Skip to content
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.

Commit

Permalink
bug: enforce senderID for gcm/fcm
Browse files Browse the repository at this point in the history
closes #868
  • Loading branch information
jrconlin committed Apr 13, 2017
1 parent ee54f88 commit 1ab68f2
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 2 deletions.
15 changes: 15 additions & 0 deletions autopush/tests/test_web_validation.py
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,7 @@ def test_valid_data(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
result, errors = schema.load(self._make_test_data())
eq_(errors, {})
Expand All @@ -325,6 +326,7 @@ def test_no_headers(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
data = self._make_test_data(body="asdfasdf")

Expand Down Expand Up @@ -421,6 +423,7 @@ def test_invalid_header_combo(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
info = self._make_test_data(
headers={
Expand All @@ -444,6 +447,7 @@ def test_invalid_header_combo_04(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
info = self._make_test_data(
headers={
Expand All @@ -470,6 +474,7 @@ def test_missing_encryption_salt(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
info = self._make_test_data(
headers={
Expand All @@ -494,6 +499,7 @@ def test_missing_encryption_salt_04(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
info = self._make_test_data(
headers={
Expand All @@ -518,6 +524,7 @@ def test_missing_encryption_key_dh(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
info = self._make_test_data(
headers={
Expand All @@ -543,6 +550,7 @@ def test_missing_crypto_key_dh(self):
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
uaid=dummy_uaid,
router_data=dict(creds=dict(senderID="bogus")),
)
info = self._make_test_data(
headers={
Expand All @@ -568,6 +576,7 @@ def test_invalid_data_size(self):
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
uaid=dummy_uaid,
router_data=dict(creds=dict(senderID="bogus")),
)
schema.context["settings"].max_data = 1

Expand All @@ -590,6 +599,7 @@ def test_invalid_data_must_have_crypto_headers(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)

with assert_raises(InvalidRequest) as cm:
Expand All @@ -606,6 +616,7 @@ def test_valid_data_crypto_padding_stripped(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)

padded_value = "asdfjiasljdf==="
Expand Down Expand Up @@ -633,6 +644,7 @@ def test_invalid_dh_value_for_01_crypto(self):
)
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)

padded_value = "asdfjiasljdf==="
Expand Down Expand Up @@ -664,6 +676,7 @@ def test_invalid_vapid_crypto_header(self):
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
uaid=dummy_uaid,
router_data=dict(creds=dict(senderID="bogus")),
)

info = self._make_test_data(
Expand Down Expand Up @@ -691,6 +704,7 @@ def test_invalid_topic(self):
schema.context["settings"].router.get_uaid.return_value = dict(
router_type="gcm",
uaid=dummy_uaid,
router_data=dict(creds=dict(senderID="bogus")),
)

info = self._make_test_data(
Expand Down Expand Up @@ -780,6 +794,7 @@ def _make_fut(self):
settings.router.get_uaid.return_value = dict(
router_type="gcm",
uaid=dummy_uaid,
router_data=dict(creds=dict(senderID="bogus")),
)
settings.fernet = self.fernet_mock = Mock()
return schema
Expand Down
6 changes: 4 additions & 2 deletions autopush/tests/test_web_webpush.py
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,8 @@ def handle_finish(result):
self.ap_settings.router.get_uaid.return_value = dict(
uaid=dummy_uaid,
chid=dummy_chid,
router_type="gcm"
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
self.wp.post()
return self.finish_deferred
Expand All @@ -192,7 +193,8 @@ def handle_finish(result):
self.ap_settings.router.get_uaid.return_value = dict(
uaid=dummy_uaid,
chid=dummy_chid,
router_type="gcm"
router_type="gcm",
router_data=dict(creds=dict(senderID="bogus")),
)
self.wp.post()
return self.finish_deferred
Expand Down
8 changes: 8 additions & 0 deletions autopush/web/webpush.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@ def validate_uaid_month_and_chid(self, d):
if result.get("router_type") not in ["webpush", "gcm", "apns", "fcm"]:
raise InvalidRequest("Wrong URL for user", errno=108)

if result.get("router_type") in ["gcm", "fcm"]:
if 'senderID' not in result.get('router_data',
{}).get("creds", {}):
# Make sure we note that this record is bad.
result['critical_failure'] = \
result.get('critical_failure', "Missing SenderID")
settings.router.register_user(result)

if result.get("critical_failure"):
raise InvalidRequest("Critical Failure: %s" %
result.get("critical_failure"),
Expand Down

0 comments on commit 1ab68f2

Please sign in to comment.