Merge pull request #212 from letsencrypt/patch_auth_handler_cleanup

Patch auth handler cleanup

letsencrypt/client/auth_handler.py

@@ -123,7 +123,12 @@ class AuthHandler(object):  # pylint: disable=too-many-instance-attributes
             self._cleanup_challenges(domain)
 
     def _satisfy_challenges(self):
-        """Attempt to satisfy all saved challenge messages."""
+        """Attempt to satisfy all saved challenge messages.
+
+        .. todo:: It might be worth it to try different challenges to
+            find one that doesn't throw an exception
+
+        """
         logging.info("Performing the following challenges:")
         for dom in self.domains:
             self.paths[dom] = gen_challenge_path(
@@ -143,8 +148,19 @@ class AuthHandler(object):  # pylint: disable=too-many-instance-attributes
             flat_client.extend(ichall.chall for ichall in self.client_c[dom])
             flat_auth.extend(ichall.chall for ichall in self.dv_c[dom])
 
-        client_resp = self.client_auth.perform(flat_client)
-        dv_resp = self.dv_auth.perform(flat_auth)
+        try:
+            client_resp = self.client_auth.perform(flat_client)
+            dv_resp = self.dv_auth.perform(flat_auth)
+        # This will catch both specific types of errors.
+        except errors.LetsEncryptAuthHandlerError as err:
+            logging.critical("Failure in setting up challenges:")
+            logging.critical(str(err))
+            logging.info("Attempting to clean up outstanding challenges...")
+            for dom in self.domains:
+                self._cleanup_challenges(dom)
+
+            raise errors.LetsEncryptAuthHandlerError(
+                "Unable to perform challenges")
 
         logging.info("Ready for verification...")
 
@@ -191,8 +207,12 @@ class AuthHandler(object):  # pylint: disable=too-many-instance-attributes
 
         """
         logging.info("Cleaning up challenges for %s", domain)
-        self.dv_auth.cleanup(self.dv_c[domain])
-        self.client_auth.cleanup(self.client_c[domain])
+        # These are indexed challenges... give just the challenges to the auth
+        # Chose to make these lists instead of a generator to make it easier to
+        # work with...
+        self.dv_auth.cleanup([ichall.chall for ichall in self.dv_c[domain]])
+        self.client_auth.cleanup(
+            [ichall.chall for ichall in self.client_c[domain]])
 
     def _cleanup_state(self, delete_list):
         """Cleanup state after an authorization is received.
@@ -279,8 +299,7 @@ class AuthHandler(object):  # pylint: disable=too-many-instance-attributes
 
         elif chall["type"] == "dns":
             logging.info("  DNS challenge for name %s.", domain)
-            return challenge_util.DnsChall(
-                domain, str(chall["token"]), self.authkey[domain])
+            return challenge_util.DnsChall(domain, str(chall["token"]))
 
         else:
             raise errors.LetsEncryptClientError(

letsencrypt/client/challenge_util.py

@@ -13,7 +13,7 @@ from letsencrypt.client import le_util
 DvsniChall = collections.namedtuple("DvsniChall", "domain, r_b64, nonce, key")
 SimpleHttpsChall = collections.namedtuple(
     "SimpleHttpsChall", "domain, token, key")
-DnsChall = collections.namedtuple("DnsChall", "domain, token, key")
+DnsChall = collections.namedtuple("DnsChall", "domain, token")
 
 # Client Challenges
 RecContactChall = collections.namedtuple(

letsencrypt/client/errors.py

@@ -9,6 +9,7 @@ class LetsEncryptReverterError(LetsEncryptClientError):
     """Let's Encrypt Reverter error."""
 
 
+# Auth Handler Errors
 class LetsEncryptAuthHandlerError(LetsEncryptClientError):
     """Let's Encrypt Auth Handler error."""
 
@@ -17,6 +18,16 @@ class LetsEncryptClientAuthError(LetsEncryptAuthHandlerError):
     """Let's Encrypt Client Authenticator error."""
 
 
+class LetsEncryptDvAuthError(LetsEncryptAuthHandlerError):
+    """Let's Encrypt DV Authenticator error."""
+
+
+# Authenticator - Challenge specific errors
+class LetsEncryptDvsniError(LetsEncryptDvAuthError):
+    """Let's Encrypt DVSNI error."""
+
+
+# Configurator Errors
 class LetsEncryptConfiguratorError(LetsEncryptClientError):
     """Let's Encrypt Configurator error."""
 
