forked from TrueCloudLab/certificates
ACME accountUpdate ignore fields not recognized by the server.
This commit is contained in:
max furman
parent
e855707dc2
commit
4cb777bdc1
2 changed files with 37 additions and 3 deletions
|
|
@ -65,7 +65,9 @@ func (u *UpdateAccountRequest) Validate() error {
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
default:
|
default:
|
||||||
return acme.MalformedErr(errors.Errorf("empty update request"))
|
// According to the ACME spec (https://tools.ietf.org/html/rfc8555#section-7.3.2)
|
||||||
|
// accountUpdate should ignore any fields not recognized by the server.
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -148,6 +150,8 @@ func (h *Handler) GetUpdateAccount(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If PostAsGet just respond with the account, otherwise process like a
|
||||||
|
// normal Post request.
|
||||||
if !payload.isPostAsGet {
|
if !payload.isPostAsGet {
|
||||||
var uar UpdateAccountRequest
|
var uar UpdateAccountRequest
|
||||||
if err := json.Unmarshal(payload.value, &uar); err != nil {
|
if err := json.Unmarshal(payload.value, &uar); err != nil {
|
||||||
|
|
@ -159,9 +163,12 @@ func (h *Handler) GetUpdateAccount(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var err error
|
var err error
|
||||||
|
// If neither the status nor the contacts are being updated then ignore
|
||||||
|
// the updates and return 200. This conforms with the behavior detailed
|
||||||
|
// in the ACME spec (https://tools.ietf.org/html/rfc8555#section-7.3.2).
|
||||||
if uar.IsDeactivateRequest() {
|
if uar.IsDeactivateRequest() {
|
||||||
acc, err = h.Auth.DeactivateAccount(prov, acc.GetID())
|
acc, err = h.Auth.DeactivateAccount(prov, acc.GetID())
|
||||||
} else {
|
} else if len(uar.Contact) > 0 {
|
||||||
acc, err = h.Auth.UpdateAccount(prov, acc.GetID(), uar.Contact)
|
acc, err = h.Auth.UpdateAccount(prov, acc.GetID(), uar.Contact)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,11 @@ func TestUpdateAccountRequestValidate(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"ok/accept-empty": func(t *testing.T) test {
|
||||||
|
return test{
|
||||||
|
uar: &UpdateAccountRequest{},
|
||||||
|
}
|
||||||
|
},
|
||||||
}
|
}
|
||||||
for name, run := range tests {
|
for name, run := range tests {
|
||||||
tc := run(t)
|
tc := run(t)
|
||||||
|
|
@ -700,7 +705,29 @@ func TestHandlerGetUpdateAccount(t *testing.T) {
|
||||||
statusCode: 200,
|
statusCode: 200,
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ok/new-account": func(t *testing.T) test {
|
"ok/update-empty": func(t *testing.T) test {
|
||||||
|
uar := &UpdateAccountRequest{}
|
||||||
|
b, err := json.Marshal(uar)
|
||||||
|
assert.FatalError(t, err)
|
||||||
|
ctx := context.WithValue(context.Background(), provisionerContextKey, prov)
|
||||||
|
ctx = context.WithValue(ctx, accContextKey, &acc)
|
||||||
|
ctx = context.WithValue(ctx, payloadContextKey, &payloadInfo{value: b})
|
||||||
|
return test{
|
||||||
|
auth: &mockAcmeAuthority{
|
||||||
|
getLink: func(typ acme.Link, provID string, abs bool, in ...string) string {
|
||||||
|
assert.Equals(t, typ, acme.AccountLink)
|
||||||
|
assert.Equals(t, provID, acme.URLSafeProvisionerName(prov))
|
||||||
|
assert.True(t, abs)
|
||||||
|
assert.Equals(t, in, []string{accID})
|
||||||
|
return fmt.Sprintf("https://ca.smallstep.com/acme/%s/account/%s",
|
||||||
|
acme.URLSafeProvisionerName(prov), accID)
|
||||||
|
},
|
||||||
|
},
|
||||||
|
ctx: ctx,
|
||||||
|
statusCode: 200,
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ok/update-contacts": func(t *testing.T) test {
|
||||||
uar := &UpdateAccountRequest{
|
uar := &UpdateAccountRequest{
|
||||||
Contact: []string{"foo", "bar"},
|
Contact: []string{"foo", "bar"},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue