MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure multi-recipient messages are addressed to ACI service IDs

This commit is contained in:
Chris Eager 2024-07-23 15:36:26 -05:00 committed by Chris Eager
parent e4ffc932a9
commit 6fa6c3c81c
2 changed files with 18 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
View File

@ -717,6 +717,13 @@ public class MessageController {
final @NotNull CombinedUnidentifiedSenderAccessKeys accessKeys,
final Collection<MultiRecipientDeliveryData> destinations) {
final int keyLength = UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH;
if (destinations.stream()
.anyMatch(destination -> IdentityType.PNI.equals(destination.serviceIdentifier.identityType()))) {
throw new WebApplicationException("Multi-recipient messages must be addressed to ACI service IDs",
Status.UNAUTHORIZED);
}
final byte[] combinedUnidentifiedAccessKeys = destinations.stream()
.map(MultiRecipientDeliveryData::account)
.filter(Predicate.not(Account::isUnrestrictedUnidentifiedAccess))

34
service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java
View File

@ -1343,10 +1343,10 @@ class MessageControllerTest {
new MultiRecipientMessageTestCase(bothAccountsMixed, auth, story, 200, 4),
new MultiRecipientMessageTestCase(realAndFakeMixed, auth, story, 200, 4),
new MultiRecipientMessageTestCase(singleDevicePni, auth, notStory, 200, 1),
new MultiRecipientMessageTestCase(singleDeviceAciAndPni, unauth, story, 200, 2),
new MultiRecipientMessageTestCase(multiDevicePni, auth, notStory, 200, 3),
new MultiRecipientMessageTestCase(bothAccountsMixed, auth, notStory, 200, 4),
new MultiRecipientMessageTestCase(singleDevicePni, auth, notStory, 401, 0),
new MultiRecipientMessageTestCase(singleDeviceAciAndPni, auth, notStory, 401, 0),
new MultiRecipientMessageTestCase(multiDevicePni, auth, notStory, 401, 0),
new MultiRecipientMessageTestCase(bothAccountsMixed, auth, notStory, 401, 0),
new MultiRecipientMessageTestCase(realAndFakeMixed, auth, notStory, 404, 0))
.argumentsForNextParameter(false, true); // urgent
}
@ -1580,10 +1580,10 @@ class MessageControllerTest {
);
}
@ParameterizedTest
@MethodSource
void sendMultiRecipientMessageMismatchedDevices(final ServiceIdentifier serviceIdentifier)
throws JsonProcessingException {
@Test
void sendMultiRecipientMessageMismatchedDevices() throws JsonProcessingException {
final ServiceIdentifier serviceIdentifier = MULTI_DEVICE_ACI_ID;
final byte extraDeviceId = MULTI_DEVICE_ID3 + 1;
@ -1627,15 +1627,9 @@ class MessageControllerTest {
}
}
private static Stream<Arguments> sendMultiRecipientMessageMismatchedDevices() {
return Stream.of(
Arguments.of(MULTI_DEVICE_ACI_ID),
Arguments.of(MULTI_DEVICE_PNI_ID));
}
@ParameterizedTest
@MethodSource
void sendMultiRecipientMessageStaleDevices(final ServiceIdentifier serviceIdentifier) throws JsonProcessingException {
@Test
void sendMultiRecipientMessageStaleDevices() throws JsonProcessingException {
final ServiceIdentifier serviceIdentifier = MULTI_DEVICE_ACI_ID;
final List<Recipient> recipients = List.of(
new Recipient(serviceIdentifier, MULTI_DEVICE_ID1, MULTI_DEVICE_REG_ID1 + 1, new byte[48]),
new Recipient(serviceIdentifier, MULTI_DEVICE_ID2, MULTI_DEVICE_REG_ID2 + 1, new byte[48]),
@ -1677,12 +1671,6 @@ class MessageControllerTest {
}
}
private static Stream<Arguments> sendMultiRecipientMessageStaleDevices() {
return Stream.of(
Arguments.of(MULTI_DEVICE_ACI_ID),
Arguments.of(MULTI_DEVICE_PNI_ID));
}
@Test
void sendMultiRecipientMessageStoryRateLimited() {
final List<Recipient> recipients = List.of(new Recipient(SINGLE_DEVICE_ACI_ID, SINGLE_DEVICE_ID1, SINGLE_DEVICE_REG_ID1, new byte[48]));