Pass ACI to captcha checker

2026-04-20 06:18:05 +01:00 · 2024-10-29 11:59:02 -07:00
parent ce0ccf4fd0
commit 190f2a7fc2
8 changed files with 41 additions and 21 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaChecker.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaChecker.java
@@ -11,7 +11,9 @@ import com.google.common.annotations.VisibleForTesting;
 import io.micrometer.core.instrument.Metrics;
 import java.io.IOException;
 import java.util.Locale;
+import java.util.Optional;
 import java.util.Set;
+import java.util.UUID;
 import java.util.function.Function;
 import javax.ws.rs.BadRequestException;
 import org.slf4j.Logger;
@@ -42,6 +44,7 @@ public class CaptchaChecker {
  /**
   * Check if a solved captcha should be accepted
   *
+   * @param maybeAci       optional account UUID of the user solving the captcha
   * @param expectedAction the {@link Action} for which this captcha solution is intended
   * @param input          expected to contain a prefix indicating the captcha scheme, sitekey, token, and action. The
   *                       expected format is {@code version-prefix.sitekey.action.token}
@@ -53,6 +56,7 @@ public class CaptchaChecker {
   * @throws BadRequestException if input is not in the expected format
   */
  public AssessmentResult verify(
+      final Optional<UUID> maybeAci,
      final Action expectedAction,
      final String input,
      final String ip,
@@ -100,7 +104,7 @@ public class CaptchaChecker {
      throw new BadRequestException("invalid captcha site-key");
    }

-    final AssessmentResult result = client.verify(siteKey, parsedAction, token, ip, userAgent);
+    final AssessmentResult result = client.verify(maybeAci, siteKey, parsedAction, token, ip, userAgent);
    Metrics.counter(ASSESSMENTS_COUNTER_NAME,
            "action", action,
            "score", result.getScoreString(),
--- a/service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaClient.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/captcha/CaptchaClient.java
@@ -6,9 +6,9 @@
 package org.whispersystems.textsecuregcm.captcha;

 import java.io.IOException;
-import java.util.Collections;
 import java.util.Optional;
 import java.util.Set;
+import java.util.UUID;

 public interface CaptchaClient {

@@ -27,6 +27,7 @@ public interface CaptchaClient {
  /**
   * Verify a provided captcha solution
   *
+   * @param maybeAci  optional account service identifier of the user
   * @param siteKey   identifying string for the captcha service
   * @param action    an action indicating the purpose of the captcha
   * @param token     the captcha solution that will be verified
@@ -36,6 +37,7 @@ public interface CaptchaClient {
   * @throws IOException if the underlying captcha provider returns an error
   */
  AssessmentResult verify(
+      final Optional<UUID> maybeAci,
      final String siteKey,
      final Action action,
      final String token,
@@ -55,7 +57,7 @@ public interface CaptchaClient {
      }

      @Override
-      public AssessmentResult verify(final String siteKey, final Action action, final String token, final String ip,
+      public AssessmentResult verify(final Optional<UUID> maybeAci, final String siteKey, final Action action, final String token, final String ip,
          final String userAgent) throws IOException {
        return AssessmentResult.alwaysValid();
      }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/captcha/RegistrationCaptchaManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/captcha/RegistrationCaptchaManager.java
@@ -7,6 +7,7 @@ package org.whispersystems.textsecuregcm.captcha;

 import java.io.IOException;
 import java.util.Optional;
+import java.util.UUID;

 public class RegistrationCaptchaManager {

@@ -17,10 +18,10 @@ public class RegistrationCaptchaManager {
  }

  @SuppressWarnings("OptionalUsedAsFieldOrParameterType")
-  public Optional<AssessmentResult> assessCaptcha(final Optional<String> captcha, final String sourceHost, final String userAgent)
+  public Optional<AssessmentResult> assessCaptcha(final Optional<UUID> aci, final Optional<String> captcha, final String sourceHost, final String userAgent)
      throws IOException {
    return captcha.isPresent()
-        ? Optional.of(captchaChecker.verify(Action.REGISTRATION, captcha.get(), sourceHost, userAgent))
+        ? Optional.of(captchaChecker.verify(aci, Action.REGISTRATION, captcha.get(), sourceHost, userAgent))
        : Optional.empty();
  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/VerificationController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/VerificationController.java
@@ -386,6 +386,7 @@ public class VerificationController {
    try {

      assessmentResult = registrationCaptchaManager.assessCaptcha(
+              Optional.empty(),
              Optional.of(updateVerificationSessionRequest.captcha()), sourceHost, userAgent)
          .orElseThrow(() -> new ServerErrorException(Response.Status.INTERNAL_SERVER_ERROR));

--- a/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitChallengeManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitChallengeManager.java
@@ -7,6 +7,9 @@ package org.whispersystems.textsecuregcm.limits;

 import static com.codahale.metrics.MetricRegistry.name;

+import com.google.i18n.phonenumbers.NumberParseException;
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
+import com.google.i18n.phonenumbers.Phonenumber;
 import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tag;
 import io.micrometer.core.instrument.Tags;
@@ -16,12 +19,15 @@ import java.util.Optional;
 import org.whispersystems.textsecuregcm.captcha.Action;
 import org.whispersystems.textsecuregcm.captcha.CaptchaChecker;
 import org.whispersystems.textsecuregcm.controllers.RateLimitExceededException;
+import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.NotPushRegisteredException;
 import org.whispersystems.textsecuregcm.spam.ChallengeType;
 import org.whispersystems.textsecuregcm.spam.RateLimitChallengeListener;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.util.Util;
+import javax.ws.rs.ServerErrorException;
+import javax.ws.rs.core.Response;

 public class RateLimitChallengeManager {

@@ -67,7 +73,7 @@ public class RateLimitChallengeManager {

    rateLimiters.getCaptchaChallengeAttemptLimiter().validate(account.getUuid());

-    final boolean challengeSuccess = captchaChecker.verify(Action.CHALLENGE, captcha, mostRecentProxyIp, userAgent).isValid(scoreThreshold);
+    final boolean challengeSuccess = captchaChecker.verify(Optional.of(account.getUuid()), Action.CHALLENGE, captcha, mostRecentProxyIp, userAgent).isValid(scoreThreshold);

    final Tags tags = Tags.of(
        Tag.of(SOURCE_COUNTRY_TAG_NAME, Util.getCountryCode(account.getNumber())),