v3.1.1: perform all sets, then all gets, then all removes

2025-11-04 02:22:49 +00:00 · 2019-06-07 00:14:10 -06:00 · 2019-06-07 00:14:10 -06:00 · ea508c68f4
commit ea508c68f4
parent 17e409b158
2 changed files with 171 additions and 141 deletions
--- a/index.js
+++ b/index.js
@ -54,13 +54,171 @@ function promiseCheckAndCatch(obj, name) {
 	};
 }
-// Here's the meat, where the tests are happening:
+function mapAsync(els, doer) {
-function run(challenger, opts) {
+	els = els.slice(0);
-	var ch = opts.challenge;
+	var results = [];
-	if ('http-01' === ch.type && ch.wildname) {
+	function next() {
-		throw new Error('http-01 cannot be used for wildcard domains');
+		var el = els.shift();
 		if (!el) {
 			return results;
 		}
 		return doer(el).then(function(result) {
 			results.push(result);
 			return next();
 		});
 	}
 	return next();
 }
 // Here's the meat, where the tests are happening:
 function testEach(type, domains, challenger) {
 	var chr = wrapChallenger(challenger);
 	var all = domains.map(function(d) {
 		return { domain: d };
 	});
 	return mapAsync(all, function(opts) {
 		console.info("TEST '%s'", opts.domain);
 		opts.challenge = getChallenge(type, opts.domain);
 		var ch = opts.challenge;
 		if ('http-01' === ch.type && ch.wildname) {
 			throw new Error('http-01 cannot be used for wildcard domains');
 		}
 		// The first time we just check it against itself
 		// this will cause the prompt to appear
 		return chr.set(opts).then(function() {
 			// this will cause the final completion message to appear
 			// _test is used by the manual cli reference implementations
 			var query = { type: ch.type, /*debug*/ status: ch.status, _test: true };
 			if ('http-01' === ch.type) {
 				query.identifier = ch.identifier;
 				query.token = ch.token;
 				// For testing only
 				query.url = ch.challengeUrl;
 			} else if ('dns-01' === ch.type) {
 				query.identifier = { type: 'dns', value: ch.dnsHost };
 				// For testing only
 				query.altname = ch.altname;
 				// there should only be two possible TXT records per challenge domain:
 				// one for the bare domain, and the other if and only if there's a wildcard
 				query.wildcard = ch.wildcard;
 				query.dnsAuthorization = ch.dnsAuthorization;
 			} else {
 				query = JSON.parse(JSON.stringify(ch));
 				query.comment = 'unknown challenge type, supplying everything';
 			}
 			opts.query = query;
 			return opts;
 		});
 	})
 		.then(function(all) {
 			return mapAsync(all, function(opts) {
 				var ch = opts.challenge;
 				return chr.get({ challenge: opts.query }).then(function(secret) {
 					if ('string' === typeof secret) {
 						console.info(
 							'secret was passed as a string, which works historically, but should be an object instead:'
 						);
 						console.info('{ "keyAuthorization": "' + secret + '" }');
 						console.info('or');
 						// TODO this should be "keyAuthorizationDigest"
 						console.info('{ "dnsAuthorization": "' + secret + '" }');
 						console.info(
 							'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types'
 						);
 					}
 					// historically 'secret' has been a string, but I'd like it to transition to be an object.
 					// to make it backwards compatible in v2.7 to change it,
 					// so I'm not sure that we really need to.
 					if ('http-01' === ch.type) {
 						secret = secret.keyAuthorization || secret;
 						if (ch.keyAuthorization !== secret) {
 							throw new Error(
 								"http-01 challenge.get() returned '" +
 									secret +
 									"', which does not match the keyAuthorization" +
 									" saved with challenge.set(), which was '" +
 									ch.keyAuthorization +
 									"'"
 							);
 						}
 					} else if ('dns-01' === ch.type) {
 						secret = secret.dnsAuthorization || secret;
 						if (ch.dnsAuthorization !== secret) {
 							throw new Error(
 								"dns-01 challenge.get() returned '" +
 									secret +
 									"', which does not match the dnsAuthorization" +
 									" (keyAuthDigest) saved with challenge.set(), which was '" +
 									ch.dnsAuthorization +
 									"'"
 							);
 						}
 					} else {
 						if ('tls-alpn-01' === ch.type) {
 							console.warn(
 								"'tls-alpn-01' support is in development" +
 									" (or developed and we haven't update this yet). Please contact us."
