handle new RegistrationService proto error

2026-04-20 18:18:08 +01:00 · 2023-12-19 13:37:04 -06:00
parent 9d3d4a3698
commit ca47a7b663
8 changed files with 102 additions and 6 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -844,7 +844,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
            config.getCdnConfiguration().bucket()),
        new VerificationController(registrationServiceClient, new VerificationSessionManager(verificationSessions),
            pushNotificationManager, registrationCaptchaManager, registrationRecoveryPasswordsManager, rateLimiters,
-            accountsManager, useRemoteAddress, clock)
+            accountsManager, useRemoteAddress, dynamicConfigurationManager, clock)
    );
    if (config.getSubscription() != null && config.getOneTimeDonations() != null) {
      commonControllers.add(new SubscriptionController(clock, config.getSubscription(), config.getOneTimeDonations(),
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfiguration.java
@@ -59,6 +59,11 @@ public class DynamicConfiguration {
  @Valid
  DynamicInboundMessageByteLimitConfiguration inboundMessageByteLimit = new DynamicInboundMessageByteLimitConfiguration(true);

+
+  @JsonProperty
+  @Valid
+  DynamicRegistrationConfiguration registrationConfiguration = new DynamicRegistrationConfiguration(false);
+
  public Optional<DynamicExperimentEnrollmentConfiguration> getExperimentEnrollmentConfiguration(
      final String experimentName) {
    return Optional.ofNullable(experiments.get(experimentName));
@@ -104,4 +109,8 @@ public class DynamicConfiguration {
  public DynamicInboundMessageByteLimitConfiguration getInboundMessageByteLimitConfiguration() {
    return inboundMessageByteLimit;
  }
+
+  public DynamicRegistrationConfiguration getRegistrationConfiguration() {
+    return registrationConfiguration;
+  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRegistrationConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicRegistrationConfiguration.java
@@ -0,0 +1,7 @@
+/*
+ * Copyright 2023 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.configuration.dynamic;
+
+public record DynamicRegistrationConfiguration(boolean squashDeclinedAttemptErrors) {}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/VerificationController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/VerificationController.java
@@ -59,6 +59,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.captcha.AssessmentResult;
 import org.whispersystems.textsecuregcm.captcha.RegistrationCaptchaManager;
+import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.entities.CreateVerificationSessionRequest;
 import org.whispersystems.textsecuregcm.entities.RegistrationServiceSession;
 import org.whispersystems.textsecuregcm.entities.SubmitVerificationCodeRequest;
@@ -72,6 +73,7 @@ import org.whispersystems.textsecuregcm.push.PushNotification;
 import org.whispersystems.textsecuregcm.push.PushNotificationManager;
 import org.whispersystems.textsecuregcm.registration.ClientType;
 import org.whispersystems.textsecuregcm.registration.MessageTransport;
+import org.whispersystems.textsecuregcm.registration.RegistrationFraudException;
 import org.whispersystems.textsecuregcm.registration.RegistrationServiceClient;
 import org.whispersystems.textsecuregcm.registration.RegistrationServiceException;
 import org.whispersystems.textsecuregcm.registration.RegistrationServiceSenderException;
@@ -81,6 +83,7 @@ import org.whispersystems.textsecuregcm.spam.Extract;
 import org.whispersystems.textsecuregcm.spam.FilterSpam;
 import org.whispersystems.textsecuregcm.spam.ScoreThreshold;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
+import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
 import org.whispersystems.textsecuregcm.storage.RegistrationRecoveryPasswordsManager;
 import org.whispersystems.textsecuregcm.storage.VerificationSessionManager;
 import org.whispersystems.textsecuregcm.util.ExceptionUtils;
@@ -119,6 +122,7 @@ public class VerificationController {
  private final AccountsManager accountsManager;

  private final boolean useRemoteAddress;
+  private final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager;
  private final Clock clock;

  public VerificationController(final RegistrationServiceClient registrationServiceClient,
@@ -129,6 +133,7 @@ public class VerificationController {
      final RateLimiters rateLimiters,
      final AccountsManager accountsManager,
      final boolean useRemoteAddress,
+      final DynamicConfigurationManager<DynamicConfiguration> dynamicConfigurationManager,
      final Clock clock) {
    this.registrationServiceClient = registrationServiceClient;
    this.verificationSessionManager = verificationSessionManager;
@@ -138,6 +143,7 @@ public class VerificationController {
    this.rateLimiters = rateLimiters;
    this.accountsManager = accountsManager;
    this.useRemoteAddress = useRemoteAddress;
+    this.dynamicConfigurationManager = dynamicConfigurationManager;
    this.clock = clock;
  }

@@ -501,10 +507,14 @@ public class VerificationController {
            })
            .orElseGet(NotFoundException::new);

+      } else if (unwrappedException instanceof RegistrationFraudException) {
+        if (dynamicConfigurationManager.getConfiguration().getRegistrationConfiguration().squashDeclinedAttemptErrors()) {
+          return buildResponse(registrationServiceSession, verificationSession);
+        } else {
+          throw unwrappedException.getCause();
+        }
      } else if (unwrappedException instanceof RegistrationServiceSenderException) {
-
        throw unwrappedException;
-
      } else {
        logger.error("Registration service failure", unwrappedException);
        throw new ServerErrorException(Response.Status.INTERNAL_SERVER_ERROR);
--- a/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationFraudException.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationFraudException.java
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2023 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.registration;
+
+public class RegistrationFraudException extends Exception {
+  public RegistrationFraudException(final RegistrationServiceSenderException cause) {
+    super(null, cause, true, false);
+  }
+}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java
@@ -146,6 +146,9 @@ public class RegistrationServiceClient implements Managed {

              case SEND_VERIFICATION_CODE_ERROR_TYPE_SENDER_REJECTED -> throw new CompletionException(
                  RegistrationServiceSenderException.rejected(response.getError().getMayRetry()));
+              case SEND_VERIFICATION_CODE_ERROR_TYPE_SUSPECTED_FRAUD ->
+                  throw new CompletionException(new RegistrationFraudException(
+                      RegistrationServiceSenderException.rejected(response.getError().getMayRetry())));
              case SEND_VERIFICATION_CODE_ERROR_TYPE_SENDER_ILLEGAL_ARGUMENT -> throw new CompletionException(
                  RegistrationServiceSenderException.illegalArgument(response.getError().getMayRetry()));
              case SEND_VERIFICATION_CODE_ERROR_TYPE_UNSPECIFIED -> throw new CompletionException(