From aa1ff253fbe4f2e599999728e03bbbd0527e010c Mon Sep 17 00:00:00 2001 From: Chris Eager Date: Thu, 16 Apr 2026 15:12:25 -0500 Subject: [PATCH] Enforce AccountAttributes#isUnrestrictedUakValid --- .../entities/AccountAttributes.java | 19 +------------------ .../controllers/AccountControllerTest.java | 4 ---- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java b/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java index 96375f7b6..8449297dd 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java @@ -8,7 +8,6 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonUnwrapped; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.google.common.annotations.VisibleForTesting; -import io.micrometer.core.instrument.Metrics; import io.swagger.v3.oas.annotations.media.Schema; import jakarta.validation.Valid; import jakarta.validation.constraints.AssertTrue; @@ -16,15 +15,12 @@ import java.util.Optional; import java.util.Set; import javax.annotation.Nullable; import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; -import org.whispersystems.textsecuregcm.metrics.MetricsUtil; import org.whispersystems.textsecuregcm.storage.DeviceCapability; import org.whispersystems.textsecuregcm.util.ByteArrayAdapter; import org.whispersystems.textsecuregcm.util.ExactlySize; public class AccountAttributes { - private static final String UAK_VALIDATION_COUNTER_NAME = MetricsUtil.name(AccountAttributes.class, "uakValidation"); - @JsonUnwrapped @Valid private DeviceAttributes deviceAttributes; @@ -132,23 +128,10 @@ public class AccountAttributes { return this; } - @VisibleForTesting - public static final boolean ENFORCE_VALID_UNRESTRICTED_UAK = false; - @AssertTrue @Schema(hidden = true) public boolean isUnrestrictedUakValid() { - final boolean valid = unrestrictedUnidentifiedAccess || - (!unrestrictedUnidentifiedAccess && (unidentifiedAccessKey != null - && unidentifiedAccessKey.length == 16)); - - Metrics.counter(UAK_VALIDATION_COUNTER_NAME, - "valid", String.valueOf(valid), - "unrestricted", String.valueOf(unrestrictedUnidentifiedAccess) - ).increment(); - - // initially, only gather metrics - return true; + return unrestrictedUnidentifiedAccess || (unidentifiedAccessKey != null && unidentifiedAccessKey.length == 16); } } diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java index b7f72f7d2..068d18764 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java @@ -48,7 +48,6 @@ import java.util.stream.Stream; import org.glassfish.jersey.server.ServerProperties; import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory; import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.Assumptions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -782,9 +781,6 @@ class AccountControllerTest { @MethodSource void testSetAccountAttributesUnrestrictedUnidentifiedAccess(final boolean unrestrictedUnidentifiedAccess, final byte[] unidentifiedAccessKey, final int expectedStatus) { - // This test is only valid when validations are enforced - Assumptions.assumeTrue(AccountAttributes.ENFORCE_VALID_UNRESTRICTED_UAK); - try (final Response response = resources.getJerseyTest() .target("/v1/accounts/attributes/") .request()