Added code to get SSL expiry date so that we can tell people when their certificates expire. by: Giles

gpjt · gpjt · commit 19e7d0e5bd59 · 2018-08-24T17:36:38.000+01:00
diff --git a/pythonanywhere/api.py b/pythonanywhere/api.py
@@ -1,8 +1,9 @@
-from textwrap import dedent
 import getpass
 import os
-from pathlib import Path
 import requests
+from datetime import datetime
+from textwrap import dedent
+from pathlib import Path
 
 from pythonanywhere.exceptions import SanityException
 from pythonanywhere.snakesay import snakesay
@@ -157,3 +158,19 @@ def set_ssl(self, certificate, private_key):
                     response_text=response.text,
                 )
             )
+
+
+    def get_ssl_info(self):
+        url = get_api_endpoint().format(username=getpass.getuser()) + self.domain + '/ssl/'
+        response = call_api(url, 'get')
+        if not response.ok:
+            raise Exception(
+                'GET SSL details via API failed, got {response}:{response_text}'.format(
+                    response=response,
+                    response_text=response.text,
+                )
+            )
+
+        result = response.json()
+        result["not_after"] = datetime.strptime(result["not_after"], "%Y%m%dT%H%M%SZ")
+        return result
diff --git a/scripts/pa_install_webapp_letsencrypt_ssl.py b/scripts/pa_install_webapp_letsencrypt_ssl.py
@@ -18,6 +18,7 @@
 import sys
 
 from pythonanywhere.api import Webapp
+from pythonanywhere.snakesay import snakesay
 
 
 def main(domain_name, suppress_reload):
@@ -40,6 +41,18 @@ def main(domain_name, suppress_reload):
             if not suppress_reload:
                 webapp.reload()
 
+            ssl_details = webapp.get_ssl_info()
+            print(snakesay(
+                "That's all set up now :-)\n"
+                "Your new certificate will expire on {expiry:%d %B %Y},\n"
+                "so shortly before then you should renew it\n"
+                "(see https://help.pythonanywhere.com/pages/LetsEncrypt/)\n"
+                "and install the new certificate".format(
+                    expiry=ssl_details["not_after"]
+                )
+            ))
+
+
             done = True
             break
 
diff --git a/scripts/pa_install_webapp_ssl.py b/scripts/pa_install_webapp_ssl.py
@@ -20,6 +20,7 @@
 import sys
 
 from pythonanywhere.api import Webapp
+from pythonanywhere.snakesay import snakesay
 
 
 def main(domain_name, certificate_file, private_key_file, suppress_reload):
@@ -40,6 +41,16 @@ def main(domain_name, certificate_file, private_key_file, suppress_reload):
     if not suppress_reload:
         webapp.reload()
 
+    ssl_details = webapp.get_ssl_info()
+    print(snakesay(
+        "That's all set up now :-)\n"
+        "Your new certificate will expire on {expiry:%d %B %Y},\n"
+        "so shortly before then you should renew it\n"
+        "and install the new certificate".format(
+            expiry=ssl_details["not_after"]
+        )
+    ))
+
 
 if __name__ == '__main__':
     arguments = docopt(__doc__)
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -2,6 +2,7 @@
 import json
 import pytest
 import responses
+from datetime import datetime
 from unittest.mock import patch
 from urllib.parse import urlencode
 
@@ -288,3 +289,42 @@ def test_raises_if_post_does_not_20x(self, api_responses, api_token):
 
         assert 'POST to set SSL details via API failed' in str(e.value)
         assert 'nope' in str(e.value)
+
+
+class TestGetWebappSSLInfo:
+
+    def test_returns_json_from_server_having_parsed_expiry(self, api_responses, api_token):
+        expected_url = get_api_endpoint().format(username=getpass.getuser()) + 'mydomain.com/ssl/'
+        api_responses.add(
+            responses.GET, expected_url, status=200,
+            body=json.dumps({
+                "not_after": "20180824T171623Z",
+                "issuer_name": "PythonAnywhere test CA",
+                "subject_name": "www.mycoolsite.com",
+                "subject_alternate_names": ["www.mycoolsite.com", "mycoolsite.com"],
+            })
+        )
+
+        assert Webapp('mydomain.com').get_ssl_info() == {
+            "not_after": datetime(2018, 8, 24, 17, 16, 23),
+            "issuer_name": "PythonAnywhere test CA",
+            "subject_name": "www.mycoolsite.com",
+            "subject_alternate_names": ["www.mycoolsite.com", "mycoolsite.com"],
+        }
+
+
+        get = api_responses.calls[0]
+        assert get.request.method == 'GET'
+        assert get.request.url == expected_url
+        assert get.request.headers['Authorization'] == 'Token {api_token}'.format(api_token=api_token)
+
+
+    def test_raises_if_get_does_not_return_200(self, api_responses, api_token):
+        expected_url = get_api_endpoint().format(username=getpass.getuser()) + 'mydomain.com/ssl/'
+        api_responses.add(responses.GET, expected_url, status=404, body='nope')
+
+        with pytest.raises(Exception) as e:
+            Webapp('mydomain.com').get_ssl_info()
+
+        assert 'GET SSL details via API failed, got' in str(e.value)
+        assert 'nope' in str(e.value)
