedURL, payload, wfe.nonceService)
|
||||
// Process the new account request
|
||||
wfe.NewAccount(ctx, newRequestEvent(), responseWriter, makePostRequestWithPath("/new-account", body))
|
||||
test.AssertEquals(t, responseWriter.Code, http.StatusBadRequest)
|
||||
test.AssertUnmarshaledEquals(t, responseWriter.Body.String(), `
|
||||
{
|
||||
"type": "urn:ietf:params:acme:error:accountDoesNotExist",
|
||||
"detail": "No account exists with the provided key",
|
||||
"status": 400
|
||||
}`)
|
||||
}
|
||||
|
||||
func TestPrepAuthzForDisplay(t *testing.T) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue