diff --git a/src/error.rs b/src/error.rs index 1a3b7ac..1b0ca77 100644 --- a/src/error.rs +++ b/src/error.rs @@ -187,6 +187,9 @@ pub enum Error { #[error("Unknown CA of APNs certificate")] ApnsCertificateUnknownCA, + #[error("Invalid APNs provider token")] + ApnsInvalidProviderToken, + #[error("client deleted due to invalid device token")] ClientDeleted, diff --git a/src/handlers/push_message.rs b/src/handlers/push_message.rs index a6aecb7..e31f8ed 100644 --- a/src/handlers/push_message.rs +++ b/src/handlers/push_message.rs @@ -452,6 +452,23 @@ pub async fn handler_internal( ); Err(Error::TenantSuspended) } + Error::ApnsInvalidProviderToken => { + let reason = "APNs certificate invalid provider token"; + state + .tenant_store + .suspend_tenant(&tenant_id, reason) + .await + .map_err(|e| (e, analytics.clone()))?; + increment_counter!(state.metrics, tenant_suspensions); + warn!( + %tenant_id, + client_id = %client_id, + notification_id = %notification.id, + push_type = client.push_type.as_str(), + "tenant has been suspended due to: {reason}" + ); + Err(Error::TenantSuspended) + } Error::BadFcmApiKey => { state .tenant_store diff --git a/src/providers/apns.rs b/src/providers/apns.rs index a918c82..4b3d39a 100644 --- a/src/providers/apns.rs +++ b/src/providers/apns.rs @@ -144,6 +144,8 @@ impl PushProvider for ApnsProvider { "The device token is inactive for the specified topic".to_string(), )), ErrorReason::TopicDisallowed => Err(Error::BadApnsCredentials), + // InvalidProviderToken reflecting that APNS certificate must be reissued + ErrorReason::InvalidProviderToken => Err(Error::ApnsInvalidProviderToken), reason => Err(Error::ApnsResponse(reason)), }, },