diff --git a/mocks/mocks.go b/mocks/mocks.go index 09ea1b6a1..291b015fe 100644 --- a/mocks/mocks.go +++ b/mocks/mocks.go @@ -515,10 +515,10 @@ func (sa *StorageAuthority) GetOrder(_ context.Context, req *sapb.OrderRequest) validOrder.RegistrationID = &six } - // Order ID 7 is expired + // Order ID 7 is ready, but expired if *req.Id == 7 { - pending := string(core.StatusPending) - validOrder.Status = &pending + ready := string(core.StatusReady) + validOrder.Status = &ready exp = sa.clk.Now().AddDate(-30, 0, 0).Unix() validOrder.Expires = &exp } diff --git a/wfe2/wfe.go b/wfe2/wfe.go index fa0593a40..752700966 100644 --- a/wfe2/wfe.go +++ b/wfe2/wfe.go @@ -1805,13 +1805,8 @@ func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.Req return } - // Prior to ACME draft-10 the "ready" status did not exist and orders in - // a pending status with valid authzs were finalizable. We accept both states - // here for deployability ease. In the future we will only allow ready orders - // to be finalized. - // TODO(@cpu): Forbid finalizing "Pending" orders - if *order.Status != string(core.StatusPending) && - *order.Status != string(core.StatusReady) { + // Only ready orders can be finalized. + if *order.Status != string(core.StatusReady) { wfe.sendError(response, logEvent, probs.Malformed( "Order's status (%q) is not acceptable for finalization", diff --git a/wfe2/wfe_test.go b/wfe2/wfe_test.go index d2469f761..bcf5019c1 100644 --- a/wfe2/wfe_test.go +++ b/wfe2/wfe_test.go @@ -2174,21 +2174,9 @@ func TestFinalizeOrder(t *testing.T) { ExpectedBody: `{"type":"` + probs.V2ErrorNS + `malformed","detail":"Order 7 is expired","status":404}`, }, { - Name: "Good CSR, Pending Order", - Request: signAndPost(t, "1/4", "http://localhost/1/4", goodCertCSRPayload, 1, wfe.nonceService), - ExpectedHeaders: map[string]string{"Location": "http://localhost/acme/order/1/4"}, - ExpectedBody: ` -{ - "status": "processing", - "expires": "1970-01-01T00:00:00.9466848Z", - "identifiers": [ - {"type":"dns","value":"example.com"} - ], - "authorizations": [ - "http://localhost/acme/authz/hello" - ], - "finalize": "http://localhost/acme/finalize/1/4" -}`, + Name: "Good CSR, Pending Order", + Request: signAndPost(t, "1/4", "http://localhost/1/4", goodCertCSRPayload, 1, wfe.nonceService), + ExpectedBody: `{"type":"` + probs.V2ErrorNS + `malformed","detail":"Order's status (\"pending\") is not acceptable for finalization","status":400}`, }, { Name: "Good CSR, Ready Order", @@ -2229,7 +2217,7 @@ func TestFinalizeOrder(t *testing.T) { // to match the whole response body because the "detail" of a bad CSR problem // contains a verbose Go error message that can change between versions (e.g. // Go 1.10.4 to 1.11 changed the expected format) - badCSRReq := signAndPost(t, "1/4", "http://localhost/1/4", `{"CSR": "ABCD"}`, 1, wfe.nonceService) + badCSRReq := signAndPost(t, "1/8", "http://localhost/1/8", `{"CSR": "ABCD"}`, 1, wfe.nonceService) responseWriter.Body.Reset() responseWriter.HeaderMap = http.Header{} wfe.FinalizeOrder(ctx, newRequestEvent(), responseWriter, badCSRReq) @@ -2819,7 +2807,7 @@ func TestFinalizeSCTError(t *testing.T) { }` // Create a finalization request with the above payload - request := signAndPost(t, "1/4", "http://localhost/1/4", goodCertCSRPayload, 1, wfe.nonceService) + request := signAndPost(t, "1/8", "http://localhost/1/8", goodCertCSRPayload, 1, wfe.nonceService) // POST the finalize order request. wfe.FinalizeOrder(ctx, newRequestEvent(), responseWriter, request)