@@ -28,6 +39,3 @@ class LetsEncryptNoInstallationError(LetsEncryptConfiguratorError):
 class LetsEncryptMisconfigurationError(LetsEncryptConfiguratorError):
     """Let's Encrypt Misconfiguration error."""
 
-
-class LetsEncryptDvsniError(LetsEncryptConfiguratorError):
-    """Let's Encrypt DVSNI error."""

letsencrypt/client/tests/auth_handler_test.py

@@ -1,8 +1,10 @@
 """Tests for letsencrypt.client.auth_handler."""
+import logging
 import unittest
 
 import mock
 
+from letsencrypt.client import challenge_util
 from letsencrypt.client import errors
 from letsencrypt.client.tests import acme_util
 
@@ -35,6 +37,11 @@ class SatisfyChallengesTest(unittest.TestCase):
         self.handler = AuthHandler(
             self.mock_dv_auth, self.mock_client_auth, None)
 
+        logging.disable(logging.CRITICAL)
+
+    def tearDown(self):
+        logging.disable(logging.NOTSET)
+
     def test_name1_dvsni1(self):
         dom = "0"
         challenge = [acme_util.CHALLENGES["dvsni"]]
@@ -54,7 +61,7 @@ class SatisfyChallengesTest(unittest.TestCase):
 
     def test_name5_dvsni5(self):
         challenge = [acme_util.CHALLENGES["dvsni"]]
-        for i in range(5):
+        for i in xrange(5):
             self.handler.add_chall_msg(
                 str(i),
                 acme_util.get_chall_msg(str(i), "nonce%d" % i, challenge),
@@ -67,14 +74,14 @@ class SatisfyChallengesTest(unittest.TestCase):
         self.assertEqual(len(self.handler.client_c), 5)
         # Each message contains 1 auth, 0 client
 
-        for i in range(5):
+        for i in xrange(5):
             dom = str(i)
             self.assertEqual(len(self.handler.responses[dom]), 1)
             self.assertEqual(self.handler.responses[dom][0], "DvsniChall%d" % i)
             self.assertEqual(len(self.handler.dv_c[dom]), 1)
             self.assertEqual(len(self.handler.client_c[dom]), 0)
-            self.assertEqual(
-                type(self.handler.dv_c[dom][0].chall).__name__, "DvsniChall")
+            self.assertTrue(isinstance(self.handler.dv_c[dom][0].chall,
+                                       challenge_util.DvsniChall))
 
     @mock.patch("letsencrypt.client.auth_handler.gen_challenge_path")
     def test_name1_auth(self, mock_chall_path):
@@ -102,8 +109,8 @@ class SatisfyChallengesTest(unittest.TestCase):
 
         self.assertEqual(len(self.handler.dv_c[dom]), 1)
         self.assertEqual(len(self.handler.client_c[dom]), 0)
-        self.assertEqual(
-            type(self.handler.dv_c[dom][0].chall).__name__, "SimpleHttpsChall")
+        self.assertTrue(isinstance(self.handler.dv_c[dom][0].chall,
+                                   challenge_util.SimpleHttpsChall))
 
     @mock.patch("letsencrypt.client.auth_handler.gen_challenge_path")
     def test_name1_all(self, mock_chall_path):
@@ -131,16 +138,16 @@ class SatisfyChallengesTest(unittest.TestCase):
         self.assertEqual(
             self.handler.responses[dom],
             self._get_exp_response(dom, path, challenges))
-        self.assertEqual(
-            type(self.handler.dv_c[dom][0].chall).__name__, "SimpleHttpsChall")
-        self.assertEqual(
-            type(self.handler.client_c[dom][0].chall).__name__, "RecTokenChall")
+        self.assertTrue(isinstance(self.handler.dv_c[dom][0].chall,
+                                   challenge_util.SimpleHttpsChall))
+        self.assertTrue(isinstance(self.handler.client_c[dom][0].chall,
+                                   challenge_util.RecTokenChall))
 
