Boulder: ReusePendingAuthz feature misuses sa.selectPendingAuthz

Created on 21 Jun 2017  路  2Comments  路  Source: letsencrypt/boulder

sa.selectPendingAuthz is used in NewPendingAuthorization with the query arg WHERE identifier = ? which can return multiple rows. This doesn't work as sa.selectPendingAuthz uses SelectOne which fails if multiple rows are returned.

Quick fix is to add LIMIT 1 to the end of the query arg. Not sure why tests didn't catch this.

kinbug

Most helpful comment

Yep, those both sound correct, thanks for catching.

All 2 comments

Looking at the code we should probably also add a expires > NOW() so we aren't returning expired pending authorizations when a user is trying to create a new one?

Yep, those both sound correct, thanks for catching.

Was this page helpful?
0 / 5 - 0 ratings