Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-05-16 22:00:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enforce AccountAttributes#isUnrestrictedUakValid

Browse Source
This commit is contained in:
Chris Eager
2026-04-16 15:12:25 -05:00
committed by Jon Chambers
parent 1301bfda93
commit aa1ff253fb
2 changed files with 1 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java
+1 -18
View File
@@ -8,7 +8,6 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonUnwrapped;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import com.google.common.annotations.VisibleForTesting;
import io.micrometer.core.instrument.Metrics;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.Valid;
import jakarta.validation.constraints.AssertTrue;
@@ -16,15 +15,12 @@ import java.util.Optional;
import java.util.Set;
import javax.annotation.Nullable;
import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil;
import org.whispersystems.textsecuregcm.metrics.MetricsUtil;
import org.whispersystems.textsecuregcm.storage.DeviceCapability;
import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
import org.whispersystems.textsecuregcm.util.ExactlySize;
public class AccountAttributes {
private static final String UAK_VALIDATION_COUNTER_NAME = MetricsUtil.name(AccountAttributes.class, "uakValidation");
@JsonUnwrapped
@Valid
private DeviceAttributes deviceAttributes;
@@ -132,23 +128,10 @@ public class AccountAttributes {
return this;
}
@VisibleForTesting
public static final boolean ENFORCE_VALID_UNRESTRICTED_UAK = false;
@AssertTrue
@Schema(hidden = true)
public boolean isUnrestrictedUakValid() {
final boolean valid = unrestrictedUnidentifiedAccess ||
(!unrestrictedUnidentifiedAccess && (unidentifiedAccessKey != null
&& unidentifiedAccessKey.length == 16));
Metrics.counter(UAK_VALIDATION_COUNTER_NAME,
"valid", String.valueOf(valid),
"unrestricted", String.valueOf(unrestrictedUnidentifiedAccess)
).increment();
// initially, only gather metrics
return true;
return unrestrictedUnidentifiedAccess || (unidentifiedAccessKey != null && unidentifiedAccessKey.length == 16);
}
}
service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java
-4
View File
@@ -48,7 +48,6 @@ import java.util.stream.Stream;
import org.glassfish.jersey.server.ServerProperties;
import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -782,9 +781,6 @@ class AccountControllerTest {
@MethodSource
void testSetAccountAttributesUnrestrictedUnidentifiedAccess(final boolean unrestrictedUnidentifiedAccess, final byte[] unidentifiedAccessKey, final int expectedStatus) {
// This test is only valid when validations are enforced
Assumptions.assumeTrue(AccountAttributes.ENFORCE_VALID_UNRESTRICTED_UAK);
try (final Response response = resources.getJerseyTest()
.target("/v1/accounts/attributes/")
.request()