From 3576d2075b590861950b984160243de35bf982d5 Mon Sep 17 00:00:00 2001
From: jrconlin <jconlin+git@mozilla.com>
Date: Tue, 4 Apr 2017 14:00:53 -0700
Subject: [PATCH] bug: Limit exception trapping to known types when processing
 crypto-key

closes #860
---
 autopush/tests/test_integration.py | 12 ++++++++++++
 autopush/web/webpush.py            |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/autopush/tests/test_integration.py b/autopush/tests/test_integration.py
index 047aa79a..3372a233 100644
--- a/autopush/tests/test_integration.py
+++ b/autopush/tests/test_integration.py
@@ -958,6 +958,18 @@ def test_basic_delivery_with_invalid_vapid(self):
             status=401)
         yield self.shut_down(client)
 
+    @inlineCallbacks
+    def test_basic_delivery_with_invalid_vapid_ckey(self):
+        data = str(uuid.uuid4())
+        client = yield self.quick_register(use_webpush=True)
+        vapid_info = _get_vapid()
+        vapid_info['crypto-key'] = "invalid|"
+        yield client.send_notification(
+            data=data,
+            vapid=vapid_info,
+            status=401)
+        yield self.shut_down(client)
+
     @inlineCallbacks
     def test_delivery_repeat_without_ack(self):
         data = str(uuid.uuid4())
diff --git a/autopush/web/webpush.py b/autopush/web/webpush.py
index 2cb6d4ba..7503ccb4 100644
--- a/autopush/web/webpush.py
+++ b/autopush/web/webpush.py
@@ -321,7 +321,7 @@ def validate_auth(self, d):
 
         try:
             jwt = extract_jwt(token, public_key)
-        except (ValueError, InvalidSignature, Exception):
+        except (ValueError, InvalidSignature, TypeError):
             raise InvalidRequest("Invalid Authorization Header",
                                  status_code=401, errno=109,
                                  headers={"www-authenticate": PREF_SCHEME})