diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java index 8cfd4a5f4..6d0b081af 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java @@ -56,6 +56,7 @@ import org.apache.commons.lang3.StringUtils; import org.signal.libsignal.usernames.BaseUsernameException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.whispersystems.textsecuregcm.auth.AccountAndAuthenticatedDeviceHolder; import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount; import org.whispersystems.textsecuregcm.auth.BasicAuthorizationHeader; import org.whispersystems.textsecuregcm.auth.ChangesDeviceEnabledState; @@ -664,14 +665,18 @@ public class AccountController { @GET @Path("/me") @Produces(MediaType.APPLICATION_JSON) - public AccountIdentityResponse getMe(@Auth AuthenticatedAccount auth) { - return whoAmI(auth); + public AccountIdentityResponse getMe(@Auth DisabledPermittedAuthenticatedAccount auth) { + return buildAccountIdentityResponse(auth); } @GET @Path("/whoami") @Produces(MediaType.APPLICATION_JSON) public AccountIdentityResponse whoAmI(@Auth AuthenticatedAccount auth) { + return buildAccountIdentityResponse(auth); + } + + private AccountIdentityResponse buildAccountIdentityResponse(AccountAndAuthenticatedDeviceHolder auth) { return new AccountIdentityResponse(auth.getAccount().getUuid(), auth.getAccount().getNumber(), auth.getAccount().getPhoneNumberIdentifier(), diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java index 8a9418fca..cf9d09232 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java @@ -61,7 +61,6 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.CsvSource; import org.junit.jupiter.params.provider.MethodSource; -import org.junit.jupiter.params.provider.ValueSource; import org.mockito.ArgumentCaptor; import org.mockito.stubbing.Answer; import org.signal.libsignal.usernames.BaseUsernameException; @@ -1746,16 +1745,38 @@ class AccountControllerTest { } @ParameterizedTest - @ValueSource(strings = {"/v1/accounts/whoami/", "/v1/accounts/me/"}) - public void testWhoAmI(final String path) { - AccountIdentityResponse response = - resources.getJerseyTest() - .target(path) - .request() - .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD)) - .get(AccountIdentityResponse.class); + @MethodSource + void testWhoAmI(final String path, final boolean enabledAccount, final int expectedHttpStatusCode) { + final UUID aci; + final String password; + if (enabledAccount) { + aci = AuthHelper.VALID_UUID; + password = AuthHelper.VALID_PASSWORD; + } else { + aci = AuthHelper.DISABLED_UUID; + password = AuthHelper.DISABLED_PASSWORD; + } - assertThat(response.uuid()).isEqualTo(AuthHelper.VALID_UUID); + final Response response = resources.getJerseyTest() + .target(path) + .request() + .header("Authorization", AuthHelper.getAuthHeader(aci, password)) + .get(); + + assertThat(response.getStatus()).isEqualTo(expectedHttpStatusCode); + + if (expectedHttpStatusCode == 200) { + assertThat(response.readEntity(AccountIdentityResponse.class).uuid()).isEqualTo(aci); + } + } + + static Stream testWhoAmI() { + return Stream.of( + Arguments.of("/v1/accounts/whoami", true, 200), + Arguments.of("/v1/accounts/whoami", false, 401), + Arguments.of("/v1/accounts/me", true, 200), + Arguments.of("/v1/accounts/me", false, 200) + ); } @Test