Allow updates if the profile already has a payment address
This commit is contained in:
Chris Eager
Jon Chambers
parent
63a17bc14b
commit
44c61d9a58
|
|
@ -64,7 +64,6 @@ import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.Response.Status;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.signal.libsignal.zkgroup.InvalidInputException;
|
import org.signal.libsignal.zkgroup.InvalidInputException;
|
||||||
import org.signal.libsignal.zkgroup.VerificationFailedException;
|
import org.signal.libsignal.zkgroup.VerificationFailedException;
|
||||||
|
|
@ -178,24 +177,27 @@ public class ProfileController {
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
public Response setProfile(@Auth AuthenticatedAccount auth, @NotNull @Valid CreateProfileRequest request) {
|
public Response setProfile(@Auth AuthenticatedAccount auth, @NotNull @Valid CreateProfileRequest request) {
|
||||||
|
|
||||||
|
final Optional<VersionedProfile> currentProfile = profilesManager.get(auth.getAccount().getUuid(),
|
||||||
|
request.getVersion());
|
||||||
|
|
||||||
if (StringUtils.isNotBlank(request.getPaymentAddress())) {
|
if (StringUtils.isNotBlank(request.getPaymentAddress())) {
|
||||||
final boolean hasDisallowedPrefix =
|
final boolean hasDisallowedPrefix =
|
||||||
dynamicConfigurationManager.getConfiguration().getPaymentsConfiguration().getDisallowedPrefixes().stream()
|
dynamicConfigurationManager.getConfiguration().getPaymentsConfiguration().getDisallowedPrefixes().stream()
|
||||||
.anyMatch(prefix -> auth.getAccount().getNumber().startsWith(prefix));
|
.anyMatch(prefix -> auth.getAccount().getNumber().startsWith(prefix));
|
||||||
|
|
||||||
if (hasDisallowedPrefix) {
|
if (hasDisallowedPrefix && currentProfile.map(VersionedProfile::getPaymentAddress).isEmpty()) {
|
||||||
return Response.status(Status.FORBIDDEN).build();
|
return Response.status(Response.Status.FORBIDDEN).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Optional<VersionedProfile> currentProfile = profilesManager.get(auth.getAccount().getUuid(), request.getVersion());
|
|
||||||
|
|
||||||
Optional<String> currentAvatar = Optional.empty();
|
Optional<String> currentAvatar = Optional.empty();
|
||||||
if (currentProfile.isPresent() && currentProfile.get().getAvatar() != null && currentProfile.get().getAvatar().startsWith("profiles/")) {
|
if (currentProfile.isPresent() && currentProfile.get().getAvatar() != null && currentProfile.get().getAvatar()
|
||||||
|
.startsWith("profiles/")) {
|
||||||
currentAvatar = Optional.of(currentProfile.get().getAvatar());
|
currentAvatar = Optional.of(currentProfile.get().getAvatar());
|
||||||
}
|
}
|
||||||
|
|
||||||
String avatar = switch (request.getAvatarChange()) {
|
final String avatar = switch (request.getAvatarChange()) {
|
||||||
case UNCHANGED -> currentAvatar.orElse(null);
|
case UNCHANGED -> currentAvatar.orElse(null);
|
||||||
case CLEAR -> null;
|
case CLEAR -> null;
|
||||||
case UPDATE -> generateAvatarObjectName();
|
case UPDATE -> generateAvatarObjectName();
|
||||||
|
|
@ -218,7 +220,7 @@ public class ProfileController {
|
||||||
.build()));
|
.build()));
|
||||||
}
|
}
|
||||||
|
|
||||||
List<AccountBadge> updatedBadges = request.getBadges()
|
final List<AccountBadge> updatedBadges = request.getBadges()
|
||||||
.map(badges -> mergeBadgeIdsWithExistingAccountBadges(badges, auth.getAccount().getBadges()))
|
.map(badges -> mergeBadgeIdsWithExistingAccountBadges(badges, auth.getAccount().getBadges()))
|
||||||
.orElseGet(() -> auth.getAccount().getBadges());
|
.orElseGet(() -> auth.getAccount().getBadges());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -59,6 +59,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
import org.junit.jupiter.params.ParameterizedTest;
|
import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.Arguments;
|
import org.junit.jupiter.params.provider.Arguments;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
|
import org.junit.jupiter.params.provider.ValueSource;
|
||||||
import org.mockito.ArgumentCaptor;
|
import org.mockito.ArgumentCaptor;
|
||||||
import org.signal.libsignal.zkgroup.InvalidInputException;
|
import org.signal.libsignal.zkgroup.InvalidInputException;
|
||||||
import org.signal.libsignal.zkgroup.ServerPublicParams;
|
import org.signal.libsignal.zkgroup.ServerPublicParams;
|
||||||
|
|
