From 0593e9e89f6d930a8d76fa97ddb6149b2d4a1927 Mon Sep 17 00:00:00 2001 From: Ameya Lokare Date: Thu, 19 Dec 2024 16:04:06 -0800 Subject: [PATCH] Add `@NotBlank` to verificationToken in LinkDeviceRequest --- .../entities/LinkDeviceRequest.java | 2 ++ .../controllers/DeviceControllerTest.java | 30 +++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/entities/LinkDeviceRequest.java b/service/src/main/java/org/whispersystems/textsecuregcm/entities/LinkDeviceRequest.java index c15f815de..85c281087 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/LinkDeviceRequest.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/LinkDeviceRequest.java @@ -6,6 +6,7 @@ import com.fasterxml.jackson.annotation.JsonUnwrapped; import io.swagger.v3.oas.annotations.media.Schema; import jakarta.validation.Valid; import jakarta.validation.constraints.AssertTrue; +import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotNull; import java.util.Optional; @@ -13,6 +14,7 @@ public record LinkDeviceRequest(@Schema(requiredMode = Schema.RequiredMode.REQUI The verification code associated with this device. Must match the verification code provided by the server when provisioning this device. """) + @NotBlank String verificationCode, @Valid diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java index 36434f108..2a302c4a4 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java @@ -53,6 +53,7 @@ import org.junit.jupiter.api.extension.RegisterExtension; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.MethodSource; +import org.junit.jupiter.params.provider.NullSource; import org.junit.jupiter.params.provider.ValueSource; import org.junitpioneer.jupiter.cartesian.CartesianTest; import org.mockito.ArgumentCaptor; @@ -1346,4 +1347,33 @@ class DeviceControllerTest { assertEquals(400, response.getStatus()); } } + + @ParameterizedTest + @NullSource + @ValueSource(strings = {""}) + void linkDeviceMissingVerificationCode(final String verificationCode) { + final AccountAttributes accountAttributes = new AccountAttributes(true, 1234, 5678, null, + null, true, Set.of()); + + final ECKeyPair aciIdentityKeyPair = Curve.generateKeyPair(); + final ECKeyPair pniIdentityKeyPair = Curve.generateKeyPair(); + + final LinkDeviceRequest request = new LinkDeviceRequest(verificationCode, + accountAttributes, + new DeviceActivationRequest( + KeysHelper.signedECPreKey(1, aciIdentityKeyPair), + KeysHelper.signedECPreKey(2, pniIdentityKeyPair), + KeysHelper.signedKEMPreKey(3, aciIdentityKeyPair), + KeysHelper.signedKEMPreKey(4, pniIdentityKeyPair), + Optional.empty(), + Optional.empty())); + + try (final Response response = resources.getJerseyTest() + .target("/v1/devices/link") + .request() + .header("Authorization", AuthHelper.getProvisioningAuthHeader(AuthHelper.VALID_NUMBER, "password1")) + .put(Entity.entity(request, MediaType.APPLICATION_JSON_TYPE))) { + assertEquals(422, response.getStatus()); + } + } }