now passes tests for invalid account
This commit is contained in:
parent
d8c46652cf
commit
25f8b591db
15
index.js
15
index.js
|
@ -1,19 +1,20 @@
|
|||
'use strict';
|
||||
|
||||
var leCore = require('letiny-core');
|
||||
var ACME = require('le-acme-core').ACME;
|
||||
|
||||
var LE = module.exports;
|
||||
LE.LE = LE;
|
||||
// in-process cache, shared between all instances
|
||||
var ipc = {};
|
||||
|
||||
LE.defaults = {
|
||||
productionServerUrl: leCore.productionServerUrl
|
||||
, stagingServerUrl: leCore.stagingServerUrl
|
||||
productionServerUrl: ACME.productionServerUrl
|
||||
, stagingServerUrl: ACME.stagingServerUrl
|
||||
|
||||
, rsaKeySize: leCore.rsaKeySize || 2048
|
||||
, challengeType: leCore.challengeType || 'http-01'
|
||||
, rsaKeySize: ACME.rsaKeySize || 2048
|
||||
, challengeType: ACME.challengeType || 'http-01'
|
||||
|
||||
, acmeChallengePrefix: leCore.acmeChallengePrefix
|
||||
, acmeChallengePrefix: ACME.acmeChallengePrefix
|
||||
};
|
||||
|
||||
// backwards compat
|
||||
|
@ -50,7 +51,7 @@ LE._undefine = function (le) {
|
|||
LE.create = function (le) {
|
||||
var PromiseA = require('bluebird');
|
||||
|
||||
le.acme = le.acme || leCore;
|
||||
le.acme = le.acme || ACME.create({ debug: le.debug });
|
||||
le.store = le.store || require('le-store-certbot').create({ debug: le.debug });
|
||||
le.challenger = le.challenger || require('le-store-certbot').create({ debug: le.debug });
|
||||
le.core = require('./lib/core');
|
||||
|
|
78
lib/core.js
78
lib/core.js
|
@ -36,7 +36,24 @@ module.exports.create = function (le) {
|
|||
//
|
||||
, accounts: {
|
||||
registerAsync: function (args) {
|
||||
var err;
|
||||
|
||||
if (!args.email || !args.agreeTos || (parseInt(args.rsaKeySize, 10) < 2048)) {
|
||||
err = new Error(
|
||||
"In order to register an account both 'email' and 'agreeTos' must be present"
|
||||
+ " and 'rsaKeySize' must be 2048 or greater."
|
||||
);
|
||||
err.code = 'E_ARGS';
|
||||
return PromiseA.reject(err);
|
||||
}
|
||||
|
||||
return utils.testEmail(args.email).then(function () {
|
||||
|
||||
return RSA.generateKeypairAsync(args.rsaKeySize, 65537, { public: true, pem: true }).then(function (keypair) {
|
||||
// Note: the ACME urls are always fetched fresh on purpose
|
||||
// TODO is this the right place for this?
|
||||
return core.getAcmeUrlsAsync(args).then(function (urls) {
|
||||
args._acmeUrls = urls;
|
||||
|
||||
return le.acme.registerNewAccountAsync({
|
||||
email: args.email
|
||||
|
@ -79,34 +96,41 @@ module.exports.create = function (le) {
|
|||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
// getOrCreateAcmeAccount
|
||||
|
||||
, getAsync: function (args) {
|
||||
return core.accounts.checkAsync(args).then(function (account) {
|
||||
if (account) {
|
||||
return le.store.accounts.checkAccount(args);
|
||||
return account;
|
||||
} else {
|
||||
return core.accounts.registerAsync(args);
|
||||
}
|
||||
});
|
||||
}
|
||||
, checkAsync: function (args) {
|
||||
return le.store.accounts.checkAccountId(args).then(function (accountId) {
|
||||
|
||||
if (!accountId) {
|
||||
, checkAsync: function (args) {
|
||||
var requiredArgs = ['accountId', 'email', 'domains', 'domain'];
|
||||
if (!requiredArgs.some(function (key) { return -1 !== Object.keys(args).indexOf(key) })) {
|
||||
return PromiseA.reject(new Error(
|
||||
"In order to register or retrieve an account one of '" + requiredArgs.join("', '") + "' must be present"
|
||||
));
|
||||
}
|
||||
|
||||
var copy = utils.merge(args, le);
|
||||
args = utils.tplCopy(copy);
|
||||
|
||||
return le.store.accounts.checkAsync(args).then(function (account) {
|
||||
|
||||
if (!account) {
|
||||
return null;
|
||||
}
|
||||
|
||||
args.accountId = accountId;
|
||||
args.account = account;
|
||||
args.accountId = account.id;
|
||||
|
||||
// Note: the ACME urls are always fetched fresh on purpose
|
||||
return core.getAcmeUrlsAsync(args).then(function (urls) {
|
||||
args._acmeUrls = urls;
|
||||
|
||||
|
||||
// return le.store.accounts.checkAccountId(args).then(function (accountId) {
|
||||
return le.store.accounts.checkAsync(args);
|
||||
});
|
||||
return account;
|
||||
});
|
||||
}
|
||||
}
|
||||
|
@ -150,6 +174,11 @@ module.exports.create = function (le) {
|
|||
args.domainKeypair = domainKeypair;
|
||||
//args.registration = domainKey;
|
||||
|
||||
// Note: the ACME urls are always fetched fresh on purpose
|
||||
// TODO is this the right place for this?