     @mock.patch("letsencrypt.client.auth_handler.gen_challenge_path")
     def test_name5_all(self, mock_chall_path):
         challenges = acme_util.get_challenges()
         combos = acme_util.gen_combos(challenges)
-        for i in range(5):
+        for i in xrange(5):
             self.handler.add_chall_msg(
                 str(i),
                 acme_util.get_chall_msg(
@@ -153,7 +160,7 @@ class SatisfyChallengesTest(unittest.TestCase):
         self.handler._satisfy_challenges()  # pylint: disable=protected-access
 
         self.assertEqual(len(self.handler.responses), 5)
-        for i in range(5):
+        for i in xrange(5):
             self.assertEqual(
                 len(self.handler.responses[str(i)]), len(challenges))
         self.assertEqual(len(self.handler.dv_c), 5)
@@ -167,11 +174,10 @@ class SatisfyChallengesTest(unittest.TestCase):
             self.assertEqual(len(self.handler.dv_c[dom]), 1)
             self.assertEqual(len(self.handler.client_c[dom]), 1)
 
-            self.assertEqual(
-                type(self.handler.dv_c[dom][0].chall).__name__, "DvsniChall")
-            self.assertEqual(
-                type(self.handler.client_c[dom][0].chall).__name__,
-                "RecContactChall")
+            self.assertTrue(isinstance(self.handler.dv_c[dom][0].chall,
+                                       challenge_util.DvsniChall))
+            self.assertTrue(isinstance(self.handler.client_c[dom][0].chall,
+                                       challenge_util.RecContactChall))
 
     @mock.patch("letsencrypt.client.auth_handler.gen_challenge_path")
     def test_name5_mix(self, mock_chall_path):
@@ -188,7 +194,7 @@ class SatisfyChallengesTest(unittest.TestCase):
                           acme_util.get_challenges()]
 
         # Combos doesn't matter since I am overriding the gen_path function
-        for i in range(5):
+        for i in xrange(5):
             dom = str(i)
             paths.append(gen_path(chosen_chall[i], challenge_list[i]))
             self.handler.add_chall_msg(
@@ -205,7 +211,7 @@ class SatisfyChallengesTest(unittest.TestCase):
         self.assertEqual(len(self.handler.dv_c), 5)
         self.assertEqual(len(self.handler.client_c), 5)
 
-        for i in range(5):
+        for i in xrange(5):
             dom = str(i)
             resp = self._get_exp_response(i, paths[i], challenge_list[i])
             self.assertEqual(self.handler.responses[dom], resp)
@@ -213,21 +219,66 @@ class SatisfyChallengesTest(unittest.TestCase):
             self.assertEqual(
                 len(self.handler.client_c[dom]), len(chosen_chall[i]) - 1)
 
-        self.assertEqual(
-            type(self.handler.dv_c["0"][0].chall).__name__, "DnsChall")
-        self.assertEqual(
-            type(self.handler.dv_c["1"][0].chall).__name__, "DvsniChall")
-        self.assertEqual(
-            type(self.handler.dv_c["2"][0].chall).__name__, "SimpleHttpsChall")
-        self.assertEqual(
-            type(self.handler.dv_c["3"][0].chall).__name__, "SimpleHttpsChall")
-        self.assertEqual(
-            type(self.handler.dv_c["4"][0].chall).__name__, "DnsChall")
+        self.assertTrue(isinstance(self.handler.dv_c["0"][0].chall,
+                                   challenge_util.DnsChall))
+        self.assertTrue(isinstance(self.handler.dv_c["1"][0].chall,
+                                   challenge_util.DvsniChall))
+        self.assertTrue(isinstance(self.handler.dv_c["2"][0].chall,
+                                   challenge_util.SimpleHttpsChall))
+        self.assertTrue(isinstance(self.handler.dv_c["3"][0].chall,
+                                   challenge_util.SimpleHttpsChall))
+        self.assertTrue(isinstance(self.handler.dv_c["4"][0].chall,
+                                   challenge_util.DnsChall))
+
+        self.assertTrue(isinstance(self.handler.client_c["2"][0].chall,
+                                   challenge_util.PopChall))
+        self.assertTrue(isinstance(self.handler.client_c["4"][0].chall,
+                                   challenge_util.RecTokenChall))
+
+    @mock.patch("letsencrypt.client.auth_handler.gen_challenge_path")
+    def test_perform_exception_cleanup(self, mock_chall_path):
+        """3 Challenge messages... fail perform... clean up."""
+        # pylint: disable=protected-access
+        self.mock_dv_auth.perform.side_effect = errors.LetsEncryptDvsniError
+
+        challenges = acme_util.get_challenges()
+        combos = acme_util.gen_combos(challenges)
+
+        for i in xrange(3):
+            self.handler.add_chall_msg(
+                str(i),
+                acme_util.get_chall_msg(
+                    str(i), "nonce%d" % i, challenges, combos),
+                "dummy_key")
+
+        mock_chall_path.return_value = gen_path(
+            ["dvsni", "proofOfPossession"], challenges)
+
+        # This may change in the future... but for now catch the error
+        self.assertRaises(errors.LetsEncryptAuthHandlerError,
+                          self.handler._satisfy_challenges)
+
+        # Verify cleanup is actually run correctly
+        self.assertEqual(self.mock_dv_auth.cleanup.call_count, 3)
+        self.assertEqual(self.mock_client_auth.cleanup.call_count, 3)
+
+        # Check DV cleanup
+        mock_cleanup_args = self.mock_dv_auth.cleanup.call_args_list
+        for i in xrange(3):
+            # Assert length of arg list was 1
+            arg_chall_list = mock_cleanup_args[i][0][0]
+            self.assertEqual(len(arg_chall_list), 1)
+            self.assertTrue(isinstance(arg_chall_list[0],
+                                       challenge_util.DvsniChall))
+
+        # Check Auth cleanup
+        mock_cleanup_args = self.mock_client_auth.cleanup.call_args_list
+        for i in xrange(3):
+            arg_chall_list = mock_cleanup_args[i][0][0]
+            self.assertEqual(len(arg_chall_list), 1)
+            self.assertTrue(isinstance(arg_chall_list[0],
+                                       challenge_util.PopChall))
 
