letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix ReusePendingAuthz feature (#2827) 

Fixes #2826.
This commit is contained in:
Roland Bracewell Shoemaker 2017-06-21 17:19:14 -07:00 committed by GitHub
parent 41df4ae10f
commit c5da184c97
2 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sa/sa.go
View File

@ -654,7 +654,7 @@ func (ssa *SQLStorageAuthority) NewPendingAuthorization(ctx context.Context, aut
return output, err return output, err
} }
pa, err := selectPendingAuthz(ssa.dbMap, "WHERE identifier = ?", idJSON) pa, err := selectPendingAuthz(ssa.dbMap, "WHERE identifier = ? AND expires > ? LIMIT 1", idJSON, ssa.clk.Now().Add(time.Hour))
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
// No existing authz found, proceed to create one. // No existing authz found, proceed to create one.
} else if err == nil { } else if err == nil {

32
sa/sa_test.go
View File

@ -222,12 +222,12 @@ func TestRecyclePendingDisabled(t *testing.T) {
} }
func TestRecyclePendingEnabled(t *testing.T) { func TestRecyclePendingEnabled(t *testing.T) {
_ = features.Set(map[string]bool{"ReusePendingAuthz": true})
sa, _, cleanUp := initSA(t) sa, fc, cleanUp := initSA(t)
defer cleanUp() defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa) reg := satest.CreateWorkingRegistration(t, sa)
expires := fc.Now()
authz := core.Authorization{ authz := core.Authorization{
RegistrationID: reg.ID, RegistrationID: reg.ID,
Identifier: core.AcmeIdentifier{ Identifier: core.AcmeIdentifier{
@ -242,19 +242,37 @@ func TestRecyclePendingEnabled(t *testing.T) {
Token: "abc", Token: "abc",
}, },
}, },
Expires: &expires,
} }
pendingAuthz, err := sa.NewPendingAuthorization(ctx, authz)
// Add expired authz
_, err := sa.NewPendingAuthorization(ctx, authz)
test.AssertNotError(t, err, "Couldn't create new expired pending authorization")
// Add expected authz
fc.Add(3 * time.Hour)
expires = fc.Now().Add(2 * time.Hour) // magic pointer
pendingAuthzA, err := sa.NewPendingAuthorization(ctx, authz)
test.AssertNotError(t, err, "Couldn't create new pending authorization") test.AssertNotError(t, err, "Couldn't create new pending authorization")
test.Assert(t, pendingAuthz.ID != "", "ID shouldn't be blank") test.Assert(t, pendingAuthzA.ID != "", "ID shouldn't be blank")
// Add extra authz for kicks
pendingAuthzB, err := sa.NewPendingAuthorization(ctx, authz)
test.AssertNotError(t, err, "Couldn't create new pending authorization")
test.Assert(t, pendingAuthzB.ID != "", "ID shouldn't be blank")
_ = features.Set(map[string]bool{"ReusePendingAuthz": true})
authz.Challenges = nil authz.Challenges = nil
pendingAuthz2, err := sa.NewPendingAuthorization(ctx, authz) pendingAuthz2, err := sa.NewPendingAuthorization(ctx, authz)
test.AssertNotError(t, err, "Couldn't create new pending authorization") test.AssertNotError(t, err, "Couldn't create new pending authorization")
test.AssertEquals(t, pendingAuthz.ID, pendingAuthz2.ID) test.Assert(
test.Assert(t, len(pendingAuthz.Challenges) > 0, "no challenges") t,
test.AssertEquals(t, pendingAuthz.Challenges[0].Token, "abc") pendingAuthzA.ID == pendingAuthz2.ID || pendingAuthzB.ID == pendingAuthz2.ID,
fmt.Sprintf("unexpected pending authz ID, wanted: %q or %q, got: %q", pendingAuthzA.ID, pendingAuthzB.ID, pendingAuthz2.ID),
)
test.Assert(t, len(pendingAuthz2.Challenges) > 0, "no challenges")
test.AssertEquals(t, pendingAuthz2.Challenges[0].Token, "abc")
} }
func CreateDomainAuth(t *testing.T, domainName string, sa *SQLStorageAuthority) (authz core.Authorization) { func CreateDomainAuth(t *testing.T, domainName string, sa *SQLStorageAuthority) (authz core.Authorization) {