zilencer: Stop serving requests from deactivated remote servers.

2022-01-13 22:20:39 -05:00 · 2022-01-13 22:20:39 -05:00 · 94d00ca942
parent 9e1fd26125
commit 94d00ca942
3 changed files with 37 additions and 2 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@ -39,6 +39,7 @@ from zerver.lib.exceptions import (
    OrganizationOwnerRequired,
    RateLimited,
    RealmDeactivatedError,
+    RemoteServerDeactivatedError,
    UnsupportedWebhookEventType,
    UserDeactivatedError,
    WebhookError,
@ -247,6 +248,9 @@ def validate_api_key(
        if api_key != remote_server.api_key:
            raise InvalidZulipServerKeyError(role)

+        if remote_server.deactivated:
+            raise RemoteServerDeactivatedError()
+
        if get_subdomain(request) != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN:
            raise JsonableError(_("Invalid subdomain for push notifications bouncer"))
        request.user = remote_server
--- a/zerver/lib/exceptions.py
+++ b/zerver/lib/exceptions.py
@ -32,6 +32,7 @@ class ErrorCode(Enum):
    RATE_LIMIT_HIT = auto()
    USER_DEACTIVATED = auto()
    REALM_DEACTIVATED = auto()
+    REMOTE_SERVER_DEACTIVATED = auto()
    PASSWORD_AUTH_DISABLED = auto()
    PASSWORD_RESET_REQUIRED = auto()
    AUTHENTICATION_FAILED = auto()
@ -280,6 +281,16 @@ class RealmDeactivatedError(AuthenticationFailedError):
        return _("This organization has been deactivated")


+class RemoteServerDeactivatedError(AuthenticationFailedError):
+    code: ErrorCode = ErrorCode.REALM_DEACTIVATED
+
+    @staticmethod
+    def msg_format() -> str:
+        return _(
+            "The mobile push notification service registration for your server has been deactivated"
+        )
+
+
 class PasswordAuthDisabledError(AuthenticationFailedError):
    code: ErrorCode = ErrorCode.PASSWORD_AUTH_DISABLED

--- a/zerver/tests/test_push_notifications.py
+++ b/zerver/tests/test_push_notifications.py
@ -91,13 +91,13 @@ if settings.ZILENCER_ENABLED:
 class BouncerTestCase(ZulipTestCase):
    def setUp(self) -> None:
        self.server_uuid = "6cde5f7a-1f7e-4978-9716-49f69ebfc9fe"
-        server = RemoteZulipServer(
+        self.server = RemoteZulipServer(
            uuid=self.server_uuid,
            api_key="magic_secret_api_key",
            hostname="demo.example.com",
            last_updated=now(),
        )
-        server.save()
+        self.server.save()
        super().setUp()

    def tearDown(self) -> None:
@ -164,6 +164,16 @@ class PushBouncerNotificationTest(BouncerTestCase):
        )
        self.assert_json_error(result, "Must validate with valid Zulip server API key")

+        # Try with deactivated remote servers
+        self.server.deactivated = True
+        self.server.save()
+        result = self.uuid_post(self.server_uuid, endpoint, self.get_generic_payload("unregister"))
+        self.assert_json_error_contains(
+            result,
+            "The mobile push notification service registration for your server has been deactivated",
+            401,
+        )
+
    def test_register_remote_push_user_paramas(self) -> None:
        token = "111222"
        user_id = 11
@ -269,6 +279,16 @@ class PushBouncerNotificationTest(BouncerTestCase):
            status_code=401,
        )

+        # Try with deactivated remote servers
+        self.server.deactivated = True
+        self.server.save()
+        result = self.uuid_post(self.server_uuid, endpoint, self.get_generic_payload("register"))
+        self.assert_json_error_contains(
+            result,
+            "The mobile push notification service registration for your server has been deactivated",
+            401,
+        )
+
    def test_remote_push_user_endpoints(self) -> None:
        endpoints = [
            ("/api/v1/remotes/push/register", "register"),