gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-09-05 17:31:12 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

Automatically remove invalid Web::PushSubscriptions (#35987)

Browse Source
This commit is contained in:
Emelia Smith 2025-09-04 10:00:44 +02:00 committed by GitHub
parent 14cb5ff881
commit 4c2a2c27c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/workers/web/push_notification_worker.rb
View File

@ -15,6 +15,15 @@ class Web::PushNotificationWorker
return if @notification.updated_at < TTL.ago
# Clean up old Web::PushSubscriptions that were added before validation of
# the endpoint and keys: #30542, #30540
unless @subscription.valid?
Rails.logger.debug { "Web::PushSubscription is invalid, removing: #{subscription_id}" }
@subscription.destroy!
return
end
# Polymorphically associated activity could have been deleted
# in the meantime, so we have to double-check before proceeding
return unless @notification.activity.present? && @subscription.pushable?(@notification)

22
spec/workers/web/push_notification_worker_spec.rb
View File

@ -36,6 +36,9 @@ RSpec.describe Web::PushNotificationWorker do
let(:std_input) { 'When I grow up, I want to be a watermelon' }
let(:std_ciphertext) { 'DGv6ra1nlYgDCS1FRnbzlwAAEABBBP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A_yl95bQpu6cVPTpK4Mqgkf1CXztLVBSt2Ks3oZwbuwXPXLWyouBWLVWGNWQexSgSxsj_Qulcy4a-fN' }
# Invalid subscription:
let(:invalid_subscription) { Fabricate.build(:web_push_subscription, user_id: user.id, key_p256dh: 'invalid', key_auth: 'invalid', endpoint: endpoint, standard: true, data: { alerts: { notification.type => true } }) }
describe 'perform' do
around do |example|
original_private = Rails.configuration.x.vapid.private_key
@ -83,6 +86,25 @@ RSpec.describe Web::PushNotificationWorker do
end
# rubocop:enable RSpec/SubjectStub
context 'with invalid record that will fail' do
before do
# Fabricator always runs validation, here we deliberately want to bypass
# the validation, simulating an invalid Web::PushSubscription that was
# created before PRs #30542, #30540 added validation.
invalid_subscription.save(validate: false)
end
it 'removes the record and does not process the request' do
expect { subject.perform(invalid_subscription.id, notification.id) }
.to_not raise_error
expect { invalid_subscription.reload }
.to raise_error ActiveRecord::RecordNotFound
expect(a_request(:post, endpoint)).to_not have_been_made
end
end
def legacy_web_push_endpoint_request
a_request(
:post,