[CalendarServer-changes] [8540] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Mon Jan 16 11:08:15 PST 2012
Revision: 8540
http://trac.macosforge.org/projects/calendarserver/changeset/8540
Author: sagen at apple.com
Date: 2012-01-16 11:08:11 -0800 (Mon, 16 Jan 2012)
Log Message:
-----------
Catch empty APN subscription values from client
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/push/applepush.py
CalendarServer/trunk/calendarserver/push/test/test_applepush.py
CalendarServer/trunk/txdav/common/datastore/sql.py
CalendarServer/trunk/txdav/common/icommondatastore.py
Modified: CalendarServer/trunk/calendarserver/push/applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/applepush.py 2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/calendarserver/push/applepush.py 2012-01-16 19:08:11 UTC (rev 8540)
@@ -33,6 +33,7 @@
import OpenSSL
import struct
import time
+from txdav.common.icommondatastore import InvalidSubscriptionValues
@@ -603,20 +604,24 @@
@type request: L{twext.web2.server.Request}
"""
- token = request.args.get("token", None)
- key = request.args.get("key", None)
- if key and token:
- key = key[0]
- token = token[0].replace(" ", "").lower()
- principal = self.principalFromRequest(request)
- guid = principal.record.guid
- yield self.addSubscription(token, key, guid)
- code = responsecode.OK
- msg = None
- else:
+ token = request.args.get("token", ("",))[0].replace(" ", "").lower()
+ key = request.args.get("key", ("",))[0]
+
+ if not (key and token):
code = responsecode.BAD_REQUEST
msg = "Invalid request: both 'token' and 'key' must be provided"
+ else:
+ principal = self.principalFromRequest(request)
+ guid = principal.record.guid
+ try:
+ yield self.addSubscription(token, key, guid)
+ code = responsecode.OK
+ msg = None
+ except InvalidSubscriptionValues:
+ code = responsecode.BAD_REQUEST
+ msg = "Invalid subscription values"
+
returnValue((code, msg))
@inlineCallbacks
Modified: CalendarServer/trunk/calendarserver/push/test/test_applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/test/test_applepush.py 2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/calendarserver/push/test/test_applepush.py 2012-01-16 19:08:11 UTC (rev 8540)
@@ -22,6 +22,7 @@
from twisted.internet.task import Clock
import struct
from txdav.common.datastore.test.util import buildStore, CommonCommonTests
+from txdav.common.icommondatastore import InvalidSubscriptionValues
class ApplePushNotifierServiceTests(CommonCommonTests, TestCase):
@@ -62,6 +63,17 @@
# Add subscriptions
txn = self.store.newTransaction()
+
+ # Ensure empty values don't get through
+ try:
+ yield txn.addAPNSubscription("", "", "", "")
+ except InvalidSubscriptionValues:
+ pass
+ try:
+ yield txn.addAPNSubscription("", "1", "2", "3")
+ except InvalidSubscriptionValues:
+ pass
+
token = "2d0d55cd7f98bcb81c6e24abcdc35168254c7846a43e2828b1ba5a8f82e219df"
key1 = "/CalDAV/calendars.example.com/user01/calendar/"
timestamp1 = 1000
Modified: CalendarServer/trunk/txdav/common/datastore/sql.py
===================================================================
--- CalendarServer/trunk/txdav/common/datastore/sql.py 2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/txdav/common/datastore/sql.py 2012-01-16 19:08:11 UTC (rev 8540)
@@ -55,7 +55,7 @@
from txdav.common.icommondatastore import HomeChildNameNotAllowedError, \
HomeChildNameAlreadyExistsError, NoSuchHomeChildError, \
ObjectResourceNameNotAllowedError, ObjectResourceNameAlreadyExistsError, \
- NoSuchObjectResourceError, AllRetriesFailed
+ NoSuchObjectResourceError, AllRetriesFailed, InvalidSubscriptionValues
from txdav.common.inotifications import INotificationCollection, \
INotificationObject
@@ -369,6 +369,9 @@
@inlineCallbacks
def addAPNSubscription(self, token, key, timestamp, subscriber):
+ if not (token and key and timestamp and subscriber):
+ raise InvalidSubscriptionValues()
+
row = yield self._selectAPNSubscriptionQuery.on(self,
token=token, resourceKey=key)
if not row: # Subscription does not yet exist
Modified: CalendarServer/trunk/txdav/common/icommondatastore.py
===================================================================
--- CalendarServer/trunk/txdav/common/icommondatastore.py 2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/txdav/common/icommondatastore.py 2012-01-16 19:08:11 UTC (rev 8540)
@@ -141,6 +141,13 @@
class SyncTokenValidException(ValueError):
pass
+# APN Subscriptions
+
+class InvalidSubscriptionValues(ValueError):
+ """
+ Invalid APN subscription values passed in.
+ """
+
#
# Interfaces
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20120116/124bf614/attachment-0001.html>
More information about the calendarserver-changes
mailing list