Allow `DisabledPermittedAuthenticatedAccount` at `/v1/accounts/me`

2023-03-03 13:09:39 -06:00 · 2023-03-03 13:09:39 -06:00 · 179f3df847
parent 8a889516b0
commit 179f3df847
2 changed files with 38 additions and 12 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java
@ -56,6 +56,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.signal.libsignal.usernames.BaseUsernameException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.auth.AccountAndAuthenticatedDeviceHolder;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.BasicAuthorizationHeader;
 import org.whispersystems.textsecuregcm.auth.ChangesDeviceEnabledState;
@ -664,14 +665,18 @@ public class AccountController {
  @GET
  @Path("/me")
  @Produces(MediaType.APPLICATION_JSON)
-  public AccountIdentityResponse getMe(@Auth AuthenticatedAccount auth) {
-    return whoAmI(auth);
+  public AccountIdentityResponse getMe(@Auth DisabledPermittedAuthenticatedAccount auth) {
+    return buildAccountIdentityResponse(auth);
  }

  @GET
  @Path("/whoami")
  @Produces(MediaType.APPLICATION_JSON)
  public AccountIdentityResponse whoAmI(@Auth AuthenticatedAccount auth) {
+    return buildAccountIdentityResponse(auth);
+  }
+
+  private AccountIdentityResponse buildAccountIdentityResponse(AccountAndAuthenticatedDeviceHolder auth) {
    return new AccountIdentityResponse(auth.getAccount().getUuid(),
        auth.getAccount().getNumber(),
        auth.getAccount().getPhoneNumberIdentifier(),
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java
@ -61,7 +61,6 @@ import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.CsvSource;
 import org.junit.jupiter.params.provider.MethodSource;
-import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.ArgumentCaptor;
 import org.mockito.stubbing.Answer;
 import org.signal.libsignal.usernames.BaseUsernameException;
@ -1746,16 +1745,38 @@ class AccountControllerTest {
  }

  @ParameterizedTest
-  @ValueSource(strings = {"/v1/accounts/whoami/", "/v1/accounts/me/"})
-  public void testWhoAmI(final String path) {
-    AccountIdentityResponse response =
-        resources.getJerseyTest()
-                 .target(path)
-                 .request()
-                 .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
-                 .get(AccountIdentityResponse.class);
+  @MethodSource
+  void testWhoAmI(final String path, final boolean enabledAccount, final int expectedHttpStatusCode) {
+    final UUID aci;
+    final String password;
+    if (enabledAccount) {
+      aci = AuthHelper.VALID_UUID;
+      password = AuthHelper.VALID_PASSWORD;
+    } else {
+      aci = AuthHelper.DISABLED_UUID;
+      password = AuthHelper.DISABLED_PASSWORD;
+    }

-    assertThat(response.uuid()).isEqualTo(AuthHelper.VALID_UUID);
+    final Response response = resources.getJerseyTest()
+        .target(path)
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(aci, password))
+        .get();
+
+    assertThat(response.getStatus()).isEqualTo(expectedHttpStatusCode);
+
+    if (expectedHttpStatusCode == 200) {
+      assertThat(response.readEntity(AccountIdentityResponse.class).uuid()).isEqualTo(aci);
+    }
+  }
+
+  static Stream<Arguments> testWhoAmI() {
+    return Stream.of(
+        Arguments.of("/v1/accounts/whoami", true, 200),
+        Arguments.of("/v1/accounts/whoami", false, 401),
+        Arguments.of("/v1/accounts/me", true, 200),
+        Arguments.of("/v1/accounts/me", false, 200)
+    );
  }

  @Test