|
||||
return core.getAcmeUrlsAsync(args).then(function (urls) {
|
||||
args._acmeUrls = urls;
|
||||
|
||||
return le.acme.getCertificateAsync({
|
||||
debug: args.debug || le.debug
|
||||
|
||||
|
@ -197,8 +226,9 @@ module.exports.create = function (le) {
|
|||
le.challenger.remove(copy, domain, key, done);
|
||||
}
|
||||
}).then(utils.attachCertInfo);
|
||||
});
|
||||
}).then(function (results) {
|
||||
// { cert, chain, fullchain, privkey }
|
||||
// { cert, chain, privkey }
|
||||
|
||||
args.pems = results;
|
||||
return le.store.certificates.setAsync(args).then(function () {
|
||||
|
@ -207,6 +237,10 @@ module.exports.create = function (le) {
|
|||
});
|
||||
});
|
||||
}
|
||||
, renewAsync: function (args) {
|
||||
// TODO fetch email address if not present
|
||||
return core.certificates.registerAsync(args);
|
||||
}
|
||||
, checkAsync: function (args) {
|
||||
var copy = utils.merge(args, le);
|
||||
utils.tplCopy(copy);
|
||||
|
@ -218,20 +252,20 @@ module.exports.create = function (le) {
|
|||
var copy = utils.merge(args, le);
|
||||
args = utils.tplCopy(copy);
|
||||
|
||||
if (args.duplicate) {
|
||||
// we're forcing a refresh via 'dupliate: true'
|
||||
return core.certificates.checkAsync(args).then(function (certs) {
|
||||
if (!certs) {
|
||||
// There is no cert available
|
||||
return core.certificates.registerAsync(args);
|
||||
}
|
||||
|
||||
return core.certificates.checkAsync(args).then(function (certs) {
|
||||
var renewableAt = certs.expiresAt - le.renewWithin;
|
||||
//var halfLife = (certs.expiresAt - certs.issuedAt) / 2;
|
||||
//var renewable = (Date.now() - certs.issuedAt) > halfLife;
|
||||
|
||||
if (!certs || Date.now() >= renewableAt) {
|
||||
// There is no cert available
|
||||
// Or the cert is more than half-expired
|
||||
return core.certificates.registerAsync(args);
|
||||
if (args.duplicate || Date.now() >= renewableAt) {
|
||||
// The cert is more than half-expired
|
||||
// We're forcing a refresh via 'dupliate: true'
|
||||
return core.certificates.renewAsync(args);
|
||||
}
|
||||
|
||||
return PromiseA.reject(new Error(
|
||||
|
|
29
lib/utils.js
29
lib/utils.js
|
@ -4,6 +4,8 @@ var path = require('path');
|
|||
var homeRe = new RegExp("^~(\\/|\\\|\\" + path.sep + ")");
|
||||
var re = /^[a-zA-Z0-9\.\-]+$/;
|
||||
var punycode = require('punycode');
|
||||
var PromiseA = require('bluebird');
|
||||
var dns = PromiseA.promisifyAll(require('dns'));
|
||||
|
||||
module.exports.attachCertInfo = function (results) {
|
||||
var getCertInfo = require('./cert-info').getCertInfo;
|
||||
|
@ -33,7 +35,7 @@ module.exports.isValidDomain = function (domain) {
|
|||
|
||||
module.exports.merge = function (/*defaults, args*/) {
|
||||
var allDefaults = Array.prototype.slice.apply(arguments);
|
||||
var args = args.shift();
|
||||
var args = allDefaults.shift();
|
||||
var copy = {};
|
||||
|
||||
allDefaults.forEach(function (defaults) {
|
||||
|
@ -78,3 +80,28 @@ module.exports.tplCopy = function (copy) {
|
|||
|
||||
return copy;
|
||||
};
|
||||
|
||||
module.exports.testEmail = function (email) {
|
||||
var parts = (email||'').split('@');
|
||||
var err;
|
||||
|
||||
if (2 !== parts.length || !parts[0] || !parts[1]) {
|
||||
err = new Error("malformed email address '" + email + "'");
|
||||
err.code = 'E_EMAIL';
|
||||
return PromiseA.reject(err);
|
||||
}
|
||||
|
||||
return dns.resolveMxAsync(parts[1]).then(function (records) {
|
||||
// records only returns when there is data
|
||||
if (!records.length) {
|
||||
throw new Error("sanity check fail: success, but no MX records returned");
|
||||
}
|
||||
return email;
