[CalendarServer-changes] [8553] CalendarServer/trunk/calendarserver/push
source_changes at macosforge.org
source_changes at macosforge.org
Tue Jan 17 11:07:56 PST 2012
Revision: 8553
http://trac.macosforge.org/projects/calendarserver/changeset/8553
Author: sagen at apple.com
Date: 2012-01-17 11:07:55 -0800 (Tue, 17 Jan 2012)
Log Message:
-----------
Validate APN tokens when client subscribes.
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/push/applepush.py
CalendarServer/trunk/calendarserver/push/test/test_applepush.py
CalendarServer/trunk/calendarserver/push/util.py
Modified: CalendarServer/trunk/calendarserver/push/applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/applepush.py 2012-01-17 18:35:35 UTC (rev 8552)
+++ CalendarServer/trunk/calendarserver/push/applepush.py 2012-01-17 19:07:55 UTC (rev 8553)
@@ -34,6 +34,7 @@
import struct
import time
from txdav.common.icommondatastore import InvalidSubscriptionValues
+from calendarserver.push.util import validToken
@@ -629,6 +630,10 @@
code = responsecode.BAD_REQUEST
msg = "Invalid request: both 'token' and 'key' must be provided"
+ elif not validToken(token):
+ code = responsecode.BAD_REQUEST
+ msg = "Invalid request: bad 'token' %s" % (token,)
+
else:
principal = self.principalFromRequest(request)
uid = principal.record.uid
Modified: CalendarServer/trunk/calendarserver/push/test/test_applepush.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/test/test_applepush.py 2012-01-17 18:35:35 UTC (rev 8552)
+++ CalendarServer/trunk/calendarserver/push/test/test_applepush.py 2012-01-17 19:07:55 UTC (rev 8553)
@@ -17,6 +17,7 @@
from calendarserver.push.applepush import (
ApplePushNotifierService, APNProviderProtocol
)
+from calendarserver.push.util import validToken
from twistedcaldav.test.util import TestCase
from twisted.internet.defer import inlineCallbacks, succeed
from twisted.internet.task import Clock
@@ -198,7 +199,13 @@
yield txn.commit()
self.assertEquals(len(subscriptions), 1)
+ def test_validToken(self):
+ self.assertTrue(validToken("2d0d55cd7f98bcb81c6e24abcdc35168254c7846a43e2828b1ba5a8f82e219df"))
+ self.assertFalse(validToken("d0d55cd7f98bcb81c6e24abcdc35168254c7846a43e2828b1ba5a8f82e219df"))
+ self.assertFalse(validToken("foo"))
+ self.assertFalse(validToken(""))
+
class TestConnector(object):
def connect(self, service, factory):
Modified: CalendarServer/trunk/calendarserver/push/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/push/util.py 2012-01-17 18:35:35 UTC (rev 8552)
+++ CalendarServer/trunk/calendarserver/push/util.py 2012-01-17 19:07:55 UTC (rev 8553)
@@ -34,3 +34,19 @@
if name == "UID":
return value
return ""
+
+def validToken(token):
+ """
+ Return True if token is in hex and is 64 characters long, False
+ otherwise
+ """
+ if len(token) != 64:
+ return False
+
+ try:
+ token.decode("hex")
+ except TypeError:
+ return False
+
+ return True
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20120117/5d247f8d/attachment-0001.html>
More information about the calendarserver-changes
mailing list