@ -729,7 +730,9 @@ class ProfileControllerTest {
|
||||||
.target("/v1/profile")
|
.target("/v1/profile")
|
||||||
.request()
|
.request()
|
||||||
.header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_TWO, AuthHelper.VALID_PASSWORD_TWO))
|
.header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_TWO, AuthHelper.VALID_PASSWORD_TWO))
|
||||||
.put(Entity.entity(new CreateProfileRequest(commitment, "yetanotherversion", name, null, null, paymentAddress, false, false, List.of()), MediaType.APPLICATION_JSON_TYPE));
|
.put(Entity.entity(
|
||||||
|
new CreateProfileRequest(commitment, "yetanotherversion", name, null, null, paymentAddress, false, false,
|
||||||
|
List.of()), MediaType.APPLICATION_JSON_TYPE));
|
||||||
|
|
||||||
assertThat(response.getStatus()).isEqualTo(403);
|
assertThat(response.getStatus()).isEqualTo(403);
|
||||||
assertThat(response.hasEntity()).isFalse();
|
assertThat(response.hasEntity()).isFalse();
|
||||||
|
|
@ -737,6 +740,61 @@ class ProfileControllerTest {
|
||||||
verify(profilesManager, never()).set(any(), any());
|
verify(profilesManager, never()).set(any(), any());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ParameterizedTest
|
||||||
|
@ValueSource(booleans = {true, false})
|
||||||
|
void testSetProfilePaymentAddressCountryNotAllowedExistingPaymentAddress(
|
||||||
|
final boolean existingPaymentAddressOnProfile) throws InvalidInputException {
|
||||||
|
when(dynamicPaymentsConfiguration.getDisallowedPrefixes())
|
||||||
|
.thenReturn(List.of(AuthHelper.VALID_NUMBER_TWO.substring(0, 3)));
|
||||||
|
|
||||||
|
ProfileKeyCommitment commitment = new ProfileKey(new byte[32]).getCommitment(AuthHelper.VALID_UUID);
|
||||||
|
|
||||||
|
clearInvocations(AuthHelper.VALID_ACCOUNT_TWO);
|
||||||
|
|
||||||
|
when(profilesManager.get(eq(AuthHelper.VALID_UUID_TWO), any()))
|
||||||
|
.thenReturn(Optional.of(
|
||||||
|
new VersionedProfile("1", "name", null, null, null,
|
||||||
|
existingPaymentAddressOnProfile ? RandomStringUtils.randomAlphanumeric(776) : null,
|
||||||
|
commitment.serialize())));
|
||||||
|
|
||||||
|
final String name = RandomStringUtils.randomAlphabetic(380);
|
||||||
|
final String paymentAddress = RandomStringUtils.randomAlphanumeric(776);
|
||||||
|
|
||||||
|
Response response = resources.getJerseyTest()
|
||||||
|
.target("/v1/profile")
|
||||||
|
.request()
|
||||||
|
.header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_TWO, AuthHelper.VALID_PASSWORD_TWO))
|
||||||
|
.put(Entity.entity(
|
||||||
|
new CreateProfileRequest(commitment, "yetanotherversion", name, null, null, paymentAddress, false, false,
|
||||||
|
List.of()), MediaType.APPLICATION_JSON_TYPE));
|
||||||
|
|
||||||
|
if (existingPaymentAddressOnProfile) {
|
||||||
|
assertThat(response.getStatus()).isEqualTo(200);
|
||||||
|
assertThat(response.hasEntity()).isFalse();
|
||||||
|
|
||||||
|
ArgumentCaptor<VersionedProfile> profileArgumentCaptor = ArgumentCaptor.forClass(VersionedProfile.class);
|
||||||
|
|
||||||
|
verify(profilesManager).get(eq(AuthHelper.VALID_UUID_TWO), eq("yetanotherversion"));
|
||||||
|
verify(profilesManager).set(eq(AuthHelper.VALID_UUID_TWO), profileArgumentCaptor.capture());
|
||||||
|
|
||||||
|
verifyNoMoreInteractions(s3client);
|
||||||
|
|
||||||
|
final VersionedProfile profile = profileArgumentCaptor.getValue();
|
||||||
|
assertThat(profile.getCommitment()).isEqualTo(commitment.serialize());
|
||||||
|
assertThat(profile.getAvatar()).isNull();
|
||||||
|
assertThat(profile.getVersion()).isEqualTo("yetanotherversion");
|
||||||
|
assertThat(profile.getName()).isEqualTo(name);
|
||||||
|
assertThat(profile.getAboutEmoji()).isNull();
|
||||||
|
assertThat(profile.getAbout()).isNull();
|
||||||
|
assertThat(profile.getPaymentAddress()).isEqualTo(paymentAddress);
|
||||||
|
} else {
|
||||||
|
assertThat(response.getStatus()).isEqualTo(403);
|
||||||
|
assertThat(response.hasEntity()).isFalse();
|
||||||
|
|
||||||
|
verify(profilesManager, never()).set(any(), any());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testGetProfileByVersion() throws RateLimitExceededException {
|
void testGetProfileByVersion() throws RateLimitExceededException {
|
||||||
VersionedProfileResponse profile = resources.getJerseyTest()
|
VersionedProfileResponse profile = resources.getJerseyTest()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue