From 94d00ca9421f0f42737658397a89458369d462e3 Mon Sep 17 00:00:00 2001 From: Eeshan Garg Date: Thu, 13 Jan 2022 22:20:39 -0500 Subject: [PATCH] zilencer: Stop serving requests from deactivated remote servers. --- zerver/decorator.py | 4 ++++ zerver/lib/exceptions.py | 11 +++++++++++ zerver/tests/test_push_notifications.py | 24 ++++++++++++++++++++++-- 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/zerver/decorator.py b/zerver/decorator.py index ef8eac5b62..d63afbfb78 100644 --- a/zerver/decorator.py +++ b/zerver/decorator.py @@ -39,6 +39,7 @@ from zerver.lib.exceptions import ( OrganizationOwnerRequired, RateLimited, RealmDeactivatedError, + RemoteServerDeactivatedError, UnsupportedWebhookEventType, UserDeactivatedError, WebhookError, @@ -247,6 +248,9 @@ def validate_api_key( if api_key != remote_server.api_key: raise InvalidZulipServerKeyError(role) + if remote_server.deactivated: + raise RemoteServerDeactivatedError() + if get_subdomain(request) != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN: raise JsonableError(_("Invalid subdomain for push notifications bouncer")) request.user = remote_server diff --git a/zerver/lib/exceptions.py b/zerver/lib/exceptions.py index e3f10e5875..258d49060b 100644 --- a/zerver/lib/exceptions.py +++ b/zerver/lib/exceptions.py @@ -32,6 +32,7 @@ class ErrorCode(Enum): RATE_LIMIT_HIT = auto() USER_DEACTIVATED = auto() REALM_DEACTIVATED = auto() + REMOTE_SERVER_DEACTIVATED = auto() PASSWORD_AUTH_DISABLED = auto() PASSWORD_RESET_REQUIRED = auto() AUTHENTICATION_FAILED = auto() @@ -280,6 +281,16 @@ class RealmDeactivatedError(AuthenticationFailedError): return _("This organization has been deactivated") +class RemoteServerDeactivatedError(AuthenticationFailedError): + code: ErrorCode = ErrorCode.REALM_DEACTIVATED + + @staticmethod + def msg_format() -> str: + return _( + "The mobile push notification service registration for your server has been deactivated" + ) + + class PasswordAuthDisabledError(AuthenticationFailedError): code: ErrorCode = ErrorCode.PASSWORD_AUTH_DISABLED diff --git a/zerver/tests/test_push_notifications.py b/zerver/tests/test_push_notifications.py index c883344be9..97ab5ae5a6 100644 --- a/zerver/tests/test_push_notifications.py +++ b/zerver/tests/test_push_notifications.py @@ -91,13 +91,13 @@ if settings.ZILENCER_ENABLED: class BouncerTestCase(ZulipTestCase): def setUp(self) -> None: self.server_uuid = "6cde5f7a-1f7e-4978-9716-49f69ebfc9fe" - server = RemoteZulipServer( + self.server = RemoteZulipServer( uuid=self.server_uuid, api_key="magic_secret_api_key", hostname="demo.example.com", last_updated=now(), ) - server.save() + self.server.save() super().setUp() def tearDown(self) -> None: @@ -164,6 +164,16 @@ class PushBouncerNotificationTest(BouncerTestCase): ) self.assert_json_error(result, "Must validate with valid Zulip server API key") + # Try with deactivated remote servers + self.server.deactivated = True + self.server.save() + result = self.uuid_post(self.server_uuid, endpoint, self.get_generic_payload("unregister")) + self.assert_json_error_contains( + result, + "The mobile push notification service registration for your server has been deactivated", + 401, + ) + def test_register_remote_push_user_paramas(self) -> None: token = "111222" user_id = 11 @@ -269,6 +279,16 @@ class PushBouncerNotificationTest(BouncerTestCase): status_code=401, ) + # Try with deactivated remote servers + self.server.deactivated = True + self.server.save() + result = self.uuid_post(self.server_uuid, endpoint, self.get_generic_payload("register")) + self.assert_json_error_contains( + result, + "The mobile push notification service registration for your server has been deactivated", + 401, + ) + def test_remote_push_user_endpoints(self) -> None: endpoints = [ ("/api/v1/remotes/push/register", "register"),