HomePhabricator
Diffusion Comm 7001e487e341

[tunnelbroker] disallow windows device tokens that don't contain the correct…

Description

[tunnelbroker] disallow windows device tokens that don't contain the correct domain

Summary:
the device token should be a valid URL and should contain the correct domain. per the docs:

It is important that the cloud service always ensures that the channel URI uses the domain "notify.windows.com". The service should never push notifications to a channel on any other domain. If the callback for your app is ever compromised, a malicious attacker could submit a channel URI to spoof WNS. Without inspecting the domain, your cloud service could potentially disclose information to this attacker unknowingly. The subdomain of the channel URI is subject to change and should not be considered when validating the channel URI.

Depends on D13020

Test Plan: tried to send an invalid windows device token and it was rejected, verified that it wasn't in DDB

Reviewers: bartek, kamil

Reviewed By: bartek, kamil

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D13022