bug: enforce senderID for gcm/fcm

closes #868
mozilla-services · Apr 13, 2017 · 569dd1f · 569dd1f
1 parent ee54f88
commit 569dd1f
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 6 deletions.
diff --git a/autopush/router/gcm.py b/autopush/router/gcm.py
@@ -111,13 +111,11 @@ def _route(self, notification, uaid_data):
             dry_run=self.dryRun or ("dryrun" in router_data),
             data=data,
         )
-        creds = router_data.get("creds", {"senderID": "missing id"})
         try:
-            gcm = self.gcm[creds['senderID']]
+            gcm = self.gcm[router_data['creds']['senderID']]
             result = gcm.send(payload)
         except KeyError:
-            self.log.critical("Missing GCM bridge credentials for : %s" %
-                              creds.get("senderID"))
+            self.log.critical("Missing GCM bridge credentials")
             raise RouterException("Server error", status_code=500)
         except gcmclient.GCMAuthenticationError as e:
             self.log.error("GCM Authentication Error: %s" % e)

diff --git a/autopush/tests/test_web_validation.py b/autopush/tests/test_web_validation.py
@@ -310,6 +310,7 @@ def test_valid_data(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         result, errors = schema.load(self._make_test_data())
         eq_(errors, {})
@@ -325,6 +326,7 @@ def test_no_headers(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         data = self._make_test_data(body="asdfasdf")
 
@@ -421,6 +423,7 @@ def test_invalid_header_combo(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         info = self._make_test_data(
             headers={
@@ -444,6 +447,7 @@ def test_invalid_header_combo_04(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         info = self._make_test_data(
             headers={
@@ -470,6 +474,7 @@ def test_missing_encryption_salt(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         info = self._make_test_data(
             headers={
@@ -494,6 +499,7 @@ def test_missing_encryption_salt_04(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         info = self._make_test_data(
             headers={
@@ -518,6 +524,7 @@ def test_missing_encryption_key_dh(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         info = self._make_test_data(
             headers={
@@ -543,6 +550,7 @@ def test_missing_crypto_key_dh(self):
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
             uaid=dummy_uaid,
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         info = self._make_test_data(
             headers={
@@ -568,6 +576,7 @@ def test_invalid_data_size(self):
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
             uaid=dummy_uaid,
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         schema.context["settings"].max_data = 1
 
@@ -590,6 +599,7 @@ def test_invalid_data_must_have_crypto_headers(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
 
         with assert_raises(InvalidRequest) as cm:
@@ -606,6 +616,7 @@ def test_valid_data_crypto_padding_stripped(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
 
         padded_value = "asdfjiasljdf==="
@@ -633,6 +644,7 @@ def test_invalid_dh_value_for_01_crypto(self):
         )
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
 
         padded_value = "asdfjiasljdf==="
@@ -664,6 +676,7 @@ def test_invalid_vapid_crypto_header(self):
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
             uaid=dummy_uaid,
+            router_data=dict(creds=dict(senderID="bogus")),
         )
 
         info = self._make_test_data(
@@ -691,6 +704,7 @@ def test_invalid_topic(self):
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="gcm",
             uaid=dummy_uaid,
+            router_data=dict(creds=dict(senderID="bogus")),
         )
 
         info = self._make_test_data(
@@ -780,6 +794,7 @@ def _make_fut(self):
         settings.router.get_uaid.return_value = dict(
             router_type="gcm",
             uaid=dummy_uaid,
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         settings.fernet = self.fernet_mock = Mock()
         return schema

diff --git a/autopush/tests/test_web_webpush.py b/autopush/tests/test_web_webpush.py
@@ -175,7 +175,8 @@ def handle_finish(result):
         self.ap_settings.router.get_uaid.return_value = dict(
             uaid=dummy_uaid,
             chid=dummy_chid,
-            router_type="gcm"
+            router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         self.wp.post()
         return self.finish_deferred
@@ -192,7 +193,8 @@ def handle_finish(result):
         self.ap_settings.router.get_uaid.return_value = dict(
             uaid=dummy_uaid,
             chid=dummy_chid,
-            router_type="gcm"
+            router_type="gcm",
+            router_data=dict(creds=dict(senderID="bogus")),
         )
         self.wp.post()
         return self.finish_deferred

diff --git a/autopush/web/webpush.py b/autopush/web/webpush.py
@@ -78,6 +78,14 @@ def validate_uaid_month_and_chid(self, d):
         if result.get("router_type") not in ["webpush", "gcm", "apns", "fcm"]:
             raise InvalidRequest("Wrong URL for user", errno=108)
 
+        if (result.get("router_type") in ["gcm", "fcm"]
+            and 'senderID' not in result.get('router_data',
+                                             {}).get("creds", {})):
+                # Make sure we note that this record is bad.
+                result['critical_failure'] = \
+                    result.get('critical_failure', "Missing SenderID")
+                settings.router.register_user(result)
+
         if result.get("critical_failure"):
             raise InvalidRequest("Critical Failure: %s" %
                                  result.get("critical_failure"),