MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow device to unlink itself

This commit is contained in:
Fedor Indutny 2024-08-15 08:59:13 -07:00 committed by ravi-signal
parent fd10b9723d
commit 7605462d48
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java
View File

@ -134,7 +134,8 @@ public class DeviceController {
@Path("/{device_id}") @Path("/{device_id}")
@ChangesLinkedDevices @ChangesLinkedDevices
public void removeDevice(@Mutable @Auth AuthenticatedDevice auth, @PathParam("device_id") byte deviceId) { public void removeDevice(@Mutable @Auth AuthenticatedDevice auth, @PathParam("device_id") byte deviceId) {
if (auth.getAuthenticatedDevice().getId() != Device.PRIMARY_ID) { if (auth.getAuthenticatedDevice().getId() != Device.PRIMARY_ID &&
auth.getAuthenticatedDevice().getId() != deviceId) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED); throw new WebApplicationException(Response.Status.UNAUTHORIZED);
} }

40
service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java
View File

@ -810,6 +810,46 @@ class DeviceControllerTest {
} }
} }
@Test
void removeDeviceBySelf() {
final byte deviceId = 2;
when(accountsManager.removeDevice(AuthHelper.VALID_ACCOUNT_3, deviceId))
.thenReturn(CompletableFuture.completedFuture(AuthHelper.VALID_ACCOUNT));
final Response response = resources
.getJerseyTest()
.target("/v1/devices/" + deviceId)
.request()
.header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_3, deviceId, AuthHelper.VALID_PASSWORD_3_LINKED))
.header(HttpHeaders.USER_AGENT, "Signal-Android/5.42.8675309 Android/30")
.delete();
assertThat(response.getStatus()).isEqualTo(204);
assertThat(response.hasEntity()).isFalse();
verify(accountsManager).removeDevice(AuthHelper.VALID_ACCOUNT_3, deviceId);
}
@Test
void removeDeviceByOther() {
final byte deviceId = 2;
final byte otherDeviceId = 3;
try (final Response response = resources
.getJerseyTest()
.target("/v1/devices/" + otherDeviceId)
.request()
.header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID_3, deviceId, AuthHelper.VALID_PASSWORD_3_LINKED))
.header(HttpHeaders.USER_AGENT, "Signal-Android/5.42.8675309 Android/30")
.delete()) {
assertThat(response.getStatus()).isEqualTo(401);
verify(accountsManager, never()).removeDevice(any(), anyByte());
}
}
@Test @Test
void checkVerificationToken() { void checkVerificationToken() {
final UUID uuid = UUID.randomUUID(); final UUID uuid = UUID.randomUUID();