fix: drop users with no router_type recorded

autopush/ssl.py

@@ -13,6 +13,12 @@
 from OpenSSL import SSL
 from twisted.internet.ssl import DefaultOpenSSLContextFactory
 
+try:
+    SSL_PROTO = ssl.PROTOCOL_TLS
+except AttributeError:
+    SSL_PROTO = ssl.PROTOCOL_SSLv23
+
+
 MOZILLA_INTERMEDIATE_CIPHERS = (
     'ECDHE-RSA-AES128-GCM-SHA256:'
     'ECDHE-ECDSA-AES128-GCM-SHA256:'
@@ -111,7 +117,7 @@ def ssl_wrap_socket_cached(
         certfile=None,                 # type: Optional[str]
         server_side=False,             # type: bool
         cert_reqs=ssl.CERT_NONE,       # type: int
-        ssl_version=ssl.PROTOCOL_TLS,  # type: int
+        ssl_version=SSL_PROTO,         # type: int
         ca_certs=None,                 # type: Optional[str]
         do_handshake_on_connect=True,  # type: bool
         suppress_ragged_eofs=True,     # type: bool

autopush/tests/test_web_webpush.py

@@ -186,6 +186,19 @@ def test_request_v2_id_no_crypt_auth(self):
         )
         assert resp.get_status() == 401
 
+    @inlineCallbacks
+    def test_request_no_router_type(self):
+        self.fernet_mock.decrypt.return_value = 'a' * 32
+        self.db.router.get_uaid.return_value = dict(
+            uaid=dummy_uaid,
+            chid=dummy_chid,
+        )
+        resp = yield self.client.post(
+            self.url(api_ver='v1', token='ignored'),
+            headers={'authorization': 'webpush dummy.key'}
+        )
+        assert resp.get_status() == 410
+
     @inlineCallbacks
     def test_request_bad_v2_id_bad_pubkey(self):
         self.fernet_mock.decrypt.return_value = 'a' * 64

autopush/web/webpush.py

@@ -54,6 +54,8 @@
 # Base64 URL validation
 VALID_BASE64_URL = re.compile(r'^[0-9A-Za-z\-_]+=*$')
 
+VALID_ROUTER_TYPES = ["simplepush", "webpush", "gcm", "fcm", "apns"]
+
 
 class WebPushSubscriptionSchema(Schema):
     uaid = fields.UUID(required=True)
@@ -86,13 +88,25 @@ def validate_uaid_month_and_chid(self, d):
         except ItemNotFound:
             raise InvalidRequest("UAID not found", status_code=410, errno=103)
 
-        if (result.get("router_type") in ["gcm", "fcm"]
+        # We must have a router_type to validate the user
+        router_type = result.get("router_type")
+        if router_type not in VALID_ROUTER_TYPES:
+            self.context["log"].debug(format="Dropping User", code=102,
+                                      uaid_hash=hasher(result["uaid"]),
+                                      uaid_record=dump_uaid(result))
+            self.context["metrics"].increment("updates.drop_user",
+                                              tags=make_tags(errno=102))
+            self.context["db"].router.drop_user(result["uaid"])
+            raise InvalidRequest("No such subscription", status_code=410,
+                                 errno=106)
+
+        if (router_type in ["gcm", "fcm"]
             and 'senderID' not in result.get('router_data',
                                              {}).get("creds", {})):
-                # Make sure we note that this record is bad.
-                result['critical_failure'] = \
-                    result.get('critical_failure', "Missing SenderID")
-                db.router.register_user(result)
+            # Make sure we note that this record is bad.
+            result['critical_failure'] = \
+                result.get('critical_failure', "Missing SenderID")
+            db.router.register_user(result)
 
         if result.get("critical_failure"):
             raise InvalidRequest("Critical Failure: %s" %