[CalendarServer-changes] [8540] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Mon Jan 16 11:08:15 PST 2012


Revision: 8540
          http://trac.macosforge.org/projects/calendarserver/changeset/8540
Author:   sagen at apple.com
Date:     2012-01-16 11:08:11 -0800 (Mon, 16 Jan 2012)
Log Message:
-----------
Catch empty APN subscription values from client

Modified Paths:
--------------
    CalendarServer/trunk/calendarserver/push/applepush.py
    CalendarServer/trunk/calendarserver/push/test/test_applepush.py
    CalendarServer/trunk/txdav/common/datastore/sql.py
    CalendarServer/trunk/txdav/common/icommondatastore.py

Modified: CalendarServer/trunk/calendarserver/push/applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/applepush.py	2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/calendarserver/push/applepush.py	2012-01-16 19:08:11 UTC (rev 8540)
@@ -33,6 +33,7 @@
 import OpenSSL
 import struct
 import time
+from txdav.common.icommondatastore import InvalidSubscriptionValues
 
 
 
@@ -603,20 +604,24 @@
         @type request: L{twext.web2.server.Request}
         """
 
-        token = request.args.get("token", None)
-        key = request.args.get("key", None)
-        if key and token:
-            key = key[0]
-            token = token[0].replace(" ", "").lower()
-            principal = self.principalFromRequest(request)
-            guid = principal.record.guid
-            yield self.addSubscription(token, key, guid)
-            code = responsecode.OK
-            msg = None
-        else:
+        token = request.args.get("token", ("",))[0].replace(" ", "").lower()
+        key = request.args.get("key", ("",))[0]
+
+        if not (key and token):
             code = responsecode.BAD_REQUEST
             msg = "Invalid request: both 'token' and 'key' must be provided"
 
+        else:
+            principal = self.principalFromRequest(request)
+            guid = principal.record.guid
+            try:
+                yield self.addSubscription(token, key, guid)
+                code = responsecode.OK
+                msg = None
+            except InvalidSubscriptionValues:
+                code = responsecode.BAD_REQUEST
+                msg = "Invalid subscription values"
+
         returnValue((code, msg))
 
     @inlineCallbacks

Modified: CalendarServer/trunk/calendarserver/push/test/test_applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/test/test_applepush.py	2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/calendarserver/push/test/test_applepush.py	2012-01-16 19:08:11 UTC (rev 8540)
@@ -22,6 +22,7 @@
 from twisted.internet.task import Clock
 import struct
 from txdav.common.datastore.test.util import buildStore, CommonCommonTests
+from txdav.common.icommondatastore import InvalidSubscriptionValues
 
 class ApplePushNotifierServiceTests(CommonCommonTests, TestCase):
 
@@ -62,6 +63,17 @@
 
         # Add subscriptions
         txn = self.store.newTransaction()
+
+        # Ensure empty values don't get through
+        try:
+            yield txn.addAPNSubscription("", "", "", "")
+        except InvalidSubscriptionValues:
+            pass
+        try:
+            yield txn.addAPNSubscription("", "1", "2", "3")
+        except InvalidSubscriptionValues:
+            pass
+
         token = "2d0d55cd7f98bcb81c6e24abcdc35168254c7846a43e2828b1ba5a8f82e219df"
         key1 = "/CalDAV/calendars.example.com/user01/calendar/"
         timestamp1 = 1000

Modified: CalendarServer/trunk/txdav/common/datastore/sql.py
===================================================================
--- CalendarServer/trunk/txdav/common/datastore/sql.py	2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/txdav/common/datastore/sql.py	2012-01-16 19:08:11 UTC (rev 8540)
@@ -55,7 +55,7 @@
 from txdav.common.icommondatastore import HomeChildNameNotAllowedError, \
     HomeChildNameAlreadyExistsError, NoSuchHomeChildError, \
     ObjectResourceNameNotAllowedError, ObjectResourceNameAlreadyExistsError, \
-    NoSuchObjectResourceError, AllRetriesFailed
+    NoSuchObjectResourceError, AllRetriesFailed, InvalidSubscriptionValues
 from txdav.common.inotifications import INotificationCollection, \
     INotificationObject
 
@@ -369,6 +369,9 @@
 
     @inlineCallbacks
     def addAPNSubscription(self, token, key, timestamp, subscriber):
+        if not (token and key and timestamp and subscriber):
+            raise InvalidSubscriptionValues()
+
         row = yield self._selectAPNSubscriptionQuery.on(self,
             token=token, resourceKey=key)
         if not row: # Subscription does not yet exist

Modified: CalendarServer/trunk/txdav/common/icommondatastore.py
===================================================================
--- CalendarServer/trunk/txdav/common/icommondatastore.py	2012-01-16 16:52:00 UTC (rev 8539)
+++ CalendarServer/trunk/txdav/common/icommondatastore.py	2012-01-16 19:08:11 UTC (rev 8540)
@@ -141,6 +141,13 @@
 class SyncTokenValidException(ValueError):
     pass
 
+# APN Subscriptions
+
+class InvalidSubscriptionValues(ValueError):
+    """
+    Invalid APN subscription values passed in.
+    """
+
 #
 # Interfaces
 #
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20120116/124bf614/attachment-0001.html>


More information about the calendarserver-changes mailing list