From 22ef058cb65f7d07d2e6b060630a572c1e01fb38 Mon Sep 17 00:00:00 2001 From: Moxie Marlinspike Date: Sat, 9 Jan 2021 09:08:46 -0800 Subject: [PATCH] Temporarily disable registration abuse system --- .../controllers/AccountController.java | 109 +++---- .../controllers/AccountControllerTest.java | 294 +++++++++--------- 2 files changed, 202 insertions(+), 201 deletions(-) diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java index d7a90d3f2..1873122f4 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java @@ -536,61 +536,62 @@ public class AccountController { Optional pushChallenge) { - if (captchaToken.isPresent()) { - boolean validToken = recaptchaClient.verify(captchaToken.get(), requester); - - if (validToken) { - captchaSuccessMeter.mark(); - return new CaptchaRequirement(false, false); - } else { - captchaFailureMeter.mark(); - return new CaptchaRequirement(true, false); - } - } - - if (pushChallenge.isPresent()) { - Optional storedPushChallenge = storedVerificationCode.map(StoredVerificationCode::getPushCode); - - if (!pushChallenge.get().equals(storedPushChallenge.orElse(null))) { - return new CaptchaRequirement(true, false); - } - } - - List abuseRules = abusiveHostRules.getAbusiveHostRulesFor(requester); - - for (AbusiveHostRule abuseRule : abuseRules) { - if (abuseRule.isBlocked()) { - logger.info("Blocked host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); - blockedHostMeter.mark(); - return new CaptchaRequirement(true, false); - } - - if (!abuseRule.getRegions().isEmpty()) { - if (abuseRule.getRegions().stream().noneMatch(number::startsWith)) { - logger.info("Restricted host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); - filteredHostMeter.mark(); - return new CaptchaRequirement(true, false); - } - } - } - - try { - rateLimiters.getSmsVoiceIpLimiter().validate(requester); - } catch (RateLimitExceededException e) { - logger.info("Rate limited exceeded: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); - rateLimitedHostMeter.mark(); - return new CaptchaRequirement(true, true); - } - - try { - rateLimiters.getSmsVoicePrefixLimiter().validate(Util.getNumberPrefix(number)); - } catch (RateLimitExceededException e) { - logger.info("Prefix rate limit exceeded: " + transport + ", " + number + ", (" + forwardedFor + ")"); - rateLimitedPrefixMeter.mark(); - return new CaptchaRequirement(true, true); - } - return new CaptchaRequirement(false, false); +// if (captchaToken.isPresent()) { +// boolean validToken = recaptchaClient.verify(captchaToken.get(), requester); +// +// if (validToken) { +// captchaSuccessMeter.mark(); +// return new CaptchaRequirement(false, false); +// } else { +// captchaFailureMeter.mark(); +// return new CaptchaRequirement(true, false); +// } +// } +// +// if (pushChallenge.isPresent()) { +// Optional storedPushChallenge = storedVerificationCode.map(StoredVerificationCode::getPushCode); +// +// if (!pushChallenge.get().equals(storedPushChallenge.orElse(null))) { +// return new CaptchaRequirement(true, false); +// } +// } +// +// List abuseRules = abusiveHostRules.getAbusiveHostRulesFor(requester); +// +// for (AbusiveHostRule abuseRule : abuseRules) { +// if (abuseRule.isBlocked()) { +// logger.info("Blocked host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); +// blockedHostMeter.mark(); +// return new CaptchaRequirement(true, false); +// } +// +// if (!abuseRule.getRegions().isEmpty()) { +// if (abuseRule.getRegions().stream().noneMatch(number::startsWith)) { +// logger.info("Restricted host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); +// filteredHostMeter.mark(); +// return new CaptchaRequirement(true, false); +// } +// } +// } +// +// try { +// rateLimiters.getSmsVoiceIpLimiter().validate(requester); +// } catch (RateLimitExceededException e) { +// logger.info("Rate limited exceeded: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); +// rateLimitedHostMeter.mark(); +// return new CaptchaRequirement(true, true); +// } +// +// try { +// rateLimiters.getSmsVoicePrefixLimiter().validate(Util.getNumberPrefix(number)); +// } catch (RateLimitExceededException e) { +// logger.info("Prefix rate limit exceeded: " + transport + ", " + number + ", (" + forwardedFor + ")"); +// rateLimitedPrefixMeter.mark(); +// return new CaptchaRequirement(true, true); +// } +// +// return new CaptchaRequirement(false, false); } @Timed diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java index 68d3f1e1f..ecad9336b 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java @@ -275,7 +275,7 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(200); verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.empty()), anyString()); - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); } @Test @@ -291,24 +291,24 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(200); verify(smsSender).deliverSmsVerification(eq(SENDER_PREAUTH), eq(Optional.empty()), anyString()); - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); } - @Test - public void testSendCodeWithInvalidPreauth() throws Exception { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER_PREAUTH)) - .queryParam("challenge", "invalidchallenge") - .request() - .header("X-Forwarded-For", NICE_HOST) - .get(); - - assertThat(response.getStatus()).isEqualTo(402); - - verifyNoMoreInteractions(smsSender); - verifyNoMoreInteractions(abusiveHostRules); - } +// @Test +// public void testSendCodeWithInvalidPreauth() throws Exception { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER_PREAUTH)) +// .queryParam("challenge", "invalidchallenge") +// .request() +// .header("X-Forwarded-For", NICE_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verifyNoMoreInteractions(smsSender); +// verifyNoMoreInteractions(abusiveHostRules); +// } @Test public void testSendCodeWithNoPreauth() throws Exception { @@ -322,7 +322,7 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(200); verify(smsSender).deliverSmsVerification(eq(SENDER_PREAUTH), eq(Optional.empty()), anyString()); - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); } @@ -356,144 +356,144 @@ public class AccountControllerTest { verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.of("android-ng")), anyString()); } - @Test - public void testSendAbusiveHost() { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER)) - .request() - .header("X-Forwarded-For", ABUSIVE_HOST) - .get(); +// @Test +// public void testSendAbusiveHost() { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) +// .request() +// .header("X-Forwarded-For", ABUSIVE_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); +// verifyNoMoreInteractions(smsSender); +// } - assertThat(response.getStatus()).isEqualTo(402); +// @Test +// public void testSendAbusiveHostWithValidCaptcha() throws IOException { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) +// .queryParam("captcha", VALID_CAPTCHA_TOKEN) +// .request() +// .header("X-Forwarded-For", ABUSIVE_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(200); +// +// verifyNoMoreInteractions(abusiveHostRules); +// verify(recaptchaClient).verify(eq(VALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); +// verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.empty()), anyString()); +// } - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); - verifyNoMoreInteractions(smsSender); - } +// @Test +// public void testSendAbusiveHostWithInvalidCaptcha() { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) +// .queryParam("captcha", INVALID_CAPTCHA_TOKEN) +// .request() +// .header("X-Forwarded-For", ABUSIVE_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verifyNoMoreInteractions(abusiveHostRules); +// verify(recaptchaClient).verify(eq(INVALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); +// verifyNoMoreInteractions(smsSender); +// } - @Test - public void testSendAbusiveHostWithValidCaptcha() throws IOException { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER)) - .queryParam("captcha", VALID_CAPTCHA_TOKEN) - .request() - .header("X-Forwarded-For", ABUSIVE_HOST) - .get(); +// @Test +// public void testSendRateLimitedHostAutoBlock() { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) +// .request() +// .header("X-Forwarded-For", RATE_LIMITED_IP_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_IP_HOST)); +// verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_IP_HOST), eq("Auto-Block")); +// verifyNoMoreInteractions(abusiveHostRules); +// +// verifyNoMoreInteractions(recaptchaClient); +// verifyNoMoreInteractions(smsSender); +// } - assertThat(response.getStatus()).isEqualTo(200); +// @Test +// public void testSendRateLimitedPrefixAutoBlock() { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER_OVER_PREFIX)) +// .request() +// .header("X-Forwarded-For", RATE_LIMITED_PREFIX_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_PREFIX_HOST)); +// verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_PREFIX_HOST), eq("Auto-Block")); +// verifyNoMoreInteractions(abusiveHostRules); +// +// verifyNoMoreInteractions(recaptchaClient); +// verifyNoMoreInteractions(smsSender); +// } - verifyNoMoreInteractions(abusiveHostRules); - verify(recaptchaClient).verify(eq(VALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); - verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.empty()), anyString()); - } - - @Test - public void testSendAbusiveHostWithInvalidCaptcha() { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER)) - .queryParam("captcha", INVALID_CAPTCHA_TOKEN) - .request() - .header("X-Forwarded-For", ABUSIVE_HOST) - .get(); - - assertThat(response.getStatus()).isEqualTo(402); - - verifyNoMoreInteractions(abusiveHostRules); - verify(recaptchaClient).verify(eq(INVALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); - verifyNoMoreInteractions(smsSender); - } - - @Test - public void testSendRateLimitedHostAutoBlock() { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER)) - .request() - .header("X-Forwarded-For", RATE_LIMITED_IP_HOST) - .get(); - - assertThat(response.getStatus()).isEqualTo(402); - - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_IP_HOST)); - verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_IP_HOST), eq("Auto-Block")); - verifyNoMoreInteractions(abusiveHostRules); - - verifyNoMoreInteractions(recaptchaClient); - verifyNoMoreInteractions(smsSender); - } - - @Test - public void testSendRateLimitedPrefixAutoBlock() { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER_OVER_PREFIX)) - .request() - .header("X-Forwarded-For", RATE_LIMITED_PREFIX_HOST) - .get(); - - assertThat(response.getStatus()).isEqualTo(402); - - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_PREFIX_HOST)); - verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_PREFIX_HOST), eq("Auto-Block")); - verifyNoMoreInteractions(abusiveHostRules); - - verifyNoMoreInteractions(recaptchaClient); - verifyNoMoreInteractions(smsSender); - } - - @Test - public void testSendRateLimitedHostNoAutoBlock() { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER)) - .request() - .header("X-Forwarded-For", RATE_LIMITED_HOST2) - .get(); - - assertThat(response.getStatus()).isEqualTo(402); - - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_HOST2)); - verifyNoMoreInteractions(abusiveHostRules); - - verifyNoMoreInteractions(recaptchaClient); - verifyNoMoreInteractions(smsSender); - } +// @Test +// public void testSendRateLimitedHostNoAutoBlock() { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) +// .request() +// .header("X-Forwarded-For", RATE_LIMITED_HOST2) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_HOST2)); +// verifyNoMoreInteractions(abusiveHostRules); +// +// verifyNoMoreInteractions(recaptchaClient); +// verifyNoMoreInteractions(smsSender); +// } - @Test - public void testSendMultipleHost() { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER)) - .request() - .header("X-Forwarded-For", NICE_HOST + ", " + ABUSIVE_HOST) - .get(); - - assertThat(response.getStatus()).isEqualTo(402); - - verify(abusiveHostRules, times(1)).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); - - verifyNoMoreInteractions(abusiveHostRules); - verifyNoMoreInteractions(smsSender); - } +// @Test +// public void testSendMultipleHost() { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) +// .request() +// .header("X-Forwarded-For", NICE_HOST + ", " + ABUSIVE_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verify(abusiveHostRules, times(1)).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); +// +// verifyNoMoreInteractions(abusiveHostRules); +// verifyNoMoreInteractions(smsSender); +// } - @Test - public void testSendRestrictedHostOut() { - Response response = - resources.getJerseyTest() - .target(String.format("/v1/accounts/sms/code/%s", SENDER)) - .request() - .header("X-Forwarded-For", RESTRICTED_HOST) - .get(); - - assertThat(response.getStatus()).isEqualTo(402); - - verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RESTRICTED_HOST)); - verifyNoMoreInteractions(smsSender); - } +// @Test +// public void testSendRestrictedHostOut() { +// Response response = +// resources.getJerseyTest() +// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) +// .request() +// .header("X-Forwarded-For", RESTRICTED_HOST) +// .get(); +// +// assertThat(response.getStatus()).isEqualTo(402); +// +// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RESTRICTED_HOST)); +// verifyNoMoreInteractions(smsSender); +// } @Test public void testSendRestrictedIn() throws Exception {