Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-21 14:18:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Produce verification tokens instead of stored verification codes for linking devices

Browse Source
This commit is contained in:
Jon Chambers
2023-08-03 17:58:32 -04:00
committed by Jon Chambers
parent 43d91e5bd6
commit c873f62025
2 changed files with 70 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
View File

@@ -18,7 +18,6 @@ import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
@@ -52,7 +51,6 @@ import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
import org.whispersystems.textsecuregcm.auth.BasicAuthorizationHeader;
import org.whispersystems.textsecuregcm.auth.ChangesDeviceEnabledState;
import org.whispersystems.textsecuregcm.auth.SaltedTokenHash;
import org.whispersystems.textsecuregcm.auth.StoredVerificationCode;
import org.whispersystems.textsecuregcm.entities.AccountAttributes;
import org.whispersystems.textsecuregcm.entities.DeviceActivationRequest;
import org.whispersystems.textsecuregcm.entities.DeviceInfo;
@@ -184,13 +182,7 @@ public class DeviceController {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
VerificationCode verificationCode = generateVerificationCode();
StoredVerificationCode storedVerificationCode =
new StoredVerificationCode(verificationCode.verificationCode(), System.currentTimeMillis(), null, null);
pendingDevices.store(account.getNumber(), storedVerificationCode);
return verificationCode;
return new VerificationCode(generateVerificationToken(account.getUuid()));
}
/**
@@ -277,13 +269,6 @@ public class DeviceController {
accounts.updateDevice(auth.getAccount(), deviceId, d -> d.setCapabilities(capabilities));
}
@VisibleForTesting
VerificationCode generateVerificationCode() {
SecureRandom random = new SecureRandom();
int randomInt = 100000 + random.nextInt(900000);
return new VerificationCode(String.valueOf(randomInt));
}
private Mac getInitializedMac() {
try {
final Mac mac = Mac.getInstance(VERIFICATION_TOKEN_ALGORITHM);