Avoid reading modified account when generating backup credentials

2026-04-20 19:38:07 +01:00 · 2026-02-12 14:23:27 -06:00
parent 368e705b68
commit 5850eeb87b
7 changed files with 70 additions and 78 deletions
--- a/service/src/test/java/org/whispersystems/textsecuregcm/backup/BackupAuthManagerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/backup/BackupAuthManagerTest.java
@@ -24,6 +24,7 @@ import java.time.Duration;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
@@ -179,8 +180,9 @@ public class BackupAuthManagerTest {
        BackupAuthCredentialRequestContext.create(backupKey, aci);

    final RedemptionRange range = range(Duration.ofDays(1));
-    final List<BackupAuthManager.Credential> creds =
-        authManager.getBackupAuthCredentials(account, credentialType, range(Duration.ofDays(1)));
+    final Map<BackupCredentialType, List<BackupAuthManager.Credential>> credsByType =
+        authManager.getBackupAuthCredentials(account, range(Duration.ofDays(1)));
+    final List<BackupAuthManager.Credential> creds = credsByType.get(credentialType);

    assertThat(creds).hasSize(2);
    assertThat(requestContext
@@ -201,7 +203,7 @@ public class BackupAuthManagerTest {
        .mediaCredential(backupAuthTestUtil.getRequest(mediaBackupKey, aci))
        .build();

-    assertThat(authManager.getBackupAuthCredentials(account, credentialType, range(Duration.ofDays(1))))
+    assertThat(authManager.getBackupAuthCredentials(account, range(Duration.ofDays(1))).get(credentialType))
        .hasSize(2);
  }

@@ -213,7 +215,7 @@ public class BackupAuthManagerTest {
    final Account account = new MockAccountBuilder().build();

    assertThatExceptionOfType(BackupNotFoundException.class)
-        .isThrownBy(() -> authManager.getBackupAuthCredentials(account, credentialType, range(Duration.ofDays(1))));
+        .isThrownBy(() -> authManager.getBackupAuthCredentials(account, range(Duration.ofDays(1))));
  }

  @CartesianTest
@@ -236,8 +238,9 @@ public class BackupAuthManagerTest {
        .messagesCredential(backupAuthTestUtil.getRequest(messagesBackupKey, aci))
        .build();

-    final List<BackupAuthManager.Credential> creds = authManager.getBackupAuthCredentials(account,
-        credentialType, range(Duration.ofDays(7)));
+    final List<BackupAuthManager.Credential> creds = authManager
+        .getBackupAuthCredentials(account, range(Duration.ofDays(7)))
+        .get(credentialType);

    assertThat(creds).hasSize(8);
    Instant redemptionTime = clock.instant().truncatedTo(ChronoUnit.DAYS);
@@ -266,8 +269,8 @@ public class BackupAuthManagerTest {

    final List<BackupAuthManager.Credential> creds = authManager.getBackupAuthCredentials(
            account,
-            BackupCredentialType.MESSAGES,
-            range(RedemptionRange.MAX_REDEMPTION_DURATION));
+            range(RedemptionRange.MAX_REDEMPTION_DURATION))
+        .get(BackupCredentialType.MESSAGES);
    Instant redemptionTime = Instant.EPOCH;
    final BackupAuthCredentialRequestContext requestContext = BackupAuthCredentialRequestContext.create(
        messagesBackupKey, aci);
@@ -306,7 +309,9 @@ public class BackupAuthManagerTest {
    when(accountsManager.update(any(), any())).thenReturn(updated);

    clock.pin(day2.plus(Duration.ofSeconds(1)));
-    assertThat(authManager.getBackupAuthCredentials(account, BackupCredentialType.MESSAGES, range(Duration.ofDays(7))))
+    assertThat(authManager
+        .getBackupAuthCredentials(account, range(Duration.ofDays(7)))
+        .get(BackupCredentialType.MESSAGES))
        .hasSize(8);

