Add current entitlements to whoami response

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountIdentityResponseBuilder.java

@@ -4,7 +4,11 @@
  */
 package org.whispersystems.textsecuregcm.controllers;
 
+import java.time.Clock;
+import java.util.List;
+import java.util.Optional;
 import org.whispersystems.textsecuregcm.entities.AccountIdentityResponse;
+import org.whispersystems.textsecuregcm.entities.Entitlements;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.DeviceCapability;
 
@@ -12,10 +16,12 @@ public class AccountIdentityResponseBuilder {
 
   private final Account account;
   private boolean storageCapable;
+  private Clock clock;
 
   public AccountIdentityResponseBuilder(Account account) {
     this.account = account;
     this.storageCapable = account.hasCapability(DeviceCapability.STORAGE);
+    this.clock = Clock.systemUTC();
   }
 
   public AccountIdentityResponseBuilder storageCapable(boolean storageCapable) {
@@ -23,13 +29,31 @@ public class AccountIdentityResponseBuilder {
     return this;
   }
 
+  public AccountIdentityResponseBuilder clock(Clock clock) {
+    this.clock = clock;
+    return this;
+  }
+
   public AccountIdentityResponse build() {
+    final List<Entitlements.BadgeEntitlement> badges = account.getBadges()
+        .stream()
+        .filter(bv -> bv.expiration().isAfter(clock.instant()))
+        .map(badge -> new Entitlements.BadgeEntitlement(badge.id(), badge.expiration(), badge.visible()))
+        .toList();
+
+    final Entitlements.BackupEntitlement backupEntitlement = Optional
+        .ofNullable(account.getBackupVoucher())
+        .filter(bv -> bv.expiration().isAfter(clock.instant()))
+        .map(bv -> new Entitlements.BackupEntitlement(bv.receiptLevel(), bv.expiration()))
+        .orElse(null);
+
     return new AccountIdentityResponse(account.getUuid(),
         account.getNumber(),
         account.getPhoneNumberIdentifier(),
         account.getUsernameHash().filter(h -> h.length > 0).orElse(null),
         account.getUsernameLinkHandle(),
-        storageCapable);
+        storageCapable,
+        new Entitlements(badges, backupEntitlement));
   }
 
   public static AccountIdentityResponse fromAccount(final Account account) {

service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountIdentityResponse.java

@@ -31,5 +31,8 @@ public record AccountIdentityResponse(
     @Nullable UUID usernameLinkHandle,
 
     @Schema(description="whether any of this account's devices support storage")
-    boolean storageCapable) {
+    boolean storageCapable,
+
+    @Schema(description = "entitlements for this account and their current expirations")
+    Entitlements entitlements) {
 }

service/src/main/java/org/whispersystems/textsecuregcm/entities/Entitlements.java

@@ -0,0 +1,43 @@
+package org.whispersystems.textsecuregcm.entities;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import io.swagger.v3.oas.annotations.media.Schema;
+import org.whispersystems.textsecuregcm.util.InstantAdapter;
+
+import javax.annotation.Nullable;
+import java.time.Instant;
+import java.util.List;
+
+public record Entitlements(
+    @Schema(description = "Active badges added via /v1/donation/redeem-receipt")
+    List<BadgeEntitlement> badges,
+    @Schema(description = "If present, the backup level set via /v1/archives/redeem-receipt")
+    @Nullable BackupEntitlement backup) {
+
+  public record BadgeEntitlement(
+      @Schema(description = "The badge id")
+      String id,
+
+      @Schema(description = "When the badge expires, in number of seconds since epoch", implementation = Long.class)
+      @JsonSerialize(using = InstantAdapter.EpochSecondSerializer.class)
+      @JsonFormat(shape = JsonFormat.Shape.NUMBER_INT)
+      @JsonProperty("expirationSeconds")
+      Instant expiration,
+
+      @Schema(description = "Whether the badge is currently configured to be visible")
+      boolean visible) {
+  }
+
+  public record BackupEntitlement(
+      @Schema(description = "The backup level of the account")
+      long backupLevel,
+
+      @Schema(description = "When the backup entitlement expires, in number of seconds since epoch", implementation = Long.class)
+      @JsonSerialize(using = InstantAdapter.EpochSecondSerializer.class)
+      @JsonFormat(shape = JsonFormat.Shape.NUMBER_INT)
+      @JsonProperty("expirationSeconds")
+      Instant expiration) {
+  }
+}

service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java

@@ -42,6 +42,7 @@ import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
+import java.util.function.BiConsumer;
 import java.util.stream.Stream;
 import org.glassfish.jersey.server.ServerProperties;
 import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
@@ -66,6 +67,7 @@ import org.whispersystems.textsecuregcm.entities.ApnRegistrationId;
 import org.whispersystems.textsecuregcm.entities.ConfirmUsernameHashRequest;
 import org.whispersystems.textsecuregcm.entities.DeviceName;
 import org.whispersystems.textsecuregcm.entities.EncryptedUsername;
+import org.whispersystems.textsecuregcm.entities.Entitlements;
 import org.whispersystems.textsecuregcm.entities.GcmRegistrationId;
 import org.whispersystems.textsecuregcm.entities.RegistrationLock;
 import org.whispersystems.textsecuregcm.entities.ReserveUsernameHashRequest;
@@ -82,6 +84,7 @@ import org.whispersystems.textsecuregcm.mappers.JsonMappingExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.NonNormalizedPhoneNumberExceptionMapper;
 import org.whispersystems.textsecuregcm.mappers.RateLimitExceededExceptionMapper;
 import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountBadge;
 import org.whispersystems.textsecuregcm.storage.AccountsManager;
 import org.whispersystems.textsecuregcm.storage.Device;
 import org.whispersystems.textsecuregcm.storage.DeviceCapability;
@@ -324,6 +327,15 @@ class AccountControllerTest {
   @ParameterizedTest
   @ValueSource(strings = {"/v1/accounts/whoami", "/v1/accounts/me"})
   void testWhoAmI(final String path) {
+    final Instant expiration = Instant.now().plus(Duration.ofHours(1)).plusMillis(101);
+    final Instant truncatedExpiration = Instant.ofEpochSecond(expiration.getEpochSecond());
+    final AccountBadge badge1 = new AccountBadge("badge1", expiration, true);
+    final AccountBadge badge2 = new AccountBadge("badge2", expiration, true);
+
+    when(AuthHelper.VALID_ACCOUNT.getBackupVoucher())
+        .thenReturn(new Account.BackupVoucher(100, expiration));
+    when(AuthHelper.VALID_ACCOUNT.getBadges()).thenReturn(List.of(badge1, badge2));
+
     try (final Response response = resources.getJerseyTest()
         .target(path)
         .request()
@@ -331,7 +343,19 @@ class AccountControllerTest {
         .get()) {
 
