MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generate external creds for KBS based on UUID

This commit is contained in:
Moxie Marlinspike 2020-01-22 13:47:33 -08:00
parent e4e20c2d25
commit e399f9e851
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java
View File

@ -285,7 +285,7 @@ public class AccountController {
long timeRemaining = TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - existingAccount.get().getLastSeen()); long timeRemaining = TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - existingAccount.get().getLastSeen());
Optional<ExternalServiceCredentials> credentials = existingAccount.get().getRegistrationLock().isPresent() && Optional<ExternalServiceCredentials> credentials = existingAccount.get().getRegistrationLock().isPresent() &&
existingAccount.get().getRegistrationLockSalt().isPresent() ? existingAccount.get().getRegistrationLockSalt().isPresent() ?
Optional.of(backupServiceCredentialGenerator.generateFor(number)) : Optional.of(backupServiceCredentialGenerator.generateFor(existingAccount.get().getUuid().toString())) :
Optional.empty(); Optional.empty();
if (Util.isEmpty(accountAttributes.getPin()) && if (Util.isEmpty(accountAttributes.getPin()) &&

2
service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureBackupController.java
View File

@ -26,6 +26,6 @@ public class SecureBackupController {
@Path("/auth") @Path("/auth")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
public ExternalServiceCredentials getAuth(@Auth Account account) { public ExternalServiceCredentials getAuth(@Auth Account account) {
return backupServiceCredentialGenerator.generateFor(account.getNumber()); return backupServiceCredentialGenerator.generateFor(account.getUuid().toString());
} }
} }

8
service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java
View File

@ -50,6 +50,7 @@ import java.security.SecureRandom;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.Optional; import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import io.dropwizard.auth.PolymorphicAuthValueFactoryProvider; import io.dropwizard.auth.PolymorphicAuthValueFactoryProvider;
@ -68,6 +69,8 @@ public class AccountControllerTest {
private static final String SENDER_PREAUTH = "+14157777777"; private static final String SENDER_PREAUTH = "+14157777777";
private static final String SENDER_REG_LOCK = "+14158888888"; private static final String SENDER_REG_LOCK = "+14158888888";
private static final UUID SENDER_REG_LOCK_UUID = UUID.randomUUID();
private static final String ABUSIVE_HOST = "192.168.1.1"; private static final String ABUSIVE_HOST = "192.168.1.1";
private static final String RESTRICTED_HOST = "192.168.1.2"; private static final String RESTRICTED_HOST = "192.168.1.2";
private static final String NICE_HOST = "127.0.0.1"; private static final String NICE_HOST = "127.0.0.1";
@ -150,6 +153,7 @@ public class AccountControllerTest {
when(senderRegLockAccount.getRegistrationLock()).thenReturn(Optional.of(registrationLockCredentials.getHashedAuthenticationToken())); when(senderRegLockAccount.getRegistrationLock()).thenReturn(Optional.of(registrationLockCredentials.getHashedAuthenticationToken()));
when(senderRegLockAccount.getRegistrationLockSalt()).thenReturn(Optional.of(registrationLockCredentials.getSalt())); when(senderRegLockAccount.getRegistrationLockSalt()).thenReturn(Optional.of(registrationLockCredentials.getSalt()));
when(senderRegLockAccount.getLastSeen()).thenReturn(System.currentTimeMillis()); when(senderRegLockAccount.getLastSeen()).thenReturn(System.currentTimeMillis());
when(senderRegLockAccount.getUuid()).thenReturn(SENDER_REG_LOCK_UUID);
when(pendingAccountsManager.getCodeForNumber(SENDER)).thenReturn(Optional.of(new StoredVerificationCode("1234", System.currentTimeMillis(), null))); when(pendingAccountsManager.getCodeForNumber(SENDER)).thenReturn(Optional.of(new StoredVerificationCode("1234", System.currentTimeMillis(), null)));
when(pendingAccountsManager.getCodeForNumber(SENDER_OLD)).thenReturn(Optional.of(new StoredVerificationCode("1234", System.currentTimeMillis() - TimeUnit.MINUTES.toMillis(31), null))); when(pendingAccountsManager.getCodeForNumber(SENDER_OLD)).thenReturn(Optional.of(new StoredVerificationCode("1234", System.currentTimeMillis() - TimeUnit.MINUTES.toMillis(31), null)));
@ -608,9 +612,9 @@ public class AccountControllerTest {
RegistrationLockFailure failure = response.readEntity(RegistrationLockFailure.class); RegistrationLockFailure failure = response.readEntity(RegistrationLockFailure.class);
assertThat(failure.getBackupCredentials()).isNotNull(); assertThat(failure.getBackupCredentials()).isNotNull();
assertThat(failure.getBackupCredentials().getUsername()).isEqualTo(SENDER_REG_LOCK); assertThat(failure.getBackupCredentials().getUsername()).isEqualTo(SENDER_REG_LOCK_UUID.toString());
assertThat(failure.getBackupCredentials().getPassword()).isNotEmpty(); assertThat(failure.getBackupCredentials().getPassword()).isNotEmpty();
assertThat(failure.getBackupCredentials().getPassword().startsWith(SENDER_REG_LOCK)).isTrue(); assertThat(failure.getBackupCredentials().getPassword().startsWith(SENDER_REG_LOCK_UUID.toString())).isTrue();
assertThat(failure.getTimeRemaining()).isGreaterThan(0); assertThat(failure.getTimeRemaining()).isGreaterThan(0);
verifyNoMoreInteractions(pinLimiter); verifyNoMoreInteractions(pinLimiter);