Add `@NotBlank` to verificationToken in LinkDeviceRequest

2024-12-19 16:04:06 -08:00 · 2024-12-19 16:04:06 -08:00 · 0593e9e89f
parent 0d412c88fd
commit 0593e9e89f
2 changed files with 32 additions and 0 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/LinkDeviceRequest.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/LinkDeviceRequest.java
@ -6,6 +6,7 @@ import com.fasterxml.jackson.annotation.JsonUnwrapped;
 import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.AssertTrue;
+import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.NotNull;
 import java.util.Optional;

@ -13,6 +14,7 @@ public record LinkDeviceRequest(@Schema(requiredMode = Schema.RequiredMode.REQUI
                                The verification code associated with this device. Must match the verification code
                                provided by the server when provisioning this device.
                                """)
+                                @NotBlank
                                String verificationCode,

                                @Valid
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
@ -53,6 +53,7 @@ import org.junit.jupiter.api.extension.RegisterExtension;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.junit.jupiter.params.provider.NullSource;
 import org.junit.jupiter.params.provider.ValueSource;
 import org.junitpioneer.jupiter.cartesian.CartesianTest;
 import org.mockito.ArgumentCaptor;
@ -1346,4 +1347,33 @@ class DeviceControllerTest {
      assertEquals(400, response.getStatus());
    }
  }
+
+  @ParameterizedTest
+  @NullSource
+  @ValueSource(strings = {""})
+  void linkDeviceMissingVerificationCode(final String verificationCode) {
+    final AccountAttributes accountAttributes = new AccountAttributes(true, 1234, 5678, null,
+        null, true, Set.of());
+
+    final ECKeyPair aciIdentityKeyPair = Curve.generateKeyPair();
+    final ECKeyPair pniIdentityKeyPair = Curve.generateKeyPair();
+
+    final LinkDeviceRequest request = new LinkDeviceRequest(verificationCode,
+        accountAttributes,
+        new DeviceActivationRequest(
+            KeysHelper.signedECPreKey(1, aciIdentityKeyPair),
+            KeysHelper.signedECPreKey(2, pniIdentityKeyPair),
+            KeysHelper.signedKEMPreKey(3, aciIdentityKeyPair),
+            KeysHelper.signedKEMPreKey(4, pniIdentityKeyPair),
+            Optional.empty(),
+            Optional.empty()));
+
+    try (final Response response = resources.getJerseyTest()
+        .target("/v1/devices/link")
+        .request()
+        .header("Authorization", AuthHelper.getProvisioningAuthHeader(AuthHelper.VALID_NUMBER, "password1"))
+        .put(Entity.entity(request, MediaType.APPLICATION_JSON_TYPE))) {
+      assertEquals(422, response.getStatus());
+    }
+  }
 }