Allow device to unlink itself

2024-08-15 08:59:13 -07:00 · 2024-08-15 08:59:13 -07:00 · 7605462d48
parent fd10b9723d
commit 7605462d48
2 changed files with 42 additions and 1 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
@ -134,7 +134,8 @@ public class DeviceController {
  @Path("/{device_id}")
  @ChangesLinkedDevices
  public void removeDevice(@Mutable @Auth AuthenticatedDevice auth, @PathParam("device_id") byte deviceId) {
-    if (auth.getAuthenticatedDevice().getId() != Device.PRIMARY_ID) {
+    if (auth.getAuthenticatedDevice().getId() != Device.PRIMARY_ID &&
+        auth.getAuthenticatedDevice().getId() != deviceId) {
      throw new WebApplicationException(Response.Status.UNAUTHORIZED);
    }

--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
@ -810,6 +810,46 @@ class DeviceControllerTest {
    }
  }

+  @Test
+  void removeDeviceBySelf() {
+    final byte deviceId = 2;
+
+    when(accountsManager.removeDevice(AuthHelper.VALID_ACCOUNT_3, deviceId))
+        .thenReturn(CompletableFuture.completedFuture(AuthHelper.VALID_ACCOUNT));
+
+    final Response response = resources
+        .getJerseyTest()
+        .target("/v1/devices/" + deviceId)
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_3, deviceId, AuthHelper.VALID_PASSWORD_3_LINKED))
+        .header(HttpHeaders.USER_AGENT, "Signal-Android/5.42.8675309 Android/30")
+        .delete();
+
+    assertThat(response.getStatus()).isEqualTo(204);
+    assertThat(response.hasEntity()).isFalse();
+
+    verify(accountsManager).removeDevice(AuthHelper.VALID_ACCOUNT_3, deviceId);
+  }
+
+  @Test
+  void removeDeviceByOther() {
+    final byte deviceId = 2;
+    final byte otherDeviceId = 3;
+
+    try (final Response response = resources
+        .getJerseyTest()
+        .target("/v1/devices/" + otherDeviceId)
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_3, deviceId, AuthHelper.VALID_PASSWORD_3_LINKED))
+        .header(HttpHeaders.USER_AGENT, "Signal-Android/5.42.8675309 Android/30")
+        .delete()) {
+
+      assertThat(response.getStatus()).isEqualTo(401);
+
+      verify(accountsManager, never()).removeDevice(any(), anyByte());
+    }
+  }
+
  @Test
  void checkVerificationToken() {
    final UUID uuid = UUID.randomUUID();