|
||||
}, function (err) {
|
||||
if ('ENODATA' === err.code) {
|
||||
err = new Error("no MX records found for '" + parts[1] + "'");
|
||||
err.code = 'E_EMAIL';
|
||||
return PromiseA.reject(err);
|
||||
}
|
||||
});
|
||||
};
|
||||
|
|
|
@ -0,0 +1,117 @@
|
|||
'use strict';
|
||||
|
||||
var LE = require('../').LE;
|
||||
var le = LE.create({
|
||||
server: 'staging'
|
||||
, acme: require('le-acme-core').ACME.create()
|
||||
, store: require('le-store-certbot').create({
|
||||
configDir: '~/letsencrypt.test/etc/'
|
||||
})
|
||||
});
|
||||
|
||||
var testId = Math.round(Date.now() / 1000).toString();
|
||||
var fakeEmail = 'coolaj86+le.' + testId + '@example.com';
|
||||
var testEmail = 'coolaj86+le.' + testId + '@example.com';
|
||||
var testAccount;
|
||||
|
||||
var tests = [
|
||||
function () {
|
||||
return le.core.accounts.checkAsync({
|
||||
email: testEmail
|
||||
}).then(function (account) {
|
||||
if (account) {
|
||||
console.error(account);
|
||||
throw new Error("Test account should not exist.");
|
||||
}
|
||||
});
|
||||
}
|
||||
, function () {
|
||||
return le.core.accounts.registerAsync({
|
||||
email: testEmail
|
||||
, agreeTos: false
|
||||
, rsaKeySize: 2048
|
||||
}).then(function (/*account*/) {
|
||||
throw new Error("Should not register if 'agreeTos' is not truthy.");
|
||||
}, function (err) {
|
||||
if (err.code !== 'E_ARGS') {
|
||||
throw err;
|
||||
}
|
||||
});
|
||||
}
|
||||
, function () {
|
||||
return le.core.accounts.registerAsync({
|
||||
email: testEmail
|
||||
, agreeTos: true
|
||||
, rsaKeySize: 1024
|
||||
}).then(function (/*account*/) {
|
||||
throw new Error("Should not register if 'rsaKeySize' is less than 2048.");
|
||||
}, function (err) {
|
||||
if (err.code !== 'E_ARGS') {
|
||||
throw err;
|
||||
}
|
||||
});
|
||||
}
|
||||
, function () {
|
||||
return le.core.accounts.registerAsync({
|
||||
email: fakeEmail
|
||||
, agreeTos: true
|
||||
, rsaKeySize: 2048
|
||||
}).then(function (/*account*/) {
|
||||
// TODO test mx record
|
||||
throw new Error("Registration should NOT succeed with a bad email address.");
|
||||
}, function (err) {
|
||||
if (err.code !== 'E_EMAIL') {
|
||||
throw err;
|
||||
}
|
||||
});
|
||||
}
|
||||
, function () {
|
||||
throw new Error('NOT IMPLEMENTED');
|
||||
return le.core.accounts.registerAsync({
|
||||
email: 'coolaj86+le.' + testId + '@example.com'
|
||||
, agreeTos: true
|
||||
, rsaKeySize: 2048
|
||||
}).then(function (account) {
|
||||
testAccount = account;
|
||||
if (!account) {
|
||||
throw new Error("Registration should always return a new account.");
|
||||
}
|
||||
if (!account.email) {
|
||||
throw new Error("Registration should return the email.");
|
||||
}
|
||||
if (!account.id) {
|
||||
throw new Error("Registration should return the account id.");
|
||||
}
|
||||
});
|
||||
}
|
||||
, function () {
|
||||
return le.core.accounts.checkAsync({
|
||||
email: testAccount.email
|
||||
}).then(function (account) {
|
||||
if (!account) {
|
||||
throw new Error("Test account should exist when searched by email.");
|
||||
}
|
||||
});
|
||||
}
|
||||
, function () {
|
||||
return le.core.accounts.checkAsync({
|
||||
accountId: testAccount.id
|
||||
}).then(function (account) {
|
||||
if (!account) {
|
||||
throw new Error("Test account should exist when searched by account id.");
|
||||
}
|
||||
});
|
||||
}
|
||||
];
|
||||
|
||||
function run() {
|
||||
var test = tests.shift();
|
||||
if (!test) {
|
||||
console.info('All tests passed');
|
||||
return;
|
||||
}
|
||||
|
||||
test().then(run);
|
||||
}
|
||||
|
||||
run();
|
Loading…
Reference in New Issue