wfe: orders link to authz IDs with acccount (letsencrypt#7790)

This means that most traffic will go to the authz URLs with account. After this has been deployed for 30 days (the max lifetime of an order), we can remove support for the old paths. Part of letsencrypt#7683
syaifulnizamiphone7 · Nov 15, 2024 · 56f0ed6 · 56f0ed6
1 parent 0d70b12
commit 56f0ed6
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 15 deletions.
diff --git a/test/integration/otel_test.go b/test/integration/otel_test.go
@@ -222,8 +222,8 @@ func TestTraces(t *testing.T) {
 			httpSpan("/acme/new-acct",
 				redisPipelineSpan("get", wfe)),
 			httpSpan("/acme/new-order"),
-			httpSpan("/acme/authz-v3/"),
-			httpSpan("/acme/chall-v3/"),
+			httpSpan("/acme/authz/"),
+			httpSpan("/acme/chall/"),
 			httpSpan("/acme/finalize/",
 				rpcSpan("ra.RegistrationAuthority/FinalizeOrder", wfe, ra,
 					rpcSpan("ca.CertificateAuthority/IssueCertificateForPrecertificate", ra, ca))),

diff --git a/wfe2/wfe.go b/wfe2/wfe.go
@@ -2082,7 +2082,7 @@ func (wfe *WebFrontEndImpl) orderToOrderJSON(request *http.Request, order *corep
 		respObj.Error.Type = probs.ErrorNS + respObj.Error.Type
 	}
 	for _, v2ID := range order.V2Authorizations {
-		respObj.Authorizations = append(respObj.Authorizations, web.RelativeEndpoint(request, fmt.Sprintf("%s%d", authzPath, v2ID)))
+		respObj.Authorizations = append(respObj.Authorizations, web.RelativeEndpoint(request, fmt.Sprintf("%s%d/%d", authzPathWithAcct, order.RegistrationID, v2ID)))
 	}
 	if respObj.Status == core.StatusValid {
 		certURL := web.RelativeEndpoint(request,

diff --git a/wfe2/wfe_test.go b/wfe2/wfe_test.go
@@ -2925,7 +2925,7 @@ func TestNewOrder(t *testing.T) {
 					{ "type": "dns", "value": "thisreallylongexampledomainisabytelongerthanthemaxcnbytelimit.com"}
 				],
 				"authorizations": [
-					"http://localhost/acme/authz-v3/1"
+					"http://localhost/acme/authz/1/1"
 				],
 				"finalize": "http://localhost/acme/finalize/1/1"
 			}`,
@@ -2942,7 +2942,7 @@ func TestNewOrder(t *testing.T) {
 					{ "type": "dns", "value": "thisreallylongexampledomainisabytelongerthanthemaxcnbytelimit.com"}
 				],
 				"authorizations": [
-					"http://localhost/acme/authz-v3/1"
+					"http://localhost/acme/authz/1/1"
 				],
 				"finalize": "http://localhost/acme/finalize/1/1"
 			}`,
@@ -2959,7 +2959,7 @@ func TestNewOrder(t *testing.T) {
 							{ "type": "dns", "value": "www.not-example.com"}
 						],
 						"authorizations": [
-							"http://localhost/acme/authz-v3/1"
+							"http://localhost/acme/authz/1/1"
 						],
 						"finalize": "http://localhost/acme/finalize/1/1"
 					}`,
@@ -2976,7 +2976,7 @@ func TestNewOrder(t *testing.T) {
 							{ "type": "dns", "value": "www.not-example.com"}
 						],
 						"authorizations": [
-							"http://localhost/acme/authz-v3/1"
+							"http://localhost/acme/authz/1/1"
 						],
 						"finalize": "http://localhost/acme/finalize/1/1"
 					}`,
@@ -3116,7 +3116,7 @@ func TestFinalizeOrder(t *testing.T) {
   ],
 	"profile": "default",
   "authorizations": [
-    "http://localhost/acme/authz-v3/1"
+    "http://localhost/acme/authz/1/1"
   ],
   "finalize": "http://localhost/acme/finalize/1/8"
 }`,
@@ -3285,7 +3285,7 @@ func TestGetOrder(t *testing.T) {
 		{
 			Name:     "Good request",
 			Request:  makeGet("1/1"),
-			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
+			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
 		},
 		{
 			Name:     "404 request",
@@ -3330,7 +3330,7 @@ func TestGetOrder(t *testing.T) {
 		{
 			Name:     "Valid POST-as-GET",
 			Request:  makePost(1, "1/1", ""),
-			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
+			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/1","certificate":"http://localhost/acme/cert/serial"}`,
 		},
 		{
 			Name:     "GET new order",
@@ -3341,17 +3341,17 @@ func TestGetOrder(t *testing.T) {
 		{
 			Name:     "GET new order from old endpoint",
 			Request:  makeGet("1/9"),
-			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
+			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
 		},
 		{
 			Name:     "POST-as-GET new order",
 			Request:  makePost(1, "1/9", ""),
-			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
+			Response: `{"status": "valid","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/9","certificate":"http://localhost/acme/cert/serial"}`,
 		},
 		{
 			Name:     "POST-as-GET processing order",
 			Request:  makePost(1, "1/10", ""),
-			Response: `{"status": "processing","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz-v3/1"],"finalize":"http://localhost/acme/finalize/1/10"}`,
+			Response: `{"status": "processing","expires": "2000-01-01T00:00:00Z","identifiers":[{"type":"dns", "value":"example.com"}], "profile": "default", "authorizations":["http://localhost/acme/authz/1/1"],"finalize":"http://localhost/acme/finalize/1/10"}`,
 			Headers:  map[string]string{"Retry-After": "3"},
 		},
 	}
@@ -3912,8 +3912,8 @@ func TestOrderToOrderJSONV2Authorizations(t *testing.T) {
 		V2Authorizations: []int64{1, 2},
 	})
 	test.AssertDeepEquals(t, orderJSON.Authorizations, []string{
-		"http://localhost/acme/authz-v3/1",
-		"http://localhost/acme/authz-v3/2",
+		"http://localhost/acme/authz/1/1",
+		"http://localhost/acme/authz/1/2",
 	})
 }