 							);
 						} else {
 							console.warn(
 								"We don't know how to test '" +
 									ch.type +
 									"'... are you sure that's a thing?"
 							);
 						}
 						secret = secret.keyAuthorization || secret;
 						if (ch.keyAuthorization !== secret) {
 							console.warn(
 								"The returned value doesn't match keyAuthorization",
 								ch.keyAuthorization,
 								secret
 							);
 						}
 					}
 				});
 			});
 		})
 		.then(function() {
 			return mapAsync(all, function(opts) {
 				return chr.remove(opts).then(function() {
 					return chr.get(opts).then(function(result) {
 						if (result) {
 							throw new Error(
 								'challenge.remove() should have made it not possible for challenge.get() to return a value'
 							);
 						}
 						if (null !== result) {
 							throw new Error(
 								'challenge.get() should return null when the value is not set'
 							);
 						}
 						console.info("PASS '%s'", opts.domain);
 					});
 				});
 			});
 		})
 		.then(function() {
 			console.info('All soft tests: PASS');
 			console.warn(
 				'Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.'
 			);
 			console.warn(
 				"We'll copy them over here as well, but that's a TODO for next week."
 			);
 		});
 }
 function testZone(type, zone, challenger) {
 	var domains = [zone, 'foo.' + zone];
 	if ('dns-01' === type) {
 		domains.push('*.foo.' + zone);
 	}
 	return testEach(type, domains, challenger);
 }
 function wrapChallenger(challenger) {
 	var set = promiseCheckAndCatch(challenger, 'set');
 	if ('function' !== typeof challenger.get) {
 		throw new Error(
@ -73,142 +231,10 @@ function run(challenger, opts) {
 	var get = promiseCheckAndCatch(challenger, 'get');
 	var remove = promiseCheckAndCatch(challenger, 'remove');
-	// The first time we just check it against itself
+	return { set: set, get: get, remove: remove };
 	// this will cause the prompt to appear
 	return set(opts).then(function() {
 		// this will cause the final completion message to appear
 		// _test is used by the manual cli reference implementations
 		var query = { type: ch.type, /*debug*/ status: ch.status, _test: true };
 		if ('http-01' === ch.type) {
 			query.identifier = ch.identifier;
 			query.token = ch.token;
 			// For testing only
 			query.url = ch.challengeUrl;
 		} else if ('dns-01' === ch.type) {
 			query.identifier = { type: 'dns', value: ch.dnsHost };
 			// For testing only
 			query.altname = ch.altname;
 			// there should only be two possible TXT records per challenge domain:
 			// one for the bare domain, and the other if and only if there's a wildcard
 			query.wildcard = ch.wildcard;
 			query.dnsAuthorization = ch.dnsAuthorization;
 		} else {
 			query = JSON.parse(JSON.stringify(ch));
 			query.comment = 'unknown challenge type, supplying everything';
 		}
 		return get({ challenge: query })
 			.then(function(secret) {
 				if ('string' === typeof secret) {
 					console.info(
 						'secret was passed as a string, which works historically, but should be an object instead:'
 					);
 					console.info('{ "keyAuthorization": "' + secret + '" }');
 					console.info('or');
 					// TODO this should be "keyAuthorizationDigest"
 					console.info('{ "dnsAuthorization": "' + secret + '" }');
 					console.info(
 						'This is to help keep acme / greenlock (and associated plugins) future-proof for new challenge types'
 					);
 				}
 				// historically 'secret' has been a string, but I'd like it to transition to be an object.
