@@ -193,45 +193,33 @@ describe('/account/devices/notify', function () {
193193 }
194194 } )
195195 var pushPayload = {
196- isValid : true ,
197196 version : 1 ,
198197 command : 'sync:collection_changed' ,
199198 data : {
200199 collections : [ 'clients' ]
201200 }
202201 }
203202 var mockPush = mocks . mockPush ( )
204- var validate = sinon . spy ( function ( payload ) { return payload . isValid } )
205- var mockAjv = function ( ) {
206- return {
207- compile : function ( ) {
208- return validate
209- }
210- }
211- }
212203 var sandbox = sinon . sandbox . create ( )
213204 var mockCustoms = mocks . mockCustoms ( )
214205 var accountRoutes = makeRoutes ( {
215206 config : config ,
216207 customs : mockCustoms ,
217208 push : mockPush
218- } , {
219- ajv : mockAjv
220209 } )
221210 var route = getRoute ( accountRoutes , '/account/devices/notify' )
222211
223212 it ( 'bad payload' , function ( ) {
224213 mockRequest . payload = {
225214 to : [ 'bogusid1' ] ,
226215 payload : {
227- isValid : false
216+ bogus : 'payload'
228217 }
229218 }
230219 return runTest ( route , mockRequest , function ( ) {
231220 assert ( false , 'should have thrown' )
232221 } )
233222 . then ( ( ) => assert ( false ) , function ( err ) {
234- assert . equal ( validate . callCount , 1 , 'ajv validator function was called' )
235223 assert . equal ( mockPush . pushToDevices . callCount , 0 , 'mockPush.pushToDevices was not called' )
236224 assert . equal ( err . errno , 107 , 'Correct errno for invalid push payload' )
237225 } )
@@ -268,6 +256,34 @@ describe('/account/devices/notify', function () {
268256 } )
269257 } )
270258
259+ it ( 'extra push payload properties are stripped' , function ( ) {
260+ var extraPropsPayload = JSON . parse ( JSON . stringify ( pushPayload ) )
261+ extraPropsPayload . extra = true
262+ extraPropsPayload . data . extra = true
263+ mockRequest . payload = {
264+ to : 'all' ,
265+ excluded : [ 'bogusid' ] ,
266+ TTL : 60 ,
267+ payload : extraPropsPayload
268+ }
269+ // We don't wait on pushToAllDevices in the request handler, that's why
270+ // we have to wait on it manually by spying.
271+ var pushToAllDevicesPromise = P . defer ( )
272+ mockPush . pushToAllDevices = sinon . spy ( function ( ) {
273+ pushToAllDevicesPromise . resolve ( )
274+ return Promise . resolve ( )
275+ } )
276+ return runTest ( route , mockRequest , function ( response ) {
277+ return pushToAllDevicesPromise . promise . then ( function ( ) {
278+ assert . deepEqual ( mockPush . pushToAllDevices . args [ 0 ] [ 2 ] , {
279+ data : Buffer . from ( JSON . stringify ( pushPayload ) ) ,
280+ excludedDeviceIds : [ 'bogusid' ] ,
281+ TTL : 60
282+ } , 'third argument payload properties has no extra properties' )
283+ } )
284+ } )
285+ } )
286+
271287 it ( 'specific devices' , function ( ) {
272288 mockCustoms . checkAuthenticated . reset ( )
273289 mockLog . activityEvent . reset ( )
@@ -351,6 +367,12 @@ describe('/account/devices/notify', function () {
351367 } )
352368
353369 it ( 'throws error if customs blocked the request' , function ( ) {
370+ mockRequest . payload = {
371+ to : 'all' ,
372+ excluded : [ 'bogusid' ] ,
373+ TTL : 60 ,
374+ payload : pushPayload
375+ }
354376 config . deviceNotificationsEnabled = true
355377
356378 mockCustoms = mocks . mockCustoms ( {
0 commit comments