add an option to replace username ciphertext without rotating the link handle

2026-04-21 17:08:27 +01:00 · 2023-11-13 09:01:54 -08:00
parent a4a4204762
commit a83378a44e
7 changed files with 69 additions and 11 deletions
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java
@@ -52,6 +52,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.ArgumentCaptor;
 import org.mockito.stubbing.Answer;
 import org.signal.libsignal.usernames.BaseUsernameException;
@@ -71,6 +72,7 @@ import org.whispersystems.textsecuregcm.entities.RegistrationLock;
 import org.whispersystems.textsecuregcm.entities.ReserveUsernameHashRequest;
 import org.whispersystems.textsecuregcm.entities.ReserveUsernameHashResponse;
 import org.whispersystems.textsecuregcm.entities.UsernameHashResponse;
+import org.whispersystems.textsecuregcm.entities.UsernameLinkHandle;
 import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
 import org.whispersystems.textsecuregcm.identity.PniServiceIdentifier;
 import org.whispersystems.textsecuregcm.limits.RateLimitByIpFilter;
@@ -998,4 +1000,24 @@ class AccountControllerTest {
        .get()
        .getStatus()).isEqualTo(422);
  }
+
+  @ParameterizedTest
+  @ValueSource(booleans = { true, false })
+  void testPutUsernameLink(boolean keepLink) {
+    when(rateLimiters.forDescriptor(eq(RateLimiters.For.USERNAME_LINK_OPERATION))).thenReturn(mock(RateLimiter.class));
+
+    final UUID oldLinkHandle = UUID.randomUUID();
+    when(AuthHelper.VALID_ACCOUNT.getUsernameLinkHandle()).thenReturn(oldLinkHandle);
+
+    final byte[] encryptedUsername = "some encrypted goop".getBytes();
+    final UsernameLinkHandle newHandle = resources.getJerseyTest()
+        .target("/v1/accounts/username_link")
+        .request()
+        .header(HttpHeaders.AUTHORIZATION, AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
+        .put(Entity.json(new EncryptedUsername(encryptedUsername, keepLink)), UsernameLinkHandle.class);
+
+    assertThat(newHandle.usernameLinkHandle().equals(oldLinkHandle)).isEqualTo(keepLink);
+    verify(AuthHelper.VALID_ACCOUNT).setUsernameLinkDetails(eq(newHandle.usernameLinkHandle()), eq(encryptedUsername));
+  }
+
 }
--- a/service/src/test/java/org/whispersystems/textsecuregcm/grpc/AccountsGrpcServiceTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/grpc/AccountsGrpcServiceTest.java
@@ -521,10 +521,13 @@ class AccountsGrpcServiceTest extends SimpleBaseGrpcTest<AccountsGrpcService, Ac
    verify(accountsManager).clearUsernameHash(account);
  }

-  @Test
-  void setUsernameLink() {
+  @ParameterizedTest
+  @ValueSource(booleans = {false, true})
+  void setUsernameLink(final boolean keepLink) {
    final Account account = mock(Account.class);
+    final UUID oldHandle = UUID.randomUUID();
    when(account.getUsernameHash()).thenReturn(Optional.of(new byte[AccountController.USERNAME_HASH_LENGTH]));
+    when(account.getUsernameLinkHandle()).thenReturn(oldHandle);

    when(accountsManager.getByAccountIdentifierAsync(AUTHENTICATED_ACI))
        .thenReturn(CompletableFuture.completedFuture(Optional.of(account)));
@@ -535,12 +538,14 @@ class AccountsGrpcServiceTest extends SimpleBaseGrpcTest<AccountsGrpcService, Ac
    final SetUsernameLinkResponse response =
        authenticatedServiceStub().setUsernameLink(SetUsernameLinkRequest.newBuilder()
            .setUsernameCiphertext(ByteString.copyFrom(usernameCiphertext))
+            .setKeepLinkHandle(keepLink)
            .build());

    final ArgumentCaptor<UUID> linkHandleCaptor = ArgumentCaptor.forClass(UUID.class);

    verify(account).setUsernameLinkDetails(linkHandleCaptor.capture(), eq(usernameCiphertext));

+    assertEquals(keepLink, oldHandle.equals(linkHandleCaptor.getValue()));
    final SetUsernameLinkResponse expectedResponse = SetUsernameLinkResponse.newBuilder()
        .setUsernameLinkHandle(UUIDUtil.toByteString(linkHandleCaptor.getValue()))
        .build();
--- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/util/AccountsHelper.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/util/AccountsHelper.java
@@ -116,6 +116,7 @@ public class AccountsHelper {
          case "getNumber" -> when(updatedAccount.getNumber()).thenAnswer(stubbing);
          case "getUsername" -> when(updatedAccount.getUsernameHash()).thenAnswer(stubbing);
          case "getUsernameHash" -> when(updatedAccount.getUsernameHash()).thenAnswer(stubbing);
+          case "getUsernameLinkHandle" -> when(updatedAccount.getUsernameLinkHandle()).thenAnswer(stubbing);
          case "getDevices" -> when(updatedAccount.getDevices()).thenAnswer(stubbing);
          case "getDevice" -> when(updatedAccount.getDevice(stubbing.getInvocation().getArgument(0))).thenAnswer(stubbing);
          case "getPrimaryDevice" -> when(updatedAccount.getPrimaryDevice()).thenAnswer(stubbing);