Split up backup-id rotation rate limits

service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupAuthManager.java

@@ -14,6 +14,7 @@ import java.time.temporal.ChronoUnit;
 import java.util.List;
 import java.util.Optional;
 import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CompletionStage;
 import java.util.stream.Stream;
 import javax.annotation.Nullable;
 import org.signal.libsignal.zkgroup.GenericServerSecretParams;
@@ -114,9 +115,17 @@ public class BackupAuthManager {
       return CompletableFuture.completedFuture(null);
     }
 
-    return rateLimiters.forDescriptor(RateLimiters.For.SET_BACKUP_ID)
-        .validateAsync(account.getUuid())
-        .thenCompose(ignored -> this.accountsManager
+    CompletionStage<Void> rateLimitFuture = rateLimiters
+        .forDescriptor(RateLimiters.For.SET_BACKUP_ID)
+        .validateAsync(account.getUuid());
+
+    if (!mediaCredentialRequestMatches && hasActiveVoucher(account)) {
+      rateLimitFuture = rateLimitFuture.thenCombine(
+          rateLimiters.forDescriptor(RateLimiters.For.SET_PAID_MEDIA_BACKUP_ID).validateAsync(account.getUuid()),
+          (ignore1, ignore2) -> null);
+    }
+
+    return rateLimitFuture.thenCompose(ignored -> this.accountsManager
             .updateAsync(account, a -> a.setBackupCredentialRequests(serializedMessageCredentialRequest, serializedMediaCredentialRequest))
             .thenRun(Util.NOOP))
         .toCompletableFuture();
@@ -280,8 +289,12 @@ public class BackupAuthManager {
     return next;
   }
 
+  private boolean hasActiveVoucher(final Account account) {
+    return account.getBackupVoucher() != null && clock.instant().isBefore(account.getBackupVoucher().expiration());
+  }
+
   private boolean hasExpiredVoucher(final Account account) {
-    return account.getBackupVoucher() != null && clock.instant().isAfter(account.getBackupVoucher().expiration());
+    return account.getBackupVoucher() != null && !hasActiveVoucher(account);
   }
 
   /**

service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimiters.java

@@ -41,7 +41,8 @@ public class RateLimiters extends BaseRateLimiters<RateLimiters.For> {
     RATE_LIMIT_RESET("rateLimitReset", true, new RateLimiterConfig(2, Duration.ofHours(12))),
     CAPTCHA_CHALLENGE_ATTEMPT("captchaChallengeAttempt", true, new RateLimiterConfig(10, Duration.ofMinutes(144))),
     CAPTCHA_CHALLENGE_SUCCESS("captchaChallengeSuccess", true, new RateLimiterConfig(2, Duration.ofHours(12))),
-    SET_BACKUP_ID("setBackupId", true, new RateLimiterConfig(2, Duration.ofDays(7))),
+    SET_BACKUP_ID("setBackupId", true, new RateLimiterConfig(10, Duration.ofHours(1))),
+    SET_PAID_MEDIA_BACKUP_ID("setPaidMediaBackupId", true, new RateLimiterConfig(5, Duration.ofDays(7))),
     PUSH_CHALLENGE_ATTEMPT("pushChallengeAttempt", true, new RateLimiterConfig(10, Duration.ofMinutes(144))),
     PUSH_CHALLENGE_SUCCESS("pushChallengeSuccess", true, new RateLimiterConfig(2, Duration.ofHours(12))),
     GET_CALLING_RELAYS("getCallingRelays", false, new RateLimiterConfig(100, Duration.ofMinutes(10))),