Skip to content

Commit

Permalink
Fix challenge up Link relation header (letsencrypt#4264)
Browse files Browse the repository at this point in the history 
and adds a test to check the relation is what we expect.

Fixes letsencrypt#4262.
  • Loading branch information
@rolandshoemaker
rolandshoemaker authored Jun 18, 2019
1 parent 18a3c78 commit 4e10063
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 10 deletions.
18 changes: 10 additions & 8 deletions wfe/wfe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -736,12 +736,7 @@ func (wfe *WebFrontEndImpl) NewAuthorization(ctx context.Context, logEvent *web.
logEvent.Created = authz.ID

// Make a URL for this authz, then blow away the ID and RegID before serializing
var authzURL string
if authz.V2 {
authzURL = web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", authzPath, authz2Prefix, authz.ID))
} else {
authzURL = web.RelativeEndpoint(request, authzPath+string(authz.ID))
}
authzURL := urlForAuthz(authz, request)
wfe.prepAuthorizationForDisplay(request, &authz)

response.Header().Add("Location", authzURL)
Expand Down Expand Up @@ -1158,7 +1153,7 @@ func (wfe *WebFrontEndImpl) getChallenge(

wfe.prepChallengeForDisplay(request, authz, challenge)

authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URI)
response.Header().Add("Link", link(authzURL, "up"))

Expand Down Expand Up @@ -1249,7 +1244,7 @@ func (wfe *WebFrontEndImpl) postChallenge(
challenge := returnAuthz.Challenges[challengeIndex]
wfe.prepChallengeForDisplay(request, authz, &challenge)

authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URI)
response.Header().Add("Link", link(authzURL, "up"))

Expand Down Expand Up @@ -1669,3 +1664,10 @@ func (wfe *WebFrontEndImpl) addIssuingCertificateURLs(response http.ResponseWrit
}
return nil
}

func urlForAuthz(authz core.Authorization, request *http.Request) string {
if authz.V2 {
return web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", authzPath, authz2Prefix, authz.ID))
}
return web.RelativeEndpoint(request, authzPath+string(authz.ID))
}
25 changes: 25 additions & 0 deletions wfe/wfe_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"net/http"
"net/http/httptest"
"net/url"
"os"
"sort"
"strconv"
"strings"
Expand Down Expand Up @@ -1109,6 +1110,30 @@ func TestGetChallenge(t *testing.T) {
}
}

func TestGetChallengeV2UpRel(t *testing.T) {
if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") {
return
}

wfe, _ := setupWFE(t)
_ = features.Set(map[string]bool{"NewAuthorizationSchema": true})

challengeURL := "http://localhost/acme/challenge/v2/1/-ZfxEw=="
resp := httptest.NewRecorder()

req, err := http.NewRequest("GET", challengeURL, nil)
req.URL.Path = "v2/1/-ZfxEw=="
test.AssertNotError(t, err, "Could not make NewRequest")

wfe.Challenge(ctx, newRequestEvent(), resp, req)
test.AssertEquals(t,
resp.Code,
http.StatusAccepted)
test.AssertEquals(t,
resp.Header().Get("Link"),
`<http://localhost/acme/authz/v2/1>;rel="up"`)
}

func TestChallenge(t *testing.T) {
wfe, _ := setupWFE(t)
responseWriter := httptest.NewRecorder()
Expand Down
11 changes: 9 additions & 2 deletions wfe2/wfe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1088,7 +1088,7 @@ func (wfe *WebFrontEndImpl) getChallenge(

wfe.prepChallengeForDisplay(request, authz, challenge)

authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URL)
response.Header().Add("Link", link(authzURL, "up"))

Expand Down Expand Up @@ -1183,7 +1183,7 @@ func (wfe *WebFrontEndImpl) postChallenge(
challenge := returnAuthz.Challenges[challengeIndex]
wfe.prepChallengeForDisplay(request, authz, &challenge)

authzURL := web.RelativeEndpoint(request, authzPath+string(authz.ID))
authzURL := urlForAuthz(authz, request)
response.Header().Add("Location", challenge.URL)
response.Header().Add("Link", link(authzURL, "up"))

Expand Down Expand Up @@ -2079,3 +2079,10 @@ func extractRequesterIP(req *http.Request) (net.IP, error) {
}
return net.ParseIP(host), nil
}

func urlForAuthz(authz core.Authorization, request *http.Request) string {
if authz.V2 {
return web.RelativeEndpoint(request, fmt.Sprintf("%s%s/%s", authzPath, authz2Prefix, authz.ID))
}
return web.RelativeEndpoint(request, authzPath+string(authz.ID))
}
25 changes: 25 additions & 0 deletions wfe2/wfe_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"net/http"
"net/http/httptest"
"net/url"
"os"
"sort"
"strconv"
"strings"
Expand Down Expand Up @@ -3113,3 +3114,27 @@ func TestMandatoryPOSTAsGET(t *testing.T) {
})
}
}

func TestGetChallengeV2UpRel(t *testing.T) {
if !strings.HasSuffix(os.Getenv("BOULDER_CONFIG_DIR"), "config-next") {
return
}

wfe, _ := setupWFE(t)
_ = features.Set(map[string]bool{"NewAuthorizationSchema": true})

challengeURL := "http://localhost/acme/challenge/v2/1/-ZfxEw=="
resp := httptest.NewRecorder()

req, err := http.NewRequest("GET", challengeURL, nil)
req.URL.Path = "v2/1/-ZfxEw=="
test.AssertNotError(t, err, "Could not make NewRequest")

wfe.Challenge(ctx, newRequestEvent(), resp, req)
test.AssertEquals(t,
resp.Code,
http.StatusOK)
test.AssertEquals(t,
resp.Header().Get("Link"),
`<http://localhost/acme/authz/v2/1>;rel="up"`)
}

0 comments on commit 4e10063

Please sign in to comment.