    @SuppressWarnings("unchecked") final ArgumentCaptor<Consumer<Account>> accountUpdater = ArgumentCaptor.forClass(
--- a/service/src/test/java/org/whispersystems/textsecuregcm/backup/BackupAuthTestUtil.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/backup/BackupAuthTestUtil.java
@@ -5,6 +5,7 @@

 package org.whispersystems.textsecuregcm.backup;

+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;

@@ -70,7 +71,7 @@ public class BackupAuthTestUtil {
        mock(ExperimentEnrollmentManager.class), null, null, null, null, params, clock);
    Account account = mock(Account.class);
    when(account.getUuid()).thenReturn(aci);
-    when(account.getBackupCredentialRequest(credentialType)).thenReturn(Optional.of(request.serialize()));
+    when(account.getBackupCredentialRequest(any())).thenReturn(Optional.of(request.serialize()));
    when(account.getBackupVoucher()).thenReturn(switch (backupLevel) {
      case FREE -> null;
      case PAID -> new Account.BackupVoucher(201L, redemptionEnd.plus(1, ChronoUnit.SECONDS));
@@ -78,7 +79,7 @@ public class BackupAuthTestUtil {
    final RedemptionRange redemptionRange;
    redemptionRange = RedemptionRange.inclusive(clock, redemptionStart, redemptionEnd);
    try {
-      return issuer.getBackupAuthCredentials(account, credentialType, redemptionRange);
+      return issuer.getBackupAuthCredentials(account, redemptionRange).get(credentialType);
    } catch (BackupNotFoundException e) {
      return Assertions.fail("Backup credential request not found even though we set one");
    }
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java
@@ -339,12 +339,8 @@ public class ArchiveControllerTest {
        EnumMapUtil.toEnumMap(BackupCredentialType.class, credentialType -> backupAuthTestUtil.getCredentials(
            BackupLevel.PAID, backupAuthTestUtil.getRequest(messagesBackupKey, aci), credentialType, start, end));

-    for (Map.Entry<BackupCredentialType, List<BackupAuthManager.Credential>> entry : expectedCredentialsByType.entrySet()) {
-      final BackupCredentialType credentialType = entry.getKey();
-      final List<BackupAuthManager.Credential> expectedCredentials = entry.getValue();
-        when(backupAuthManager.getBackupAuthCredentials(any(), eq(credentialType), eq(expectedRange)))
-            .thenReturn(expectedCredentials);
-    }
+    when(backupAuthManager.getBackupAuthCredentials(any(), eq(expectedRange)))
+        .thenReturn(expectedCredentialsByType);

    final ArchiveController.BackupAuthCredentialsResponse credentialResponse = resources.getJerseyTest()
        .target("v1/archives/auth")
--- a/service/src/test/java/org/whispersystems/textsecuregcm/grpc/BackupsGrpcServiceTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/grpc/BackupsGrpcServiceTest.java
@@ -214,12 +214,8 @@ class BackupsGrpcServiceTest extends SimpleBaseGrpcTest<BackupsGrpcService, Back
            BackupLevel.PAID, backupAuthTestUtil.getRequest(messagesBackupKey, AUTHENTICATED_ACI), credentialType,
            start, end));

-    for (Map.Entry<BackupCredentialType, List<BackupAuthManager.Credential>> entry : expectedCredentialsByType.entrySet()) {
-      final BackupCredentialType credentialType = entry.getKey();
-      final List<BackupAuthManager.Credential> expectedCredentials = entry.getValue();
-      when(backupAuthManager.getBackupAuthCredentials(any(), eq(credentialType), eq(expectedRange)))
-          .thenReturn(expectedCredentials);
-    }
+    when(backupAuthManager.getBackupAuthCredentials(any(), eq(expectedRange)))
+        .thenReturn(expectedCredentialsByType);

    final GetBackupAuthCredentialsResponse credentialResponse = authenticatedServiceStub().getBackupAuthCredentials(
        GetBackupAuthCredentialsRequest.newBuilder()