-        self.assertEqual(
-            type(self.handler.client_c["2"][0].chall).__name__, "PopChall")
-        self.assertEqual(
-            type(self.handler.client_c["4"][0].chall).__name__, "RecTokenChall")
 
     def _get_exp_response(self, domain, path, challenges):  # pylint: disable=no-self-use
         exp_resp = ["null"] * len(challenges)
@@ -259,7 +310,7 @@ class GetAuthorizationsTest(unittest.TestCase):
     def test_solved3_at_once(self):
         # Set 3 DVSNI challenges
         challenge = [acme_util.CHALLENGES["dvsni"]]
-        for i in range(3):
+        for i in xrange(3):
             self.handler.add_chall_msg(
                 str(i),
                 acme_util.get_chall_msg(str(i), "nonce%d" % i, challenge),
@@ -277,7 +328,7 @@ class GetAuthorizationsTest(unittest.TestCase):
         self._test_finished()
 
     def _sat_solved_at_once(self):
-        for i in range(3):
+        for i in xrange(3):
             dom = str(i)
             self.handler.responses[dom] = ["DvsniChall%d" % i]
             self.handler.paths[dom] = [0]
@@ -314,7 +365,7 @@ class GetAuthorizationsTest(unittest.TestCase):
         challs = []
         challs.append(acme_util.get_challenges())
         challs.append(acme_util.get_dv_challenges())
-        for i in range(2):
+        for i in xrange(2):
             dom = str(i)
             self.handler.add_chall_msg(
                 dom,
@@ -388,7 +439,7 @@ class PathSatisfiedTest(unittest.TestCase):
         self.handler.paths[dom[4]] = []
         self.handler.responses[dom[4]] = ["respond... sure"]
 
-        for i in range(5):
+        for i in xrange(5):
             self.assertTrue(self.handler._path_satisfied(dom[i]))
 
     def test_not_satisfied(self):
@@ -405,16 +456,25 @@ class PathSatisfiedTest(unittest.TestCase):
         self.handler.paths[dom[3]] = [0]
         self.handler.responses[dom[3]] = ["null"]
 
-        for i in range(4):
+        for i in xrange(4):
             self.assertFalse(self.handler._path_satisfied(dom[i]))
 
 
-def gen_auth_resp(chall_list):  # pylint: disable=missing-docstring
+def gen_auth_resp(chall_list):
+    """Generate a dummy authorization response."""
     return ["%s%s" % (type(chall).__name__, chall.domain)
             for chall in chall_list]
 
 
-def gen_path(str_list, challenges):  # pylint: disable=missing-docstring
+def gen_path(str_list, challenges):
+    """Generate a path for challenge messages
+
+    :param list str_list: challenge message types (:class:`str`)
+    :param dict challenges: ACME challenge messages
+
+    :return: :class:`list` of :class:`int`
+
+    """
     path = []
     for i, chall in enumerate(challenges):
         for str_chall in str_list: