PR review fixes / updates

smallstep · Mar 29, 2021 · 6b8585c · 6b8585c
1 parent bdace1e
commit 6b8585c
Show file tree

Hide file tree

Showing 13 changed files with 113 additions and 1,866 deletions.
diff --git a/acme/account.go b/acme/account.go
@@ -11,11 +11,11 @@ import (
 // Account is a subset of the internal account type containing only those
 // attributes required for responses in the ACME protocol.
 type Account struct {
+	ID        string           `json:"-"`
+	Key       *jose.JSONWebKey `json:"-"`
 	Contact   []string         `json:"contact,omitempty"`
 	Status    Status           `json:"status"`
 	OrdersURL string           `json:"orders"`
-	ID        string           `json:"-"`
-	Key       *jose.JSONWebKey `json:"-"`
 }
 
 // ToLog enables response logging.

diff --git a/acme/api/handler.go b/acme/api/handler.go
@@ -21,14 +21,14 @@ func link(url, typ string) string {
 }
 
 // Clock that returns time in UTC rounded to seconds.
-type Clock int
+type Clock struct{}
 
 // Now returns the UTC time rounded to seconds.
 func (c *Clock) Now() time.Time {
 	return time.Now().UTC().Round(time.Second)
 }
 
-var clock = new(Clock)
+var clock Clock
 
 type payloadInfo struct {
 	value       []byte
@@ -65,7 +65,7 @@ type HandlerOptions struct {
 // NewHandler returns a new ACME API handler.
 func NewHandler(ops HandlerOptions) api.RouterHandler {
 	client := http.Client{
-		Timeout: time.Duration(30 * time.Second),
+		Timeout: 30 * time.Second,
 	}
 	dialer := &net.Dialer{
 		Timeout: 30 * time.Second,
@@ -89,8 +89,8 @@ func NewHandler(ops HandlerOptions) api.RouterHandler {
 func (h *Handler) Route(r api.Router) {
 	getLink := h.linker.GetLinkExplicit
 	// Standard ACME API
-	r.MethodFunc("GET", getLink(NewNonceLinkType, "{provisionerID}", false, nil), h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.GetNonce))))
-	r.MethodFunc("HEAD", getLink(NewNonceLinkType, "{provisionerID}", false, nil), h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.GetNonce))))
+	r.MethodFunc("GET", getLink(NewNonceLinkType, "{provisionerID}", false, nil), h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.addDirLink(h.GetNonce)))))
+	r.MethodFunc("HEAD", getLink(NewNonceLinkType, "{provisionerID}", false, nil), h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.addDirLink(h.GetNonce)))))
 	r.MethodFunc("GET", getLink(DirectoryLinkType, "{provisionerID}", false, nil), h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.GetDirectory))))
 	r.MethodFunc("HEAD", getLink(DirectoryLinkType, "{provisionerID}", false, nil), h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.GetDirectory))))
 
@@ -218,6 +218,7 @@ func (h *Handler) GetChallenge(w http.ResponseWriter, r *http.Request) {
 		api.WriteError(w, acme.WrapErrorISE(err, "error retrieving challenge"))
 		return
 	}
+	ch.AuthorizationID = azID
 	if acc.ID != ch.AccountID {
 		api.WriteError(w, acme.NewError(acme.ErrorUnauthorizedType,
 			"account '%s' does not own challenge '%s'", acc.ID, ch.ID))

diff --git a/acme/api/handler_test.go b/acme/api/handler_test.go
@@ -582,6 +582,7 @@ func TestHandler_GetChallenge(t *testing.T) {
 						assert.Equals(t, ch.Status, acme.StatusPending)
 						assert.Equals(t, ch.Type, "http-01")
 						assert.Equals(t, ch.AccountID, "accID")
+						assert.Equals(t, ch.AuthorizationID, "authzID")
 						assert.HasSuffix(t, ch.Error.Type, acme.ErrorConnectionType.String())
 						return acme.NewErrorISE("force")
 					},
@@ -623,17 +624,19 @@ func TestHandler_GetChallenge(t *testing.T) {
 						assert.Equals(t, ch.Status, acme.StatusPending)
 						assert.Equals(t, ch.Type, "http-01")
 						assert.Equals(t, ch.AccountID, "accID")
+						assert.Equals(t, ch.AuthorizationID, "authzID")
 						assert.HasSuffix(t, ch.Error.Type, acme.ErrorConnectionType.String())
 						return nil
 					},
 				},
 				ch: &acme.Challenge{
-					ID:        "chID",
-					Status:    acme.StatusPending,
-					Type:      "http-01",
-					AccountID: "accID",
-					URL:       url,
-					Error:     acme.NewError(acme.ErrorConnectionType, "force"),
+					ID:              "chID",
+					Status:          acme.StatusPending,
+					AuthorizationID: "authzID",
+					Type:            "http-01",
+					AccountID:       "accID",
+					URL:             url,
+					Error:           acme.NewError(acme.ErrorConnectionType, "force"),
 				},
 				vco: &acme.ValidateChallengeOptions{
 					HTTPGet: func(string) (*http.Response, error) {