bug: Prevent invalid header values from causing key errors in validation

marshmallow may be more "helpful" than we'd like. Closes #604
mozilla-services · Aug 17, 2016 · 55e08bf · 55e08bf
1 parent 7dc79e4
commit 55e08bf
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 16 deletions.
diff --git a/autopush/tests/test_web_validation.py b/autopush/tests/test_web_validation.py
@@ -315,6 +315,21 @@ def test_valid_data(self):
         ok_("message_id" in result)
         eq_(str(result["subscription"]["uaid"]), dummy_uaid)
 
+    def test_no_headers(self):
+        schema = self._makeFUT()
+        schema.context["settings"].parse_endpoint.return_value = dict(
+            uaid=dummy_uaid,
+            chid=dummy_chid,
+            public_key="",
+        )
+        schema.context["settings"].router.get_uaid.return_value = dict(
+            router_type="webpush",
+        )
+        data = self._make_test_data(body="asdfasdf",
+                                    headers={"ttl": "invalid"})
+        result, errors = schema.load(data)
+        eq_(errors, {'headers': {'ttl': [u'Not a valid integer.']}})
+
     def test_invalid_simplepush_user(self):
         schema = self._makeFUT()
         schema.context["settings"].parse_endpoint.return_value = dict(

diff --git a/autopush/web/validation.py b/autopush/web/validation.py
@@ -202,7 +202,7 @@ def extract_subscription(self, d):
             raise InvalidRequest("invalid token", errno=102)
         return result
 
-    @validates_schema
+    @validates_schema(skip_on_field_errors=True)
     def validate_uaid(self, d):
         try:
             result = self.context["settings"].router.get_uaid(d["uaid"].hex)
@@ -271,25 +271,26 @@ def validate_data(self, value):
                 errno=104,
             )
 
-    @validates_schema
+    @validates_schema(skip_on_field_errors=True)
     def ensure_encoding_with_data(self, d):
         # This runs before nested schemas, so we use the - separated
         # field name
         req_fields = ["content-encoding", "encryption"]
-        if d["body"] and not all([x in d["headers"] for x in req_fields]):
-            raise InvalidRequest("Client error", errno=110)
-        if (d["headers"].get("crypto-key") and
-                "dh=" not in d["headers"]["crypto-key"]):
-                raise InvalidRequest(
-                    "Crypto-Key header missing public-key 'dh' value",
-                    status_code=401,
-                    errno=110)
-        if (d["headers"].get("encryption") and
-                "salt=" not in d["headers"]["encryption"]):
-                raise InvalidRequest(
-                    "Encryption header missing 'salt' value",
-                    status_code=401,
-                    errno=110)
+        if d.get("body"):
+            if not all([x in d["headers"] for x in req_fields]):
+                raise InvalidRequest("Client error", errno=110)
+            if (d["headers"].get("crypto-key") and
+                    "dh=" not in d["headers"]["crypto-key"]):
+                    raise InvalidRequest(
+                        "Crypto-Key header missing public-key 'dh' value",
+                        status_code=401,
+                        errno=110)
+            if (d["headers"].get("encryption") and
+                    "salt=" not in d["headers"]["encryption"]):
+                    raise InvalidRequest(
+                        "Encryption header missing 'salt' value",
+                        status_code=401,
+                        errno=110)
 
     @pre_load
     def token_prep(self, d):