From 080497bf4c83844fbdd9e9fd889d7bb871ccc770 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 8 Oct 2019 04:48:31 -0600 Subject: [PATCH] email -> subscriberEmail --- README.md | 25 +++++++++++++++++++++++-- lib/acme.js | 7 +++++-- tests/index.js | 3 ++- 3 files changed, 30 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0092090..c708632 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,24 @@ var ACME = window.ACME; You can see `tests/index.js`, `examples/index.html`, `examples/app.js` in the repo for full example usage. +### Emails: Maintainer vs Subscriber vs Customer + +- `maintainerEmail` should be the email address of the **author of the code**. + This person will receive critical security and API change notifications. +- `subscriberEmail` should be the email of the **admin of the hosting service**. + This person agrees to the Let's Encrypt Terms of Service and will be notified + when a certificate fails to renew. +- `customerEmail` should be the email of individual who owns the domain. + This is optional (not currently implemented). + +Generally speaking **YOU** are the _maintainer_ and you **or your employer** is the _subscriber_. + +If you (or your employer) is running any type of service +you **SHOULD NOT** pass the _customer_ email as the subscriber email. + +If you are not running a service (you may be building a CLI, for example), +then you should prompt the user for their email address, and they are the subscriber. + ### Instantiate ACME.js Although built for Let's Encrypt, ACME.js will work with any server @@ -85,7 +103,9 @@ that supports draft-15 of the ACME spec (includes POST-as-GET support). The `init()` method takes a _directory url_ and initializes internal state according to its response. ```js -var acme = ACME.create({}); +var acme = ACME.create({ + maintainerEmail: 'jon@example.com' +}); acme.init('https://acme-staging-v02.api.letsencrypt.org/directory').then( function() { // Ready to use, show page @@ -119,7 +139,7 @@ Keypairs.generate({ kty: 'EC' }).then(function(pair) { } }, accountKeypair: { privateKeyJwk: pair.private }, - email: $('.js-email-input').value + subscriberEmail: $('.js-email-input').value }) .then(function(_account) { account = _account; @@ -151,6 +171,7 @@ Keypairs.generate({ kty: 'EC' }).then(function(pair) { serverKeypair: { privateKeyJwk: serverPrivateKey }, domains: ['example.com', 'www.example.com'], challenges: challenges, // must be implemented + customerEmail: null, skipDryRun: true }) .then(function(results) { diff --git a/lib/acme.js b/lib/acme.js index 6d7071b..415f619 100644 --- a/lib/acme.js +++ b/lib/acme.js @@ -165,8 +165,11 @@ ACME._registerAccount = function(me, options) { var contact; if (options.contact) { contact = options.contact.slice(0); - } else if (options.email) { - contact = ['mailto:' + options.email]; + } else if (options.subscriberEmail || options.email) { + contact = [ + 'mailto:' + + (options.subscriberEmail || options.email) + ]; } var accountRequest = { termsOfServiceAgreed: tosUrl === me._tos, diff --git a/tests/index.js b/tests/index.js index 27d9bbd..8607a19 100644 --- a/tests/index.js +++ b/tests/index.js @@ -90,7 +90,7 @@ async function happyPath(accKty, srvKty, rnd) { agreeToTerms: agree, // TODO detect jwk/pem/der? accountKeypair: { privateKeyJwk: accountKeypair.private }, - email: config.email + subscriberEmail: config.email }); // TODO top-level agree function agree(tos) { @@ -143,6 +143,7 @@ async function happyPath(accKty, srvKty, rnd) { serverKeypair: { privateKeyJwk: serverKeypair.private }, domains: domains, challenges: challenges, // must be implemented + customerEmail: null, skipDryRun: true });