Additional counters and timers for WebSocket connections

2026-04-21 23:48:05 +01:00 · 2023-06-13 11:46:15 -05:00
parent e8f01be8ef
commit 128d709c99
4 changed files with 199 additions and 35 deletions
--- a/service/src/test/java/org/whispersystems/textsecuregcm/websocket/WebSocketAccountAuthenticatorTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/websocket/WebSocketAccountAuthenticatorTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2023 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.websocket;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
+import io.dropwizard.auth.basic.BasicCredentials;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Stream;
+import org.eclipse.jetty.websocket.api.UpgradeRequest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.Device;
+import org.whispersystems.textsecuregcm.util.Pair;
+import org.whispersystems.websocket.auth.WebSocketAuthenticator;
+
+class WebSocketAccountAuthenticatorTest {
+
+  private static final String VALID_USER = PhoneNumberUtil.getInstance().format(
+      PhoneNumberUtil.getInstance().getExampleNumber("NZ"), PhoneNumberUtil.PhoneNumberFormat.E164);
+  private static final String VALID_PASSWORD = "valid";
+  private static final String INVALID_USER = PhoneNumberUtil.getInstance().format(
+      PhoneNumberUtil.getInstance().getExampleNumber("AU"), PhoneNumberUtil.PhoneNumberFormat.E164);
+  private static final String INVALID_PASSWORD = "invalid";
+
+  private AccountAuthenticator accountAuthenticator;
+
+  private UpgradeRequest upgradeRequest;
+
+  @BeforeEach
+  void setUp() {
+    accountAuthenticator = mock(AccountAuthenticator.class);
+
+    when(accountAuthenticator.authenticate(eq(new BasicCredentials(VALID_USER, VALID_PASSWORD))))
+        .thenReturn(Optional.of(new AuthenticatedAccount(() -> new Pair<>(mock(Account.class), mock(Device.class)))));
+
+    when(accountAuthenticator.authenticate(eq(new BasicCredentials(INVALID_USER, INVALID_PASSWORD))))
+        .thenReturn(Optional.empty());
+
+    upgradeRequest = mock(UpgradeRequest.class);
+  }
+
+  @ParameterizedTest
+  @MethodSource
+  void testAuthenticate(final Map<String, List<String>> upgradeRequestParameters, final boolean expectAccount,
+      final boolean expectRequired) throws Exception {
+
+    when(upgradeRequest.getParameterMap()).thenReturn(upgradeRequestParameters);
+
+    final WebSocketAccountAuthenticator webSocketAuthenticator = new WebSocketAccountAuthenticator(
+        accountAuthenticator);
+
+    final WebSocketAuthenticator.AuthenticationResult<AuthenticatedAccount> result = webSocketAuthenticator.authenticate(
+        upgradeRequest);
+
+    if (expectAccount) {
+      assertTrue(result.getUser().isPresent());
+    } else {
+      assertTrue(result.getUser().isEmpty());
+    }
+
+    assertEquals(expectRequired, result.isRequired());
+  }
+
+  private static Stream<Arguments> testAuthenticate() {
+    return Stream.of(
+        Arguments.of(Map.of("login", List.of(VALID_USER), "password", List.of(VALID_PASSWORD)), true, true),
+        Arguments.of(Map.of("login", List.of(INVALID_USER), "password", List.of(INVALID_PASSWORD)), false, true),
+        Arguments.of(Map.of(), false, false)
+    );
+  }
+}
--- a/service/src/test/java/org/whispersystems/textsecuregcm/websocket/WebSocketConnectionTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/websocket/WebSocketConnectionTest.java
@@ -21,6 +21,7 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 import static org.whispersystems.textsecuregcm.entities.MessageProtos.Envelope;

@@ -75,12 +76,10 @@ import reactor.test.StepVerifier;
 class WebSocketConnectionTest {

  private static final String VALID_USER = "+14152222222";
-  private static final String INVALID_USER = "+14151111111";

  private static final int SOURCE_DEVICE_ID = 1;

  private static final String VALID_PASSWORD = "secure";
-  private static final String INVALID_PASSWORD = "insecure";

  private AccountAuthenticator accountAuthenticator;
  private AccountsManager accountsManager;
@@ -124,28 +123,31 @@ class WebSocketConnectionTest {
    when(accountAuthenticator.authenticate(eq(new BasicCredentials(VALID_USER, VALID_PASSWORD))))
        .thenReturn(Optional.of(new AuthenticatedAccount(() -> new Pair<>(account, device))));

-    when(accountAuthenticator.authenticate(eq(new BasicCredentials(INVALID_USER, INVALID_PASSWORD))))
-        .thenReturn(Optional.empty());
-
-    when(upgradeRequest.getParameterMap()).thenReturn(Map.of(
-        "login", List.of(VALID_USER),
-        "password", List.of(VALID_PASSWORD)));
-
    AuthenticationResult<AuthenticatedAccount> account = webSocketAuthenticator.authenticate(upgradeRequest);
+    when(sessionContext.getAuthenticated()).thenReturn(account.getUser().orElse(null));
    when(sessionContext.getAuthenticated(AuthenticatedAccount.class)).thenReturn(account.getUser().orElse(null));

+    final WebSocketClient webSocketClient = mock(WebSocketClient.class);
+    when(webSocketClient.getUserAgent()).thenReturn("Signal-Android/6.22.8");
+    when(sessionContext.getClient()).thenReturn(webSocketClient);
+
+    // authenticated - valid user
    connectListener.onWebSocketConnect(sessionContext);

-    verify(sessionContext).addWebsocketClosedListener(any(WebSocketSessionContext.WebSocketEventListener.class));
-
-    when(upgradeRequest.getParameterMap()).thenReturn(Map.of(
-        "login", List.of(INVALID_USER),
-        "password", List.of(INVALID_PASSWORD)
-    ));
+    verify(sessionContext, times(1)).addWebsocketClosedListener(
+        any(WebSocketSessionContext.WebSocketEventListener.class));

+    // unauthenticated
+    when(upgradeRequest.getParameterMap()).thenReturn(Map.of());
    account = webSocketAuthenticator.authenticate(upgradeRequest);
    assertFalse(account.getUser().isPresent());
-    assertTrue(account.isRequired());
+    assertFalse(account.isRequired());
+
+    connectListener.onWebSocketConnect(sessionContext);
+    verify(sessionContext, times(2)).addWebsocketClosedListener(
+        any(WebSocketSessionContext.WebSocketEventListener.class));
+
+    verifyNoMoreInteractions(messagesManager);
  }

  @Test