mirror of
https://github.com/go-acme/lego.git
synced 2025-07-17 04:12:22 +02:00
fix: rewrite status management (#2428)
This commit is contained in:
Ludovic Fernandez
committed by
GitHub
GitHub
parent
4552d03a4d
commit
c0260c1d8a
@ -124,7 +124,7 @@ func validate(core *api.Core, domain string, chlg acme.Challenge) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
return errors.New("the server didn't respond to our request")
|
||||
return fmt.Errorf("the server didn't respond to our request (status=%s)", authz.Status)
|
||||
}
|
||||
|
||||
return backoff.Retry(operation, bo)
|
||||
@ -137,9 +137,9 @@ func checkChallengeStatus(chlng acme.ExtendedChallenge) (bool, error) {
|
||||
case acme.StatusPending, acme.StatusProcessing:
|
||||
return false, nil
|
||||
case acme.StatusInvalid:
|
||||
return false, chlng.Error
|
||||
return false, fmt.Errorf("invalid challenge: %w", chlng.Err())
|
||||
default:
|
||||
return false, errors.New("the server returned an unexpected state")
|
||||
return false, fmt.Errorf("the server returned an unexpected challenge status: %s", chlng.Status)
|
||||
}
|
||||
}
|
||||
|
||||
@ -154,11 +154,11 @@ func checkAuthorizationStatus(authz acme.Authorization) (bool, error) {
|
||||
case acme.StatusInvalid:
|
||||
for _, chlg := range authz.Challenges {
|
||||
if chlg.Status == acme.StatusInvalid && chlg.Error != nil {
|
||||
return false, chlg.Error
|
||||
return false, fmt.Errorf("invalid authorization: %w", chlg.Err())
|
||||
}
|
||||
}
|
||||
return false, fmt.Errorf("the authorization state %s", authz.Status)
|
||||
return false, errors.New("invalid authorization")
|
||||
default:
|
||||
return false, errors.New("the server returned an unexpected state")
|
||||
return false, fmt.Errorf("the server returned an unexpected authorization status: %s", authz.Status)
|
||||
}
|
||||
}
|
||||
|
||||
@ -55,9 +55,6 @@ func TestValidate(t *testing.T) {
|
||||
statuses = statuses[1:]
|
||||
|
||||
chlg := &acme.Challenge{Type: "http-01", Status: st, URL: "http://example.com/", Token: "token"}
|
||||
if st == acme.StatusInvalid {
|
||||
chlg.Error = &acme.ProblemDetails{}
|
||||
}
|
||||
|
||||
err := tester.WriteJSONResponse(w, chlg)
|
||||
if err != nil {
|
||||
@ -83,7 +80,6 @@ func TestValidate(t *testing.T) {
|
||||
if st == acme.StatusInvalid {
|
||||
chlg := acme.Challenge{
|
||||
Status: acme.StatusInvalid,
|
||||
Error: &acme.ProblemDetails{},
|
||||
}
|
||||
authorization.Challenges = append(authorization.Challenges, chlg)
|
||||
}
|
||||
@ -106,7 +102,7 @@ func TestValidate(t *testing.T) {
|
||||
{
|
||||
name: "POST-unexpected",
|
||||
statuses: []string{"weird"},
|
||||
want: "unexpected",
|
||||
want: "the server returned an unexpected challenge status: weird",
|
||||
},
|
||||
{
|
||||
name: "POST-valid",
|
||||
@ -115,12 +111,12 @@ func TestValidate(t *testing.T) {
|
||||
{
|
||||
name: "POST-invalid",
|
||||
statuses: []string{acme.StatusInvalid},
|
||||
want: "error",
|
||||
want: "invalid challenge:",
|
||||
},
|
||||
{
|
||||
name: "POST-pending-unexpected",
|
||||
statuses: []string{acme.StatusPending, "weird"},
|
||||
want: "unexpected",
|
||||
want: "the server returned an unexpected authorization status: weird",
|
||||
},
|
||||
{
|
||||
name: "POST-pending-valid",
|
||||
@ -129,7 +125,7 @@ func TestValidate(t *testing.T) {
|
||||
{
|
||||
name: "POST-pending-invalid",
|
||||
statuses: []string{acme.StatusPending, acme.StatusInvalid},
|
||||
want: "error",
|
||||
want: "invalid authorization",
|
||||
},
|
||||
}
|
||||
|
||||
@ -148,6 +144,126 @@ func TestValidate(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func Test_checkChallengeStatus(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
challenge acme.Challenge
|
||||
requireErr require.ErrorAssertionFunc
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
desc: "status valid",
|
||||
challenge: acme.Challenge{Status: acme.StatusValid},
|
||||
requireErr: require.NoError,
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
desc: "status invalid",
|
||||
challenge: acme.Challenge{Status: acme.StatusInvalid},
|
||||
requireErr: require.Error,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status invalid with error",
|
||||
challenge: acme.Challenge{Status: acme.StatusInvalid, Error: &acme.ProblemDetails{}},
|
||||
requireErr: require.Error,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status pending",
|
||||
challenge: acme.Challenge{Status: acme.StatusPending},
|
||||
requireErr: require.NoError,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status processing",
|
||||
challenge: acme.Challenge{Status: acme.StatusProcessing},
|
||||
requireErr: require.NoError,
|
||||
expected: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
status, err := checkChallengeStatus(acme.ExtendedChallenge{Challenge: test.challenge})
|
||||
test.requireErr(t, err)
|
||||
|
||||
assert.Equal(t, test.expected, status)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_checkAuthorizationStatus(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
authorization acme.Authorization
|
||||
requireErr require.ErrorAssertionFunc
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
desc: "status valid",
|
||||
authorization: acme.Authorization{Status: acme.StatusValid},
|
||||
requireErr: require.NoError,
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
desc: "status invalid",
|
||||
authorization: acme.Authorization{Status: acme.StatusInvalid},
|
||||
requireErr: require.Error,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status invalid with error",
|
||||
authorization: acme.Authorization{Status: acme.StatusInvalid, Challenges: []acme.Challenge{{Error: &acme.ProblemDetails{}}}},
|
||||
requireErr: require.Error,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status pending",
|
||||
authorization: acme.Authorization{Status: acme.StatusPending},
|
||||
requireErr: require.NoError,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status processing",
|
||||
authorization: acme.Authorization{Status: acme.StatusProcessing},
|
||||
requireErr: require.NoError,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status deactivated",
|
||||
authorization: acme.Authorization{Status: acme.StatusDeactivated},
|
||||
requireErr: require.Error,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status expired",
|
||||
authorization: acme.Authorization{Status: acme.StatusExpired},
|
||||
requireErr: require.Error,
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
desc: "status revoked",
|
||||
authorization: acme.Authorization{Status: acme.StatusRevoked},
|
||||
requireErr: require.Error,
|
||||
expected: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
status, err := checkAuthorizationStatus(test.authorization)
|
||||
test.requireErr(t, err)
|
||||
|
||||
assert.Equal(t, test.expected, status)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// validateNoBody reads the http.Request POST body, parses the JWS and validates it to read the body.
|
||||
// If there is an error doing this,
|
||||
// or if the JWS body is not the empty JSON payload "{}" or a POST-as-GET payload "" an error is returned.
|
||||
|
||||
Reference in New Issue
Block a user