Implement account deactivation. (#111)

ACME v11 is not very clear about the problem returned after the account has been deactivated: > Once an account is deactivated, the server MUST NOT accept further > requests authorized by that account's key. This change assumes that any further request that requires to check the account will return an unauthorized error. That might be something to ammend in the ACME spec. - Return a malformed problem if the status is not deactivated or the current account status. Signed-off-by: David Calavera <[email protected]>
letsencrypt · Apr 16, 2018 · 1688a1b · 1688a1b
1 parent cae1c35
commit 1688a1b
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 12 deletions.
diff --git a/acme/common.go b/acme/common.go
@@ -4,10 +4,11 @@ package acme
 type Resource string
 
 const (
-	StatusPending    = "pending"
-	StatusInvalid    = "invalid"
-	StatusValid      = "valid"
-	StatusProcessing = "processing"
+	StatusPending     = "pending"
+	StatusInvalid     = "invalid"
+	StatusValid       = "valid"
+	StatusProcessing  = "processing"
+	StatusDeactivated = "deactivated"
 
 	IdentifierDNS = "dns"
 

diff --git a/wfe/wfe.go b/wfe/wfe.go
@@ -587,6 +587,7 @@ func (wfe *WebFrontEndImpl) UpdateAccount(
 	// updateAcctReq is the ACME account information submitted by the client
 	var updateAcctReq struct {
 		Contact []string `json:"contact"`
+		Status  string   `json:"status,omitempty"`
 	}
 	err := json.Unmarshal(body, &updateAcctReq)
 	if err != nil {
@@ -601,9 +602,9 @@ func (wfe *WebFrontEndImpl) UpdateAccount(
 		return
 	}
 
-	// if this update contains no contacts, simply return the existing account
-	// and return early.
-	if len(updateAcctReq.Contact) == 0 {
+	// if this update contains no contacts or deactivated status,
+	// simply return the existing account and return early.
+	if len(updateAcctReq.Contact) == 0 && updateAcctReq.Status != acme.StatusDeactivated {
 		err = wfe.writeJsonResponse(response, http.StatusOK, existingAcct)
 		if err != nil {
 			wfe.sendError(acme.InternalErrorProblem("Error marshalling account"), response)
@@ -623,12 +624,22 @@ func (wfe *WebFrontEndImpl) UpdateAccount(
 		ID:  existingAcct.ID,
 	}
 
-	newAcct.Contact = updateAcctReq.Contact
-	// Verify that the contact information provided is supported & valid
-	prob = wfe.verifyContacts(newAcct.Account)
-	if prob != nil {
-		wfe.sendError(prob, response)
+	switch {
+	case updateAcctReq.Status == acme.StatusDeactivated:
+		newAcct.Status = updateAcctReq.Status
+	case updateAcctReq.Status != "" && updateAcctReq.Status != newAcct.Status:
+		wfe.sendError(
+			acme.MalformedProblem(fmt.Sprintf(
+				"Invalid account status: %q", updateAcctReq.Status)), response)
 		return
+	case len(updateAcctReq.Contact) > 0:
+		newAcct.Contact = updateAcctReq.Contact
+		// Verify that the contact information provided is supported & valid
+		prob = wfe.verifyContacts(newAcct.Account)
+		if prob != nil {
+			wfe.sendError(prob, response)
+			return
+		}
 	}
 
 	err = wfe.db.UpdateAccountByID(existingAcct.ID, newAcct)
@@ -1295,6 +1306,10 @@ func (wfe *WebFrontEndImpl) getAcctByKey(key crypto.PublicKey) (*core.Account, *
 		return nil, acme.AccountDoesNotExistProblem(
 			"URL in JWS 'kid' field does not correspond to an account")
 	}
+
+	if existingAcct.Status == acme.StatusDeactivated {
+		return nil, acme.UnauthorizedProblem("Account has been deactivated")
+	}
 	return existingAcct, nil
 }