Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-20 04:38:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update OptionalAccess check with PNI service IDs

Browse Source 
This was mis-aligned with other parts of the service and client implementations
This commit is contained in:
Chris Eager
2025-09-15 17:13:13 -05:00
committed by ravi-signal
parent 3cf194e476
commit 8954708d77
2 changed files with 28 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
service/src/main/java/org/whispersystems/textsecuregcm/auth/OptionalAccess.java
View File

@@ -72,6 +72,11 @@ public class OptionalAccess {
throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
}
// Unidentified access is only for ACI identities
if (IdentityType.PNI.equals(targetIdentifier.identityType())) {
throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
}
// Unrestricted unidentified access does what it says on the tin: we don't check if the key the
// caller provided is right or not.
if (targetAccount.get().isUnrestrictedUnidentifiedAccess()) {
@@ -82,11 +87,6 @@ public class OptionalAccess {
throw new IllegalArgumentException("Target account is not identified by the given identifier");
}
// Unidentified access is only for ACI identities
if (IdentityType.PNI.equals(targetIdentifier.identityType())) {
throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);
}
// At this point, any successful authentication requires a real access key on the target account
if (targetAccount.get().getUnidentifiedAccessKey().isEmpty()) {
throw new NotAuthorizedException(Response.Status.UNAUTHORIZED);