fix: Authenticate all Open Group API calls

* Use unblinded authentication when we have `capabilities` data for the open group server we are sending the request to but don't have the `blind` capability * Use blinded authentication when we haven't gotten any `capabilities` for an open group server, or if we have `capabilities` and the server has the `blind` capability
2025-01-13 21:33:39 +00:00 · 2022-10-25 16:25:06 +11:00 · 2022-10-25 16:25:06 +11:00 · 31d388e00b
commit 31d388e00b
parent 1dbcffe40b
2 changed files with 68 additions and 74 deletions
--- a/libsession/src/main/java/org/session/libsession/messaging/jobs/BackgroundGroupAddJob.kt
+++ b/libsession/src/main/java/org/session/libsession/messaging/jobs/BackgroundGroupAddJob.kt
@ -41,7 +41,7 @@ class BackgroundGroupAddJob(val joinUrl: String): Job {
            }
            // get image
            storage.setOpenGroupPublicKey(openGroup.server, openGroup.serverPublicKey)
-            val (capabilities, info) = OpenGroupApi.getCapabilitiesAndRoomInfo(openGroup.room, openGroup.server, false).get()
+            val (capabilities, info) = OpenGroupApi.getCapabilitiesAndRoomInfo(openGroup.room, openGroup.server).get()
            storage.setServerCapabilities(openGroup.server, capabilities.capabilities)
            val imageId = info.imageId
            storage.addOpenGroup(openGroup.joinUrl())
--- a/libsession/src/main/java/org/session/libsession/messaging/open_groups/OpenGroupApi.kt
+++ b/libsession/src/main/java/org/session/libsession/messaging/open_groups/OpenGroupApi.kt
@ -255,7 +255,6 @@ object OpenGroupApi {
        val queryParameters: Map<String, String> = mapOf(),
        val parameters: Any? = null,
        val headers: Map<String, String> = mapOf(),
-        val isAuthRequired: Boolean = true,
        val body: ByteArray? = null,
        /**
         * Always `true` under normal circumstances. You might want to disable
@ -301,7 +300,6 @@ object OpenGroupApi {
                ?: return Promise.ofFail(Error.NoEd25519KeyPair)
            val urlRequest = urlBuilder.toString()
            val headers = request.headers.toMutableMap()
-            if (request.isAuthRequired) {
            val nonce = sodium.nonce(16)
            val timestamp = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis())
            var pubKey = ""
@ -337,7 +335,7 @@ object OpenGroupApi {
                .plus(request.verb.rawValue.toByteArray())
                .plus("/${request.endpoint.value}".toByteArray())
                .plus(bodyHash)
-                if (serverCapabilities.contains(Capability.BLIND.name.lowercase())) {
+            if (serverCapabilities.isEmpty() || serverCapabilities.contains(Capability.BLIND.name.lowercase())) {
                SodiumUtilities.blindedKeyPair(publicKey, ed25519KeyPair)?.let { keyPair ->
                    pubKey = SessionId(
                        IdPrefix.BLINDED,
@ -367,7 +365,6 @@ object OpenGroupApi {
            headers["X-SOGS-Timestamp"] = "$timestamp"
            headers["X-SOGS-Pubkey"] = pubKey
            headers["X-SOGS-Signature"] = encodeBytes(signature)
-            }

            val requestBuilder = okhttp3.Request.Builder()
                .url(urlRequest)
@ -794,16 +791,14 @@ object OpenGroupApi {

    private fun sequentialBatch(
        server: String,
-        requests: MutableList<BatchRequestInfo<*>>,
-        authRequired: Boolean = true
+        requests: MutableList<BatchRequestInfo<*>>
    ): Promise<List<BatchResponse<*>>, Exception> {
        val request = Request(
            verb = POST,
            room = null,
            server = server,
            endpoint = Endpoint.Sequence,
-            parameters = requests.map { it.request },
-            isAuthRequired = authRequired
+            parameters = requests.map { it.request }
        )
        return getBatchResponseJson(request, requests)
    }
@ -904,7 +899,7 @@ object OpenGroupApi {
    }

    fun getCapabilities(server: String): Promise<Capabilities, Exception> {
-        val request = Request(verb = GET, room = null, server = server, endpoint = Endpoint.Capabilities, isAuthRequired = false)
+        val request = Request(verb = GET, room = null, server = server, endpoint = Endpoint.Capabilities)
        return getResponseBody(request).map { response ->
            JsonUtil.fromJson(response, Capabilities::class.java)
        }
@ -912,8 +907,7 @@ object OpenGroupApi {

    fun getCapabilitiesAndRoomInfo(
        room: String,
-        server: String,
-        authRequired: Boolean = true
+        server: String
    ): Promise<Pair<Capabilities, RoomInfo>, Exception> {
        val requests = mutableListOf<BatchRequestInfo<*>>(
            BatchRequestInfo(
@ -933,7 +927,7 @@ object OpenGroupApi {
                responseType = object : TypeReference<RoomInfo>(){}
            )
        )
-        return sequentialBatch(server, requests, authRequired).map {
+        return sequentialBatch(server, requests).map {
            val capabilities = it.firstOrNull()?.body as? Capabilities ?: throw Error.ParsingFailed
            val roomInfo = it.lastOrNull()?.body as? RoomInfo ?: throw Error.ParsingFailed
            capabilities to roomInfo