Fix webroot path param

Author: kea

README.md

@@ -24,7 +24,7 @@ The command `unitc` should be installed and executable.
     ```
     install and configure this plugin
     ```
-    sudo snap install --classic certbot-nginx-unit 
+    sudo snap install certbot-nginx-unit 
     sudo snap set certbot trust-plugin-with-root=ok
     sudo snap connect certbot:plugin certbot-nginx-unit
     ```
@@ -85,7 +85,7 @@ Configure the unit listener with `*:80` or `*:443`
 Now, generate and automatically install the certificate with
 
 ```
-# certbot --configurator nginx_unit -d www.myapp.com
+# certbot --configurator nginx-unit -d www.myapp.com
 ```
 
 The result is a certificate created and installed. 
@@ -157,8 +157,8 @@ Certbot installs a timer on the system to renew certificates one month before th
 You can run the certbot command for each domain
 
 ```
-# certbot --configurator nginx_unit -d www.myapp1.com
-# certbot --configurator nginx_unit -d www.myapp2.com
+# certbot --configurator nginx-unit -d www.myapp1.com
+# certbot --configurator nginx-unit -d www.myapp2.com
 # unitc '/config/listeners/*:443' 
 ```
 

certbot_nginx_unit/configurator.py

@@ -5,6 +5,7 @@
 
 """
 import collections
+import copy
 import json
 import logging
 from datetime import datetime
@@ -128,9 +129,7 @@ def _ensure_tls_listener(self):
         if "*:443" not in self._configuration["listeners"]:
             if "*:80" not in self._configuration["listeners"]:
                 raise errors.PluginError("No '*:80' default listeners configured")
-            self._configuration["listeners"]["*:443"] = self._configuration["listeners"]["*:80"]
-            new_route = self._ensure_acme_route(self._configuration["listeners"]["*:443"]["pass"])
-            self._configuration["listeners"]["*:80"] = {"pass": new_route}
+            self._configuration["listeners"]["*:443"] = copy.deepcopy(self._configuration["listeners"]["*:80"])
 
         if "tls" not in self._configuration["listeners"]["*:443"]:
             self._configuration["listeners"]["*:443"]["tls"] = {}
@@ -157,12 +156,11 @@ def _ensure_challenge_listener(self):
         self.unitc.put(listener_route, default_route.encode(), success_message, error_message)
 
     def _ensure_acme_route(self, actual_route: str) -> str:
-        acme_challenge_url = "/.well-known/acme-challenge/*"
-        acme_base_path = "/srv/www/unit"
+        acme_challenge_url = "/" + challenges.HTTP01.URI_ROOT_PATH + "/*"
         acme_route = [
             {
                 "match": {"uri": acme_challenge_url},
-                "action": {"share": acme_base_path + "/$uri"},
+                "action": {"share": self._challenge_path + "/$uri"},
             }
         ]
         if actual_route != "routes" and actual_route != "routes/acme":
@@ -190,8 +188,8 @@ def _ensure_acme_route(self, actual_route: str) -> str:
             raise errors.PluginError("Cannot configure the routes: unknown route[0] type")
 
         first_route = self._configuration["routes"][0]
-        if "match" in first_route and "uri" in first_route["match"] and first_route["match"][
-            "uri"] == acme_challenge_url:
+        if ("match" in first_route and "uri" in first_route["match"]
+                and first_route["match"]["uri"] == acme_challenge_url):
             return "routes"
 
         routes = acme_route + self._configuration["routes"]
@@ -255,9 +253,9 @@ def get_chall_pref(self, domain: str) -> Iterable[Type[challenges.Challenge]]:
         # pylint: disable=unused-argument,missing-function-docstring
         return [challenges.HTTP01]
 
-    def perform(self, achalls: List[AnnotatedChallenge]) -> List[
-        challenges.ChallengeResponse]:  # pylint: disable=missing-function-docstring
+    def perform(self, achalls: List[AnnotatedChallenge]) -> List[challenges.ChallengeResponse]:
 
+        self.prepare()
         self._set_webroot(achalls)
         self._create_challenge_dir()
 
@@ -268,7 +266,7 @@ def perform(self, achalls: List[AnnotatedChallenge]) -> List[
     def _set_webroot(self, achalls: Iterable[AnnotatedChallenge]) -> None:
         webroot_path = '/srv/www/unit/'
         if self.conf("path"):
-            webroot_path = self.conf("path")[-1]
+            webroot_path = self.conf("path")
 
         logger.info("Using the webroot path %s for all domains.", webroot_path)
 

certbot_nginx_unit/tests/configurator_test.py

@@ -128,6 +128,7 @@ def get_nginx_unit_configurator(self, logs_dir):
 
         backups = os.path.join(logs_dir, "backups")
         self.configuration.backup_dir = backups
+        self.configuration.nginx_unit_path = logs_dir
 
         return Configurator(self.configuration, name="nginx_unit")
 
@@ -181,15 +182,43 @@ def test_only_80_listener_configuration(self, unitc_mock):
             'Certificate deployed',
             'nginx unit copy to /certificates failed'
         )
-        unitc_mock.put.assert_any_call(
-            '/config/routes',
-            b'[{"match": {"uri": "/.well-known/acme-challenge/*"}, "action": {"share": "/srv/www/unit/$uri"}}, {"action": {"share": "/srv/www/unit/index.html"}}]'
-        )
+
+        print(unitc_mock.put.mock_calls)
         unitc_mock.put.assert_any_call(
             '/config/listeners',
-            b'{"*:80": {"pass": "routes"}, "*:443": {"pass": "routes", "tls": {"certificate": ["domain_' + entropy.encode() + b'"]}}}',
+            b'{"*:80": {"pass": "routes"}, "*:443": {"pass": "routes", "tls": {"certificate": ["domain_' +
+            entropy.encode() + b'"]}}}',
             put_success_message,
             put_error_message
         )
 
         notify.stop()
+
+    @mock.patch('certbot_nginx_unit.unitc')
+    @mock.patch('certbot.achallenges.AnnotatedChallenge')
+    def test_authenticate(self, unitc_mock, challenge_mock):
+        unitc_mock.get.side_effect = get_configuration_side_effect_80_listener
+        unitc_mock.put.side_effect = put_configuration_side_effect_80_listener
+
+        challenge_mock.response_and_validation.return_value = ("response", "validation")
+        challenge_mock.chall.encode.return_value = "token"
+
+        webroot = self.configuration.nginx_unit_path.encode()
+        configurator = self.config
+        configurator.unitc = unitc_mock
+        notify = mock.patch('certbot.display.util.notify')
+        notify.start()
+
+        assert ["response"] == configurator.perform([challenge_mock])
+
+        get_success_message = 'Get configuration'
+        get_error_message = 'nginx unit get configuration failed'
+
+        unitc_mock.get.assert_any_call("/config", get_success_message, get_error_message)
+        unitc_mock.put.assert_any_call(
+            '/config/routes',
+            b'[{"match": {"uri": "/.well-known/acme-challenge/*"}, "action": {"share": "' +
+            webroot + b'/$uri"}}, {"action": {"share": "/srv/www/unit/index.html"}}]'
+        )
+
+        notify.stop()