From 78819d5382c3db80d7602add50cff9aae6dba670 Mon Sep 17 00:00:00 2001
From: Jon Chambers <jon@signal.org>
Date: Fri, 18 Jun 2021 13:20:06 -0400
Subject: [PATCH] Remove expiration logic when checking token validity.

The data store will no longer return tokens that have expired, and we no longer need to check for expiration in application space.
---
 .../auth/StoredVerificationCode.java          | 17 ++------------
 .../auth/StoredVerificationCodeTest.java      | 23 +++++++------------
 .../controllers/AccountControllerTest.java    |  2 +-
 .../controllers/DeviceControllerTest.java     |  2 +-
 4 files changed, 12 insertions(+), 32 deletions(-)

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java b/service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java
index 40db52c7f..6a0d6072b 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCode.java
@@ -7,15 +7,11 @@ package org.whispersystems.textsecuregcm.auth;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
-
-import com.google.common.annotations.VisibleForTesting;
-import org.whispersystems.textsecuregcm.util.Util;
-
-import javax.annotation.Nullable;
 import java.security.MessageDigest;
 import java.time.Duration;
-import java.time.Instant;
 import java.util.Optional;
+import javax.annotation.Nullable;
+import org.whispersystems.textsecuregcm.util.Util;
 
 public class StoredVerificationCode {
 
@@ -64,15 +60,6 @@ public class StoredVerificationCode {
   }
 
   public boolean isValid(String theirCodeString) {
-    return isValid(theirCodeString, Instant.now());
-  }
-
-  @VisibleForTesting
-  boolean isValid(String theirCodeString, Instant currentTime) {
-    if (Instant.ofEpochMilli(timestamp).plus(EXPIRATION).isBefore(currentTime)) {
-      return false;
-    }
-
     if (Util.isEmpty(code) || Util.isEmpty(theirCodeString)) {
       return false;
     }
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCodeTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCodeTest.java
index 4403ec292..130f27bbc 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCodeTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/auth/StoredVerificationCodeTest.java
@@ -5,33 +5,26 @@
 
 package org.whispersystems.textsecuregcm.auth;
 
-import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.util.stream.Stream;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 
-import java.time.Duration;
-import java.time.Instant;
-import java.util.stream.Stream;
-
-import static org.junit.jupiter.api.Assertions.*;
-
 class StoredVerificationCodeTest {
 
   @ParameterizedTest
   @MethodSource
-  void isValid(final StoredVerificationCode storedVerificationCode, final String code, final Instant currentTime, final boolean expectValid) {
-    assertEquals(expectValid, storedVerificationCode.isValid(code, currentTime));
+  void isValid(final StoredVerificationCode storedVerificationCode, final String code, final boolean expectValid) {
+    assertEquals(expectValid, storedVerificationCode.isValid(code));
   }
 
   private static Stream<Arguments> isValid() {
-    final Instant now = Instant.now();
-
     return Stream.of(
-        Arguments.of(new StoredVerificationCode("code", now.toEpochMilli(), null, null), "code", now, true),
-        Arguments.of(new StoredVerificationCode("code", now.toEpochMilli(), null, null), "incorrect", now, false),
-        Arguments.of(new StoredVerificationCode("code", now.toEpochMilli(), null, null), "code", now.plus(Duration.ofHours(1)), false),
-        Arguments.of(new StoredVerificationCode("", now.toEpochMilli(), null, null), "", now, false)
+        Arguments.of(new StoredVerificationCode("code", System.currentTimeMillis(), null, null), "code", true),
+        Arguments.of(new StoredVerificationCode("code", System.currentTimeMillis(), null, null), "incorrect", false),
+        Arguments.of(new StoredVerificationCode("", System.currentTimeMillis(), null, null), "", false)
     );
   }
 }
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java
index cfbcf3521..30be19831 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java
@@ -193,7 +193,7 @@ class AccountControllerTest {
     when(senderRegLockAccount.getUuid()).thenReturn(SENDER_REG_LOCK_UUID);
 
     when(pendingAccountsManager.getCodeForNumber(SENDER)).thenReturn(Optional.of(new StoredVerificationCode("1234", System.currentTimeMillis(), "1234-push", null)));
-    when(pendingAccountsManager.getCodeForNumber(SENDER_OLD)).thenReturn(Optional.of(new StoredVerificationCode("1234", System.currentTimeMillis() - TimeUnit.MINUTES.toMillis(31), null, null)));
+    when(pendingAccountsManager.getCodeForNumber(SENDER_OLD)).thenReturn(Optional.empty());
     when(pendingAccountsManager.getCodeForNumber(SENDER_PIN)).thenReturn(Optional.of(new StoredVerificationCode("333333", System.currentTimeMillis(), null, null)));
     when(pendingAccountsManager.getCodeForNumber(SENDER_REG_LOCK)).thenReturn(Optional.of(new StoredVerificationCode("666666", System.currentTimeMillis(), null, null)));
     when(pendingAccountsManager.getCodeForNumber(SENDER_OVER_PIN)).thenReturn(Optional.of(new StoredVerificationCode("444444", System.currentTimeMillis(), null, null)));
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/DeviceControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/DeviceControllerTest.java
index 2c984cc98..016c9ecff 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/DeviceControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/DeviceControllerTest.java
@@ -121,7 +121,7 @@ public class DeviceControllerTest {
     when(account.isAnnouncementGroupSupported()).thenReturn(true);
 
     when(pendingDevicesManager.getCodeForNumber(AuthHelper.VALID_NUMBER)).thenReturn(Optional.of(new StoredVerificationCode("5678901", System.currentTimeMillis(), null, null)));
-    when(pendingDevicesManager.getCodeForNumber(AuthHelper.VALID_NUMBER_TWO)).thenReturn(Optional.of(new StoredVerificationCode("1112223", System.currentTimeMillis() - TimeUnit.MINUTES.toMillis(31), null, null)));
+    when(pendingDevicesManager.getCodeForNumber(AuthHelper.VALID_NUMBER_TWO)).thenReturn(Optional.empty());
     when(accountsManager.get(AuthHelper.VALID_NUMBER)).thenReturn(Optional.of(account));
     when(accountsManager.get(AuthHelper.VALID_NUMBER_TWO)).thenReturn(Optional.of(maxedAccount));
   }