Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add `SCEPCHALLENGE` as valid webhook type in admin API

Browse Source
pull/1366/head
Herman Slatman 1 year ago
parent 419478d1e5
commit ad4d8e6c68
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
3 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File

4
authority/admin/api/webhook.go
Unescape Escape View File

@ -57,9 +57,9 @@ func validateWebhook(webhook *linkedca.Webhook) error {
// kind
switch webhook.Kind {
case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING:
case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING, linkedca.Webhook_SCEPCHALLENGE:
default:
return admin.NewError(admin.ErrorBadRequestType, "webhook kind is invalid")
return admin.NewError(admin.ErrorBadRequestType, "webhook kind %q is invalid", webhook.Kind)
}
return nil

20
authority/admin/api/webhook_test.go
Unescape Escape View File

@ -180,6 +180,26 @@ func TestWebhookAdminResponder_CreateProvisionerWebhook(t *testing.T) {
statusCode: 400,
}
},
"fail/unsupported-webhook-kind": func(t *testing.T) test {
prov := &linkedca.Provisioner{
Name: "provName",
}
ctx := linkedca.NewContextWithProvisioner(context.Background(), prov)
adminErr := admin.NewError(admin.ErrorBadRequestType, `(line 5:13): invalid value for enum type: "UNSUPPORTED"`)
adminErr.Message = `(line 5:13): invalid value for enum type: "UNSUPPORTED"`
body := []byte(`
{
"name": "metadata",
"url": "https://example.com",
"kind": "UNSUPPORTED",
}`)
return test{
ctx: ctx,
body: body,
err: adminErr,
statusCode: 400,
}
},
"fail/auth.UpdateProvisioner-error": func(t *testing.T) test {
adm := &linkedca.Admin{
Subject: "step",

7
scep/api/webhook/webhook.go
Unescape Escape View File

@ -54,8 +54,11 @@ func (c *Controller) Validate(ctx context.Context, challenge string) error {
return provisioner.ErrWebhookDenied
}
// isCertTypeOK returns whether or not the webhook is for X.509
// certificates.
// isCertTypeOK returns whether or not the webhook can be used
// with the SCEP challenge validation webhook controller.
func (c *Controller) isCertTypeOK(wh *provisioner.Webhook) bool {
if wh.CertType == linkedca.Webhook_ALL.String() || wh.CertType == "" {
return true
}
return linkedca.Webhook_X509.String() == wh.CertType
}

Write Preview
Loading…
Cancel
Save