       assertThat(response.getStatus()).isEqualTo(200);
-      assertThat(response.readEntity(AccountIdentityResponse.class).uuid()).isEqualTo(AuthHelper.VALID_UUID);
+      final AccountIdentityResponse identityResponse = response.readEntity(AccountIdentityResponse.class);
+      assertThat(identityResponse.uuid()).isEqualTo(AuthHelper.VALID_UUID);
+
+      final BiConsumer<Entitlements.BadgeEntitlement, AccountBadge> compareBadge = (actual, expected) -> {
+        assertThat(actual.expiration()).isEqualTo(truncatedExpiration);
+        assertThat(actual.id()).isEqualTo(expected.id());
+        assertThat(actual.visible()).isEqualTo(expected.visible());
+      };
+      compareBadge.accept(identityResponse.entitlements().badges().getFirst(), badge1);
+      compareBadge.accept(identityResponse.entitlements().badges().getLast(), badge2);
+
+      assertThat(identityResponse.entitlements().backup().backupLevel()).isEqualTo(100);
+      assertThat(identityResponse.entitlements().backup().expiration()).isEqualTo(truncatedExpiration);
     }
   }
 

service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountIdentityResponseBuilderTest.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2024 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.controllers;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.time.Instant;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.whispersystems.textsecuregcm.entities.Entitlements;
+import org.whispersystems.textsecuregcm.storage.Account;
+import org.whispersystems.textsecuregcm.storage.AccountBadge;
+import org.whispersystems.textsecuregcm.util.TestClock;
+
+class AccountIdentityResponseBuilderTest {
+
+  @Test
+  void expiredBackupEntitlement() {
+    final Instant expiration = Instant.ofEpochSecond(101);
+    final Account account = mock(Account.class);
+    when(account.getBackupVoucher()).thenReturn(new Account.BackupVoucher(6, expiration));
+
+    Entitlements.BackupEntitlement backup = new AccountIdentityResponseBuilder(account)
+        .clock(TestClock.pinned(Instant.ofEpochSecond(101)))
+        .build().entitlements().backup();
+    assertThat(backup).isNull();
+
+    backup = new AccountIdentityResponseBuilder(account)
+        .clock(TestClock.pinned(Instant.ofEpochSecond(100)))
+        .build().entitlements().backup();
+    assertThat(backup).isNotNull();
+    assertThat(backup.expiration()).isEqualTo(expiration);
+    assertThat(backup.backupLevel()).isEqualTo(6);
+  }
+
+  @Test
+  void expiredBadgeEntitlement() {
+    final Account account = mock(Account.class);
+    when(account.getBadges()).thenReturn(List.of(
+        new AccountBadge("badge1", Instant.ofEpochSecond(10), false),
+        new AccountBadge("badge2", Instant.ofEpochSecond(11), true)));
+
+    // all should be expired
+    assertThat(new AccountIdentityResponseBuilder(account)
+        .clock(TestClock.pinned(Instant.ofEpochSecond(11)))
+        .build().entitlements().badges()).isEmpty();
+
+    // first badge should be expired
+    assertThat(new AccountIdentityResponseBuilder(account).clock(TestClock.pinned(Instant.ofEpochSecond(10))).build()
+        .entitlements()
+        .badges()
+        .stream().map(Entitlements.BadgeEntitlement::id).toList())
+        .containsExactly("badge2");
+
+    // no badges should be expired
+    assertThat(new AccountIdentityResponseBuilder(account).clock(TestClock.pinned(Instant.ofEpochSecond(9))).build()
+        .entitlements()
+        .badges()
+        .stream().map(Entitlements.BadgeEntitlement::id).toList())
+        .containsExactly("badge1", "badge2");
+  }
+
+}

service/src/test/java/org/whispersystems/textsecuregcm/tests/util/AccountsHelper.java

@@ -152,6 +152,7 @@ public class AccountsHelper {
           case "getIdentityKey" ->
               when(updatedAccount.getIdentityKey(stubbing.getInvocation().getArgument(0))).thenAnswer(stubbing);
           case "getBadges" -> when(updatedAccount.getBadges()).thenAnswer(stubbing);
+          case "getBackupVoucher" -> when(updatedAccount.getBackupVoucher()).thenAnswer(stubbing);
           case "getLastSeen" -> when(updatedAccount.getLastSeen()).thenAnswer(stubbing);
           case "hasLockedCredentials" -> when(updatedAccount.hasLockedCredentials()).thenAnswer(stubbing);
           default -> throw new IllegalArgumentException("unsupported method: Account#" + stubbing.getInvocation().getMethod().getName());