MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do more thorough phone number validation

This commit is contained in:
Moxie Marlinspike 2018-12-24 16:19:04 -08:00
parent a69789d572
commit 7da7bec241
5 changed files with 60 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pom.xml
View File

@ -126,6 +126,13 @@
<version>0.1.5</version> <version>0.1.5</version>
</dependency> </dependency>
<dependency>
<groupId>com.googlecode.libphonenumber</groupId>
<artifactId>libphonenumber</artifactId>
<version>8.10.2</version>
</dependency>
<dependency> <dependency>
<groupId>org.glassfish.jersey.test-framework.providers</groupId> <groupId>org.glassfish.jersey.test-framework.providers</groupId>
<artifactId>jersey-test-framework-provider-grizzly2</artifactId> <artifactId>jersey-test-framework-provider-grizzly2</artifactId>

2
src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java
View File

@ -127,7 +127,7 @@ public class AccountController {
throws IOException, RateLimitExceededException throws IOException, RateLimitExceededException
{ {
if (!Util.isValidNumber(number)) { if (!Util.isValidNumber(number)) {
logger.debug("Invalid number: " + number); logger.info("Invalid number: " + number);
throw new WebApplicationException(Response.status(400).build()); throw new WebApplicationException(Response.status(400).build());
} }

12
src/main/java/org/whispersystems/textsecuregcm/util/Util.java
View File

@ -16,6 +16,8 @@
*/ */
package org.whispersystems.textsecuregcm.util; package org.whispersystems.textsecuregcm.util;
import com.google.i18n.phonenumbers.PhoneNumberUtil;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.security.MessageDigest; import java.security.MessageDigest;
@ -48,15 +50,7 @@ public class Util {
} }
public static boolean isValidNumber(String number) { public static boolean isValidNumber(String number) {
return number.matches("^\\+[0-9]{10,}") || return number.matches("^\\+[0-9]+") && PhoneNumberUtil.getInstance().isPossibleNumber(number, null);
number.matches("^\\+240[0-9]{6}") || // Equatorial Guinea
number.matches("^\\+298[0-9]{6}") || // Faroe Islands
number.matches("^\\+299[0-9]{6}") || // Greenland
number.matches("^\\+376[0-9]{6}") || // Andorra
number.matches("^\\+597[0-9]{6}") || // Suriname
number.matches("^\\+685[0-9]{5}") || // Samoa
number.matches("^\\+687[0-9]{6}") || // New Caledonia
number.matches("^\\+689[0-9]{6}"); // French Polynesia
} }
public static String getCountryCode(String number) { public static String getCountryCode(String number) {

4
src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java
View File

@ -213,14 +213,14 @@ public class AccountControllerTest {
public void testSendRestrictedIn() throws Exception { public void testSendRestrictedIn() throws Exception {
Response response = Response response =
resources.getJerseyTest() resources.getJerseyTest()
.target(String.format("/v1/accounts/sms/code/%s", "+1234567890")) .target(String.format("/v1/accounts/sms/code/%s", "+12345678901"))
.request() .request()
.header("X-Forwarded-For", RESTRICTED_HOST) .header("X-Forwarded-For", RESTRICTED_HOST)
.get(); .get();
assertThat(response.getStatus()).isEqualTo(200); assertThat(response.getStatus()).isEqualTo(200);
verify(smsSender).deliverSmsVerification(eq("+1234567890"), eq(Optional.empty()), anyString()); verify(smsSender).deliverSmsVerification(eq("+12345678901"), eq(Optional.empty()), anyString());
} }
@Test @Test

47
src/test/java/org/whispersystems/textsecuregcm/tests/util/ValidNumberTest.java Normal file
View File

@ -0,0 +1,47 @@
package org.whispersystems.textsecuregcm.tests.util;
import org.junit.Test;
import org.whispersystems.textsecuregcm.util.Util;
import static junit.framework.TestCase.assertTrue;
import static org.junit.Assert.assertFalse;
public class ValidNumberTest {
@Test
public void testValidE164() {
assertTrue(Util.isValidNumber("+14151231234"));
assertTrue(Util.isValidNumber("+71234567890"));
assertTrue(Util.isValidNumber("+447535742222"));
assertTrue(Util.isValidNumber("+4915174108888"));
}
@Test
public void testInvalidE164() {
assertFalse(Util.isValidNumber("+141512312341"));
assertFalse(Util.isValidNumber("+712345678901"));
assertFalse(Util.isValidNumber("+4475357422221"));
assertFalse(Util.isValidNumber("+491517410888811111"));
}
@Test
public void testNotE164() {
assertFalse(Util.isValidNumber("+1 415 123 1234"));
assertFalse(Util.isValidNumber("+1 (415) 123-1234"));
assertFalse(Util.isValidNumber("+1 415)123-1234"));
assertFalse(Util.isValidNumber("71234567890"));
assertFalse(Util.isValidNumber("001447535742222"));
assertFalse(Util.isValidNumber(" +14151231234"));
assertFalse(Util.isValidNumber("+1415123123a"));
}
@Test
public void testShortRegions() {
assertTrue(Util.isValidNumber("+298123456"));
assertTrue(Util.isValidNumber("+299123456"));
assertTrue(Util.isValidNumber("+376123456"));
assertTrue(Util.isValidNumber("+68512345"));
assertTrue(Util.isValidNumber("+689123456"));
}
}