Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

zilencer: Stop serving requests from deactivated remote servers.

This commit is contained in:
Eeshan Garg 2022-01-13 22:20:39 -05:00 committed by Tim Abbott
parent 9e1fd26125
commit 94d00ca942
3 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
zerver/decorator.py
View File

@ -39,6 +39,7 @@ from zerver.lib.exceptions import (
OrganizationOwnerRequired, OrganizationOwnerRequired,
RateLimited, RateLimited,
RealmDeactivatedError, RealmDeactivatedError,
RemoteServerDeactivatedError,
UnsupportedWebhookEventType, UnsupportedWebhookEventType,
UserDeactivatedError, UserDeactivatedError,
WebhookError, WebhookError,
@ -247,6 +248,9 @@ def validate_api_key(
if api_key != remote_server.api_key: if api_key != remote_server.api_key:
raise InvalidZulipServerKeyError(role) raise InvalidZulipServerKeyError(role)
if remote_server.deactivated:
raise RemoteServerDeactivatedError()
if get_subdomain(request) != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN: if get_subdomain(request) != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN:
raise JsonableError(_("Invalid subdomain for push notifications bouncer")) raise JsonableError(_("Invalid subdomain for push notifications bouncer"))
request.user = remote_server request.user = remote_server

11
zerver/lib/exceptions.py
View File

@ -32,6 +32,7 @@ class ErrorCode(Enum):
RATE_LIMIT_HIT = auto() RATE_LIMIT_HIT = auto()
USER_DEACTIVATED = auto() USER_DEACTIVATED = auto()
REALM_DEACTIVATED = auto() REALM_DEACTIVATED = auto()
REMOTE_SERVER_DEACTIVATED = auto()
PASSWORD_AUTH_DISABLED = auto() PASSWORD_AUTH_DISABLED = auto()
PASSWORD_RESET_REQUIRED = auto() PASSWORD_RESET_REQUIRED = auto()
AUTHENTICATION_FAILED = auto() AUTHENTICATION_FAILED = auto()
@ -280,6 +281,16 @@ class RealmDeactivatedError(AuthenticationFailedError):
return _("This organization has been deactivated") return _("This organization has been deactivated")
class RemoteServerDeactivatedError(AuthenticationFailedError):
code: ErrorCode = ErrorCode.REALM_DEACTIVATED
@staticmethod
def msg_format() -> str:
return _(
"The mobile push notification service registration for your server has been deactivated"
)
class PasswordAuthDisabledError(AuthenticationFailedError): class PasswordAuthDisabledError(AuthenticationFailedError):
code: ErrorCode = ErrorCode.PASSWORD_AUTH_DISABLED code: ErrorCode = ErrorCode.PASSWORD_AUTH_DISABLED

24
zerver/tests/test_push_notifications.py
View File

@ -91,13 +91,13 @@ if settings.ZILENCER_ENABLED:
class BouncerTestCase(ZulipTestCase): class BouncerTestCase(ZulipTestCase):
def setUp(self) -> None: def setUp(self) -> None:
self.server_uuid = "6cde5f7a-1f7e-4978-9716-49f69ebfc9fe" self.server_uuid = "6cde5f7a-1f7e-4978-9716-49f69ebfc9fe"
server = RemoteZulipServer( self.server = RemoteZulipServer(
uuid=self.server_uuid, uuid=self.server_uuid,
api_key="magic_secret_api_key", api_key="magic_secret_api_key",
hostname="demo.example.com", hostname="demo.example.com",
last_updated=now(), last_updated=now(),
) )
server.save() self.server.save()
super().setUp() super().setUp()
def tearDown(self) -> None: def tearDown(self) -> None:
@ -164,6 +164,16 @@ class PushBouncerNotificationTest(BouncerTestCase):
) )
self.assert_json_error(result, "Must validate with valid Zulip server API key") self.assert_json_error(result, "Must validate with valid Zulip server API key")
# Try with deactivated remote servers
self.server.deactivated = True
self.server.save()
result = self.uuid_post(self.server_uuid, endpoint, self.get_generic_payload("unregister"))
self.assert_json_error_contains(
result,
"The mobile push notification service registration for your server has been deactivated",
401,
)
def test_register_remote_push_user_paramas(self) -> None: def test_register_remote_push_user_paramas(self) -> None:
token = "111222" token = "111222"
user_id = 11 user_id = 11
@ -269,6 +279,16 @@ class PushBouncerNotificationTest(BouncerTestCase):
status_code=401, status_code=401,
) )
# Try with deactivated remote servers
self.server.deactivated = True
self.server.save()
result = self.uuid_post(self.server_uuid, endpoint, self.get_generic_payload("register"))
self.assert_json_error_contains(
result,
"The mobile push notification service registration for your server has been deactivated",
401,
)
def test_remote_push_user_endpoints(self) -> None: def test_remote_push_user_endpoints(self) -> None:
endpoints = [ endpoints = [
("/api/v1/remotes/push/register", "register"), ("/api/v1/remotes/push/register", "register"),