From 24ea6a9f1d0324c8401c62f7697ae03504f292e9 Mon Sep 17 00:00:00 2001 From: Jon Chambers Date: Mon, 25 Jan 2021 10:23:47 -0500 Subject: [PATCH] Revert "Temporarily disable registration abuse system" This reverts commit 22ef058cb65f7d07d2e6b060630a572c1e01fb38. --- .../controllers/AccountController.java | 109 ++++--- .../controllers/AccountControllerTest.java | 294 +++++++++--------- 2 files changed, 201 insertions(+), 202 deletions(-) diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java index 14e0684d5..96953ca08 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java @@ -540,62 +540,61 @@ public class AccountController { Optional pushChallenge) { + if (captchaToken.isPresent()) { + boolean validToken = recaptchaClient.verify(captchaToken.get(), requester); + + if (validToken) { + captchaSuccessMeter.mark(); + return new CaptchaRequirement(false, false); + } else { + captchaFailureMeter.mark(); + return new CaptchaRequirement(true, false); + } + } + + if (pushChallenge.isPresent()) { + Optional storedPushChallenge = storedVerificationCode.map(StoredVerificationCode::getPushCode); + + if (!pushChallenge.get().equals(storedPushChallenge.orElse(null))) { + return new CaptchaRequirement(true, false); + } + } + + List abuseRules = abusiveHostRules.getAbusiveHostRulesFor(requester); + + for (AbusiveHostRule abuseRule : abuseRules) { + if (abuseRule.isBlocked()) { + logger.info("Blocked host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); + blockedHostMeter.mark(); + return new CaptchaRequirement(true, false); + } + + if (!abuseRule.getRegions().isEmpty()) { + if (abuseRule.getRegions().stream().noneMatch(number::startsWith)) { + logger.info("Restricted host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); + filteredHostMeter.mark(); + return new CaptchaRequirement(true, false); + } + } + } + + try { + rateLimiters.getSmsVoiceIpLimiter().validate(requester); + } catch (RateLimitExceededException e) { + logger.info("Rate limited exceeded: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); + rateLimitedHostMeter.mark(); + return new CaptchaRequirement(true, true); + } + + try { + rateLimiters.getSmsVoicePrefixLimiter().validate(Util.getNumberPrefix(number)); + } catch (RateLimitExceededException e) { + logger.info("Prefix rate limit exceeded: " + transport + ", " + number + ", (" + forwardedFor + ")"); + rateLimitedPrefixMeter.mark(); + return new CaptchaRequirement(true, true); + } + return new CaptchaRequirement(false, false); -// if (captchaToken.isPresent()) { -// boolean validToken = recaptchaClient.verify(captchaToken.get(), requester); -// -// if (validToken) { -// captchaSuccessMeter.mark(); -// return new CaptchaRequirement(false, false); -// } else { -// captchaFailureMeter.mark(); -// return new CaptchaRequirement(true, false); -// } -// } -// -// if (pushChallenge.isPresent()) { -// Optional storedPushChallenge = storedVerificationCode.map(StoredVerificationCode::getPushCode); -// -// if (!pushChallenge.get().equals(storedPushChallenge.orElse(null))) { -// return new CaptchaRequirement(true, false); -// } -// } -// -// List abuseRules = abusiveHostRules.getAbusiveHostRulesFor(requester); -// -// for (AbusiveHostRule abuseRule : abuseRules) { -// if (abuseRule.isBlocked()) { -// logger.info("Blocked host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); -// blockedHostMeter.mark(); -// return new CaptchaRequirement(true, false); -// } -// -// if (!abuseRule.getRegions().isEmpty()) { -// if (abuseRule.getRegions().stream().noneMatch(number::startsWith)) { -// logger.info("Restricted host: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); -// filteredHostMeter.mark(); -// return new CaptchaRequirement(true, false); -// } -// } -// } -// -// try { -// rateLimiters.getSmsVoiceIpLimiter().validate(requester); -// } catch (RateLimitExceededException e) { -// logger.info("Rate limited exceeded: " + transport + ", " + number + ", " + requester + " (" + forwardedFor + ")"); -// rateLimitedHostMeter.mark(); -// return new CaptchaRequirement(true, true); -// } -// -// try { -// rateLimiters.getSmsVoicePrefixLimiter().validate(Util.getNumberPrefix(number)); -// } catch (RateLimitExceededException e) { -// logger.info("Prefix rate limit exceeded: " + transport + ", " + number + ", (" + forwardedFor + ")"); -// rateLimitedPrefixMeter.mark(); -// return new CaptchaRequirement(true, true); -// } -// -// return new CaptchaRequirement(false, false); } @Timed diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java index