 				// to make it backwards compatible in v2.7 to change it,
 				// so I'm not sure that we really need to.
 				if ('http-01' === ch.type) {
 					secret = secret.keyAuthorization || secret;
 					if (ch.keyAuthorization !== secret) {
 						throw new Error(
 							"http-01 challenge.get() returned '" +
 								secret +
 								"', which does not match the keyAuthorization" +
 								" saved with challenge.set(), which was '" +
 								ch.keyAuthorization +
 								"'"
 						);
 					}
 				} else if ('dns-01' === ch.type) {
 					secret = secret.dnsAuthorization || secret;
 					if (ch.dnsAuthorization !== secret) {
 						throw new Error(
 							"dns-01 challenge.get() returned '" +
 								secret +
 								"', which does not match the dnsAuthorization" +
 								" (keyAuthDigest) saved with challenge.set(), which was '" +
 								ch.dnsAuthorization +
 								"'"
 						);
 					}
 				} else {
 					if ('tls-alpn-01' === ch.type) {
 						console.warn(
 							"'tls-alpn-01' support is in development" +
 								" (or developed and we haven't update this yet). Please contact us."
 						);
 					} else {
 						console.warn(
 							"We don't know how to test '" +
 								ch.type +
 								"'... are you sure that's a thing?"
 						);
 					}
 					secret = secret.keyAuthorization || secret;
 					if (ch.keyAuthorization !== secret) {
 						console.warn(
 							"The returned value doesn't match keyAuthorization",
 							ch.keyAuthorization,
 							secret
 						);
 					}
 				}
 			})
 			.then(function() {
 				return remove(opts).then(function() {
 					return get(opts).then(function(result) {
 						if (result) {
 							throw new Error(
 								'challenge.remove() should have made it not possible for challenge.get() to return a value'
 							);
 						}
 						if (null !== result) {
 							throw new Error(
 								'challenge.get() should return null when the value is not set'
 							);
 						}
 					});
 				});
 			});
 	});
 }
-function testZone(type, zone, challenger) {
+function getChallenge(type, altname) {
 	var domains = [zone, 'foo.' + zone];
 	if ('dns-01' === type) {
 		domains.push('*.foo.' + zone);
 	}
 	function next() {
 		var domain = domains.shift();
 		if (!domain) {
 			return;
 		}
 		console.info("TEST '%s'", domain);
 		return testRecord(type, domain, challenger).then(function() {
 			console.info("PASS '%s'", domain);
 			return next();
 		});
 	}
 	return next().then(function() {
 		console.info('All soft tests: PASS');
 		console.warn(
 			'Hard tests (actually checking http URLs and dns records) is implemented in acme-v2.'
 		);
 		console.warn(
 			"We'll copy them over here as well, but that's a TODO for next week."
 		);
 	});
 };
 function testRecord(type, altname, challenger) {
 	var expires = new Date(Date.now() + 10 * 60 * 1000).toISOString();
 	var token = crypto.randomBytes(8).toString('hex');
 	var thumb = crypto.randomBytes(16).toString('hex');
@ -245,7 +271,11 @@ function testRecord(type, altname, challenger) {
 		'http://' + altname + '/.well-known/acme-challenge/' + challenge.token;
 	challenge.dnsHost += altname;
-	return run(challenger, { challenge: challenge });
+	return challenge;
 }
 function testRecord(type, altname, challenger) {
 	return testEach(type, [altname], challenger);
 }
 module.exports.testRecord = testRecord;
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
 	"name": "acme-challenge-test",
-	"version": "3.1.0",
+	"version": "3.1.1",
 	"description": "The base set of tests for all ACME challenge strategies. Any `acme-http-01-`, `acme-dns-01-`, `acme-challenge-`, or greenlock plugin should be able to pass these tests.",
 	"main": "index.js",
 	"homepage": "https://git.rootprojects.org/root/acme-challenge-test.js",