MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't rate limit null pin submissions

This commit is contained in:
Moxie Marlinspike 2018-03-13 17:33:19 -07:00
parent d7140eac35
commit 86389a5fb3
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java
View File

@ -175,13 +175,18 @@ public class AccountController {
System.currentTimeMillis() - existingAccount.get().getLastSeen() < TimeUnit.DAYS.toMillis(7))
{
rateLimiters.getVerifyLimiter().clear(number);
long timeRemaining = TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - existingAccount.get().getLastSeen());
if (accountAttributes.getPin() == null) {
throw new WebApplicationException(Response.status(423)
.entity(new RegistrationLockFailure(timeRemaining))
.build());
}
rateLimiters.getPinLimiter().validate(number);
if (accountAttributes.getPin() == null ||
!MessageDigest.isEqual(existingAccount.get().getPin().get().getBytes(), accountAttributes.getPin().getBytes()))
{
long timeRemaining = TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - existingAccount.get().getLastSeen());
if (!MessageDigest.isEqual(existingAccount.get().getPin().get().getBytes(), accountAttributes.getPin().getBytes())) {
throw new WebApplicationException(Response.status(423)
.entity(new RegistrationLockFailure(timeRemaining))
.build());

2
src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java
View File

@ -213,7 +213,7 @@ public class AccountControllerTest {
RegistrationLockFailure failure = response.readEntity(RegistrationLockFailure.class);
verify(pinLimiter).validate(eq(SENDER_PIN));
verifyNoMoreInteractions(pinLimiter);
}
@Test