bug: allow "collection" in BSOs (although we ignore it)

Closes: #342
mozilla-services · Dec 5, 2019 · 013eaaf · 013eaaf
1 parent 4a9f2ce
commit 013eaaf
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 24 deletions.
diff --git a/src/server/test.rs b/src/server/test.rs
@@ -371,6 +371,17 @@ fn put_bso() {
     assert!(result >= start);
 }
 
+#[test]
+fn put_meta_storage() {
+    let start = SyncTimestamp::default();
+    // test that "collection" is accepted, even if ignored
+    let body = json!({"id": "global", "collection": "meta", "payload": "SomePayload"});
+    let bytes = test_endpoint_with_body(http::Method::PUT, "/1.5/42/storage/meta/global", body);
+    let result: PutBso = serde_json::from_slice(&bytes).unwrap();
+
+    assert!(result >= start);
+}
+
 #[test]
 fn invalid_content_type() {
     let path = "/1.5/42/storage/bookmarks/wibble";

diff --git a/src/web/extractors.rs b/src/web/extractors.rs
@@ -8,7 +8,7 @@ use actix_web::{
     dev::{ConnectionInfo, Extensions, Payload},
     error::ErrorInternalServerError,
     http::{
-        header::{qitem, Accept, ContentType, Header, HeaderMap, HeaderValue},
+        header::{qitem, Accept, ContentType, Header, HeaderMap},
         Uri,
     },
     web::{Json, Query},
@@ -313,9 +313,11 @@ pub struct BsoBody {
     pub payload: Option<String>,
     #[validate(custom = "validate_body_bso_ttl")]
     pub ttl: Option<u32>,
-    /// Any client-supplied value for this field is ignored
+    /// Any client-supplied value for these fields are ignored
     #[serde(rename(deserialize = "modified"), skip_serializing)]
     pub _ignored_modified: Option<IgnoredAny>,
+    #[serde(rename(deserialize = "collection"), skip_serializing)]
+    pub _ignored_collection: Option<IgnoredAny>,
 }
 
 impl FromRequest for BsoBody {
@@ -367,26 +369,6 @@ impl FromRequest for BsoBody {
 
         let max_payload_size = state.limits.max_record_payload_bytes as usize;
 
-        // The `meta/global` BSO is special in that it's used as a command to
-        // reset the timestamp. A possible client bug is sending an empty
-        // body. Handle it, but issue an info so we can track the event.
-        if req.path().ends_with("/meta/global")
-            && req
-                .headers()
-                .get("content-length")
-                .unwrap_or(&HeaderValue::from(0))
-                == HeaderValue::from(0)
-        {
-            info!("⚠️ Got an empty meta BSO");
-            return Box::new(future::ok(BsoBody {
-                id: None,
-                sortindex: None,
-                payload: None,
-                ttl: None,
-                _ignored_modified: None,
-            }));
-        }
-
         let fut = <Json<BsoBody>>::from_request(&req, payload)
             .map_err(|e| {
                 warn!("⚠️ Could not parse BSO Body: {:?}", e);

diff --git a/tools/hawk/make_hawk_token.py b/tools/hawk/make_hawk_token.py
@@ -30,7 +30,7 @@
 FXA_KID = "DEADBEEF00004be4ae957006c0ceb620"
 DEVICE_ID = "device1"
 NODE = "http://localhost:8000"
-SECRET = "Ted Koppel is a robot"
+SECRET = "Ted_Koppel_is_a_robot"
 HMAC_KEY = b"foo"
 
 # 10 years
@@ -120,7 +120,7 @@ def main():
         print("\nPath: ", path)
         print("Hawk Authorization Header: ", header)
     else:
-        print(header)
+        print("Authorization:", header)
 
 
 if __name__ == '__main__':