ecad9336b..68d3f1e1f 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java @@ -275,7 +275,7 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(200); verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.empty()), anyString()); -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); } @Test @@ -291,24 +291,24 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(200); verify(smsSender).deliverSmsVerification(eq(SENDER_PREAUTH), eq(Optional.empty()), anyString()); -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); } -// @Test -// public void testSendCodeWithInvalidPreauth() throws Exception { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER_PREAUTH)) -// .queryParam("challenge", "invalidchallenge") -// .request() -// .header("X-Forwarded-For", NICE_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verifyNoMoreInteractions(smsSender); -// verifyNoMoreInteractions(abusiveHostRules); -// } + @Test + public void testSendCodeWithInvalidPreauth() throws Exception { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER_PREAUTH)) + .queryParam("challenge", "invalidchallenge") + .request() + .header("X-Forwarded-For", NICE_HOST) + .get(); + + assertThat(response.getStatus()).isEqualTo(402); + + verifyNoMoreInteractions(smsSender); + verifyNoMoreInteractions(abusiveHostRules); + } @Test public void testSendCodeWithNoPreauth() throws Exception { @@ -322,7 +322,7 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(200); verify(smsSender).deliverSmsVerification(eq(SENDER_PREAUTH), eq(Optional.empty()), anyString()); -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(NICE_HOST)); } @@ -356,144 +356,144 @@ public class AccountControllerTest { verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.of("android-ng")), anyString()); } -// @Test -// public void testSendAbusiveHost() { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) -// .request() -// .header("X-Forwarded-For", ABUSIVE_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); -// verifyNoMoreInteractions(smsSender); -// } + @Test + public void testSendAbusiveHost() { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER)) + .request() + .header("X-Forwarded-For", ABUSIVE_HOST) + .get(); -// @Test -// public void testSendAbusiveHostWithValidCaptcha() throws IOException { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) -// .queryParam("captcha", VALID_CAPTCHA_TOKEN) -// .request() -// .header("X-Forwarded-For", ABUSIVE_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(200); -// -// verifyNoMoreInteractions(abusiveHostRules); -// verify(recaptchaClient).verify(eq(VALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); -// verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.empty()), anyString()); -// } + assertThat(response.getStatus()).isEqualTo(402); -// @Test -// public void testSendAbusiveHostWithInvalidCaptcha() { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) -// .queryParam("captcha", INVALID_CAPTCHA_TOKEN) -// .request() -// .header("X-Forwarded-For", ABUSIVE_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verifyNoMoreInteractions(abusiveHostRules); -// verify(recaptchaClient).verify(eq(INVALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); -// verifyNoMoreInteractions(smsSender); -// } + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); + verifyNoMoreInteractions(smsSender); + } -// @Test -// public void testSendRateLimitedHostAutoBlock() { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) -// .request() -// .header("X-Forwarded-For", RATE_LIMITED_IP_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_IP_HOST)); -// verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_IP_HOST), eq("Auto-Block")); -// verifyNoMoreInteractions(abusiveHostRules); -// -// verifyNoMoreInteractions(recaptchaClient); -// verifyNoMoreInteractions(smsSender); -// } + @Test + public void testSendAbusiveHostWithValidCaptcha() throws IOException { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER)) + .queryParam("captcha", VALID_CAPTCHA_TOKEN) + .request() + .header("X-Forwarded-For", ABUSIVE_HOST) + .get(); -// @Test -// public void testSendRateLimitedPrefixAutoBlock() { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER_OVER_PREFIX)) -// .request() -// .header("X-Forwarded-For", RATE_LIMITED_PREFIX_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_PREFIX_HOST)); -// verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_PREFIX_HOST), eq("Auto-Block")); -// verifyNoMoreInteractions(abusiveHostRules); -// -// verifyNoMoreInteractions(recaptchaClient); -// verifyNoMoreInteractions(smsSender); -// } + assertThat(response.getStatus()).isEqualTo(200); -// @Test -// public void testSendRateLimitedHostNoAutoBlock() { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) -// .request() -// .header("X-Forwarded-For", RATE_LIMITED_HOST2) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_HOST2)); -// verifyNoMoreInteractions(abusiveHostRules); -// -// verifyNoMoreInteractions(recaptchaClient); -// verifyNoMoreInteractions(smsSender); -// } + verifyNoMoreInteractions(abusiveHostRules); + verify(recaptchaClient).verify(eq(VALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); + verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.empty()), anyString()); + } + + @Test + public void testSendAbusiveHostWithInvalidCaptcha() { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER)) + .queryParam("captcha", INVALID_CAPTCHA_TOKEN) + .request() + .header("X-Forwarded-For", ABUSIVE_HOST) + .get(); + + assertThat(response.getStatus()).isEqualTo(402); + + verifyNoMoreInteractions(abusiveHostRules); + verify(recaptchaClient).verify(eq(INVALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); + verifyNoMoreInteractions(smsSender); + } + + @Test + public void testSendRateLimitedHostAutoBlock() { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER)) + .request() + .header("X-Forwarded-For", RATE_LIMITED_IP_HOST) + .get(); + + assertThat(response.getStatus()).isEqualTo(402); + + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_IP_HOST)); + verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_IP_HOST), eq("Auto-Block")); + verifyNoMoreInteractions(abusiveHostRules); + + verifyNoMoreInteractions(recaptchaClient); + verifyNoMoreInteractions(smsSender); + } + + @Test + public void testSendRateLimitedPrefixAutoBlock() { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER_OVER_PREFIX)) + .request() + .header("X-Forwarded-For", RATE_LIMITED_PREFIX_HOST) + .get(); + + assertThat(response.getStatus()).isEqualTo(402); + + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_PREFIX_HOST)); + verify(abusiveHostRules).setBlockedHost(eq(RATE_LIMITED_PREFIX_HOST), eq("Auto-Block")); + verifyNoMoreInteractions(abusiveHostRules); + + verifyNoMoreInteractions(recaptchaClient); + verifyNoMoreInteractions(smsSender); + } + + @Test + public void testSendRateLimitedHostNoAutoBlock() { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER)) + .request() + .header("X-Forwarded-For", RATE_LIMITED_HOST2) + .get(); + + assertThat(response.getStatus()).isEqualTo(402); + + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RATE_LIMITED_HOST2)); + verifyNoMoreInteractions(abusiveHostRules); + + verifyNoMoreInteractions(recaptchaClient); + verifyNoMoreInteractions(smsSender); + } -// @Test -// public void testSendMultipleHost() { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) -// .request() -// .header("X-Forwarded-For", NICE_HOST + ", " + ABUSIVE_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verify(abusiveHostRules, times(1)).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); -// -// verifyNoMoreInteractions(abusiveHostRules); -// verifyNoMoreInteractions(smsSender); -// } + @Test + public void testSendMultipleHost() { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER)) + .request() + .header("X-Forwarded-For", NICE_HOST + ", " + ABUSIVE_HOST) + .get(); + + assertThat(response.getStatus()).isEqualTo(402); + + verify(abusiveHostRules, times(1)).getAbusiveHostRulesFor(eq(ABUSIVE_HOST)); + + verifyNoMoreInteractions(abusiveHostRules); + verifyNoMoreInteractions(smsSender); + } -// @Test -// public void testSendRestrictedHostOut() { -// Response response = -// resources.getJerseyTest() -// .target(String.format("/v1/accounts/sms/code/%s", SENDER)) -// .request() -// .header("X-Forwarded-For", RESTRICTED_HOST) -// .get(); -// -// assertThat(response.getStatus()).isEqualTo(402); -// -// verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RESTRICTED_HOST)); -// verifyNoMoreInteractions(smsSender); -// } + @Test + public void testSendRestrictedHostOut() { + Response response = + resources.getJerseyTest() + .target(String.format("/v1/accounts/sms/code/%s", SENDER)) + .request() + .header("X-Forwarded-For", RESTRICTED_HOST) + .get(); + + assertThat(response.getStatus()).isEqualTo(402); + + verify(abusiveHostRules).getAbusiveHostRulesFor(eq(RESTRICTED_HOST)); + verifyNoMoreInteractions(smsSender); + } @Test public void testSendRestrictedIn() throws Exception {