From 2b764c2abd875f395cc14b6b987e0faec6f471fd Mon Sep 17 00:00:00 2001
From: Jon Chambers <jon@signal.org>
Date: Sat, 9 Sep 2023 19:06:07 -0400
Subject: [PATCH] Don't allow callers to unlink their primary device

---
 .../textsecuregcm/controllers/DeviceController.java           | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
index 7c9c8575b..e0c424fe5 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
@@ -141,6 +141,10 @@ public class DeviceController {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
+    if (deviceId == Device.MASTER_ID) {
+      throw new ForbiddenException();
+    }
+
     final CompletableFuture<Void> deleteKeysFuture = keys.delete(account.getUuid(), deviceId);
 
     messages.clear(account.getUuid(), deviceId).join();