Retire authenticated device getters

2026-04-22 02:58:02 +01:00 · 2025-06-23 09:10:30 -05:00
parent 68b84dd56b
commit 483404a67f
34 changed files with 181 additions and 254 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAndAuthenticatedDeviceHolder.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAndAuthenticatedDeviceHolder.java
@@ -1,26 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.auth;
-
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.Device;
-import java.time.Instant;
-import java.util.UUID;
-
-public interface AccountAndAuthenticatedDeviceHolder {
-
-  UUID getAccountIdentifier();
-
-  byte getDeviceId();
-
-  Instant getPrimaryDeviceLastSeen();
-
-  @Deprecated(forRemoval = true)
-  Account getAccount();
-
-  @Deprecated(forRemoval = true)
-  Device getAuthenticatedDevice();
-}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAuthenticator.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAuthenticator.java
@@ -15,10 +15,12 @@ import io.micrometer.core.instrument.Metrics;
 import io.micrometer.core.instrument.Tags;
 import java.time.Clock;
 import java.time.Duration;
+import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Optional;
 import java.util.UUID;
 import org.apache.commons.lang3.StringUtils;
+import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
 import org.whispersystems.textsecuregcm.storage.Device;
@@ -112,7 +114,9 @@ public class AccountAuthenticator implements Authenticator<BasicCredentials, Aut
              device.get(),
              SaltedTokenHash.generateFor(basicCredentials.getPassword()));  // new credentials have current version
        }
-        return Optional.of(new AuthenticatedDevice(authenticatedAccount, device.get()));
+        return Optional.of(new AuthenticatedDevice(authenticatedAccount.getIdentifier(IdentityType.ACI),
+            device.get().getId(),
+            Instant.ofEpochMilli(authenticatedAccount.getPrimaryDevice().getLastSeen())));
      } else {
        failureReason = "incorrectPassword";
        return Optional.empty();
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthenticatedDevice.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthenticatedDevice.java
@@ -9,46 +9,9 @@ import java.security.Principal;
 import java.time.Instant;
 import java.util.UUID;
 import javax.security.auth.Subject;
-import org.whispersystems.textsecuregcm.identity.IdentityType;
-import org.whispersystems.textsecuregcm.storage.Account;
-import org.whispersystems.textsecuregcm.storage.Device;

-public class AuthenticatedDevice implements Principal, AccountAndAuthenticatedDeviceHolder {
-
-  private final Account account;
-  private final Device device;
-
-  public AuthenticatedDevice(final Account account, final Device device) {
-    this.account = account;
-    this.device = device;
-  }
-
-  @Override
-  public Account getAccount() {
-    return account;
-  }
-
-  @Override
-  public Device getAuthenticatedDevice() {
-    return device;
-  }
-
-  @Override
-  public UUID getAccountIdentifier() {
-    return account.getIdentifier(IdentityType.ACI);
-  }
-
-  @Override
-  public byte getDeviceId() {
-    return device.getId();
-  }
-
-  @Override
-  public Instant getPrimaryDeviceLastSeen() {
-    return Instant.ofEpochMilli(account.getPrimaryDevice().getLastSeen());
-  }
-
-  // Principal implementation
+public record AuthenticatedDevice(UUID accountIdentifier, byte deviceId, Instant primaryDeviceLastSeen)
+    implements Principal {

  @Override
  public String getName() {
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/IdlePrimaryDeviceAuthenticatedWebSocketUpgradeFilter.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/IdlePrimaryDeviceAuthenticatedWebSocketUpgradeFilter.java
@@ -47,11 +47,9 @@ public class IdlePrimaryDeviceAuthenticatedWebSocketUpgradeFilter implements
    // No action needed if the connection is unauthenticated (in which case we don't know when we've last seen the
    // primary device) or if the authenticated device IS the primary device
    authenticated
-        .filter(authenticatedDevice -> authenticatedDevice.getDeviceId() != Device.PRIMARY_ID)
+        .filter(authenticatedDevice -> authenticatedDevice.deviceId() != Device.PRIMARY_ID)
        .ifPresent(authenticatedDevice -> {
-          final Instant primaryDeviceLastSeen = authenticatedDevice.getPrimaryDeviceLastSeen();
-
-          if (primaryDeviceLastSeen.isBefore(clock.instant().minus(minIdleDuration))) {
+          if (authenticatedDevice.primaryDeviceLastSeen().isBefore(clock.instant().minus(minIdleDuration))) {
            response.addHeader(ALERT_HEADER, IDLE_PRIMARY_DEVICE_ALERT);
            IDLE_PRIMARY_WARNING_COUNTER.increment();
          }