Directly handle unexpected non-JSON results.

ansible-collections · Dec 7, 2023 · 4456c28 · 4456c28
1 parent 4e5966e
commit 4456c28
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/changelogs/fragments/682-acme-errors.yml b/changelogs/fragments/682-acme-errors.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "acme_* modules - directly react on bad return data for account creation/retrieval/updating requests (https://github.com/ansible-collections/community.crypto/pull/682)."
diff --git a/plugins/module_utils/acme/account.py b/plugins/module_utils/acme/account.py
@@ -9,6 +9,8 @@
 __metaclass__ = type
 
 
+from ansible.module_utils.common._collections_compat import Mapping
+
 from ansible_collections.community.crypto.plugins.module_utils.acme.errors import (
     ACMEProtocolException,
     ModuleFailException,
@@ -96,6 +98,9 @@ def _new_reg(self, contact=None, agreement=None, terms_agreed=False, allow_creat
                 )
 
         result, info = self.client.send_signed_request(url, new_reg, fail_on_error=False)
+        if not isinstance(result, Mapping):
+            raise ACMEProtocolException(
+                self.client.module, msg='Invalid account creation reply from ACME server', info=info, content=result)
 
         if info['status'] in ([200, 201] if self.client.version == 1 else [201]):
             # Account did not exist
@@ -154,6 +159,9 @@ def get_account_data(self):
                 # retry as a regular POST (with no changed data) for pre-draft-15 ACME servers
                 data = {}
                 result, info = self.client.send_signed_request(self.client.account_uri, data, fail_on_error=False)
+        if not isinstance(result, Mapping):
+            raise ACMEProtocolException(
+                self.client.module, msg='Invalid account data retrieved from ACME server', info=info, content=result)
         if info['status'] in (400, 403) and result.get('type') == 'urn:ietf:params:acme:error:unauthorized':
             # Returned when account is deactivated
             return None
@@ -248,5 +256,9 @@ def update_account(self, account_data, contact=None):
         else:
             if self.client.version == 1:
                 update_request['resource'] = 'reg'
-            account_data, dummy = self.client.send_signed_request(self.client.account_uri, update_request)
+            account_data, info = self.client.send_signed_request(self.client.account_uri, update_request)
+            if not isinstance(account_data, Mapping):
+                raise ACMEProtocolException(
+                    self.client.module, msg='Invalid account updating reply from ACME server', info=info, content=account_data)
+
         return True, account_data