diff options
author | Vladimir Shushlin <v.shushlin@gmail.com> | 2019-03-27 12:04:07 +0300 |
---|---|---|
committer | Vladimir Shushlin <v.shushlin@gmail.com> | 2019-04-03 13:12:47 +0300 |
commit | c0da7921831302fa72bcdcc77efaa8e8914f3f8a (patch) | |
tree | c4b6b9408fff37475a7493dc3758feefe7e1137e | |
parent | 1e950c9c9d83be238172db2bf31d594f1db563f4 (diff) | |
download | gitlab-ce-pages-letsencrypt-poc.tar.gz |
-rw-r--r-- | app/services/pages_domains/create_acme_order_service.rb | 2 | ||||
-rw-r--r-- | db/migrate/20190320102348_create_pages_domains_acme_orders.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/acme_client.rb | 2 | ||||
-rw-r--r-- | spec/factories/application_settings.rb | 7 | ||||
-rw-r--r-- | spec/lib/gitlab/acme_client_spec.rb | 37 | ||||
-rw-r--r-- | spec/services/pages_domains/create_acme_challenge_service_spec.rb | 15 | ||||
-rw-r--r-- | spec/support/helpers/acme_helpers.rb | 31 |
7 files changed, 94 insertions, 1 deletions
diff --git a/app/services/pages_domains/create_acme_order_service.rb b/app/services/pages_domains/create_acme_order_service.rb index 5ef72a4c81d..060ac94509e 100644 --- a/app/services/pages_domains/create_acme_order_service.rb +++ b/app/services/pages_domains/create_acme_order_service.rb @@ -15,10 +15,12 @@ module PagesDomains authorization = order.authorizations.first challenge = authorization.http + private_key = OpenSSL::PKey::RSA.new(4096) acme_order = pages_domain.acme_orders.create!( url: order.url, finalize_url: order.finalize_url, expires: order.expires, + private_key: private_key, challenge_token: challenge.token, challenge_file_content: challenge.file_content diff --git a/db/migrate/20190320102348_create_pages_domains_acme_orders.rb b/db/migrate/20190320102348_create_pages_domains_acme_orders.rb index 9d85af862e3..d1cf93d5277 100644 --- a/db/migrate/20190320102348_create_pages_domains_acme_orders.rb +++ b/db/migrate/20190320102348_create_pages_domains_acme_orders.rb @@ -19,6 +19,7 @@ class CreatePagesDomainsAcmeOrders < ActiveRecord::Migration[5.0] t.string :challenge_token, null: false t.text :challenge_file_content, null: false + t.text :private_key, null: false t.timestamps_with_timezone null: false end end diff --git a/lib/gitlab/acme_client.rb b/lib/gitlab/acme_client.rb index 5a2967a0368..9908e1947de 100644 --- a/lib/gitlab/acme_client.rb +++ b/lib/gitlab/acme_client.rb @@ -63,7 +63,7 @@ module Gitlab end def directory - if Rails.env.production? + if Rails.env.production? || true PRODUCTION_DIRECTORY_URL else STAGING_DIRECTORY_URL diff --git a/spec/factories/application_settings.rb b/spec/factories/application_settings.rb index 00c063c49f8..d2840e9915c 100644 --- a/spec/factories/application_settings.rb +++ b/spec/factories/application_settings.rb @@ -1,5 +1,12 @@ FactoryBot.define do factory :application_setting do default_projects_limit 42 + + trait :with_notification_admin_email do + admin_notification_email { 'vshushlin@gitlab.com' } + end + + trait :with_acme_integration_set do + end end end diff --git a/spec/lib/gitlab/acme_client_spec.rb b/spec/lib/gitlab/acme_client_spec.rb new file mode 100644 index 00000000000..971b6677448 --- /dev/null +++ b/spec/lib/gitlab/acme_client_spec.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::AcmeClient do + include AcmeHelpers + + before do + stub_directory + end + + describe '#create' do + subject { described_class.create } + + context 'when admin email is set' do + let!(:application_setting) { create(:application_setting, admin_notification_email: 'admin@example.com') } + + context 'when account is not yet created' do + it do + subject + end + end + + context 'when account is already created' do + it 'returns Acme client' do + expect(subject).to be_a(Acme::Client) + end + end + end + + context 'when admin email is not set' do + it 'raises an exeption' do + expect { subject }.to raise_error('Acme integration is disabled') + end + end + end +end diff --git a/spec/services/pages_domains/create_acme_challenge_service_spec.rb b/spec/services/pages_domains/create_acme_challenge_service_spec.rb new file mode 100644 index 00000000000..fd56d848ff1 --- /dev/null +++ b/spec/services/pages_domains/create_acme_challenge_service_spec.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe PagesDomains::CreateAcmeChallengeService do + let!(:application_setting) { create(:application_setting, admin_notification_email: 'admin@example.com') } + let(:pages_domain) { create(:pages_domain) } + + it 'creates acme challenge' do + WebMock.allow_net_connect! + expect do + described_class.new(pages_domain).execute + end.to change { PagesDomainAcmeChallenge.count }.by(1) + end +end diff --git a/spec/support/helpers/acme_helpers.rb b/spec/support/helpers/acme_helpers.rb new file mode 100644 index 00000000000..f097618cd3b --- /dev/null +++ b/spec/support/helpers/acme_helpers.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module AcmeHelpers + DIRECTORY = 'https://acme-staging-v02.api.letsencrypt.org/directory' + NEW_NONCE_URL = 'https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' + + def stub_directory + response = <<-EOF +{ + "eQ3fEKjOSxE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", + "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", + "meta": { + "caaIdentities": [ + "letsencrypt.org" + ], + "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", + "website": "https://letsencrypt.org/docs/staging-environment/" + }, + "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", + "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", + "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", + "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert" +} +EOF + stub_request(:get, Gitlab::AcmeClient::STAGING_DIRECTORY_URL) + .to_return(status: 200, body: response, headers: {}) + + stub_request(:head, NEW_NONCE_URL) + .to_return(status: 200, body: "", headers: {}) + end +end |