Correctly test for existing Certbot redirect when adding an Nginx redirect block (#5192)

* add test that should fail on completion of this PR * fix double redirect problem * update existing test to match new whitespace
2026-05-28 04:34:11 -04:00 · 2017-10-19 14:56:53 -07:00 · 2017-10-19 14:56:53 -07:00 · 3c1dafa9e9
commit 3c1dafa9e9
parent a6cecd784b
2 changed files with 19 additions and 2 deletions
--- a/certbot-nginx/certbot_nginx/configurator.py
+++ b/certbot-nginx/certbot_nginx/configurator.py
@ -30,7 +30,7 @@ from certbot_nginx import parser
 logger = logging.getLogger(__name__)

 REDIRECT_BLOCK = [[
-    ['\n    ', 'if', ' ', '($scheme', ' ', '!=', ' ', '"https") '],
+    ['\n    ', 'if', ' ', '($scheme', ' ', '!=', ' ', '"https")'],
    [['\n        ', 'return', ' ', '301', ' ', 'https://$host$request_uri'],
     '\n    ']
 ], ['\n']]
--- a/certbot-nginx/certbot_nginx/tests/configurator_test.py
+++ b/certbot-nginx/certbot_nginx/tests/configurator_test.py
@ -429,7 +429,7 @@ class NginxConfiguratorTest(util.NginxTest):
        # Test that we successfully add a redirect when there is
        # a listen directive
        expected = [
-            ['if', '($scheme', '!=', '"https") '],
+            ['if', '($scheme', '!=', '"https")'],
            [['return', '301', 'https://$host$request_uri']]
        ]

@ -512,6 +512,23 @@ class NginxConfiguratorTest(util.NginxTest):
        self.assertEqual(mock_logger.info.call_args[0][0],
                'No matching insecure server blocks listening on port %s found.')

+    def test_no_double_redirect(self):
+        # Test that we don't also add the commented redirect if we've just added
+        # a redirect to that vhost this run
+        example_conf = self.config.parser.abs_path('sites-enabled/example.com')
+        self.config.enhance("example.com", "redirect")
+        self.config.enhance("example.org", "redirect")
+
+        unexpected = [
+            ['#', ' Redirect non-https traffic to https'],
+            ['#', ' if ($scheme != "https") {'],
+            ['#', '     return 301 https://$host$request_uri;'],
+            ['#', ' } # managed by Certbot']
+        ]
+        generated_conf = self.config.parser.parsed[example_conf]
+        for line in unexpected:
+            self.assertFalse(util.contains_at_depth(generated_conf, line, 2))
+
    def test_staple_ocsp_bad_version(self):
        self.config.version = (1, 3, 1)
        self.assertRaises(errors.PluginError, self.config.enhance,