From 516f4bf39f73075b21ac002ef631252a142b1b06 Mon Sep 17 00:00:00 2001
From: Torsten Grote <t@grobox.de>
Date: Fri, 5 Nov 2021 09:25:52 -0300
Subject: [PATCH] Fix small setup token issues identified in review
Properly nulls settings and adds a test that setup token can't be used anymore
---
.../org/briarproject/mailbox/core/setup/SetupManager.kt | 2 +-
.../briarproject/mailbox/core/setup/SetupManagerTest.kt | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt b/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt
index 37e4f518..eb07a5ed 100644
--- a/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt
+++ b/mailbox-core/src/main/java/org/briarproject/mailbox/core/setup/SetupManager.kt
@@ -29,7 +29,7 @@ class SetupManager @Inject constructor(
fun restartSetup() {
val settings = Settings()
settings[SETTINGS_SETUP_TOKEN] = randomIdManager.getNewRandomId()
- settings[SETTINGS_OWNER_TOKEN] = "" // we can't remove or null, so we need to empty it
+ settings[SETTINGS_OWNER_TOKEN] = null
settingsManager.mergeSettings(settings, SETTINGS_NAMESPACE_OWNER)
}
diff --git a/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt b/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt
index aa4ad01e..ca509825 100644
--- a/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt
+++ b/mailbox-core/src/test/java/org/briarproject/mailbox/core/setup/SetupManagerTest.kt
@@ -95,6 +95,13 @@ class SetupManagerTest : IntegrationTest() {
assertNull(setupManager.getSetupToken(txn))
assertEquals(setupManager.getOwnerToken(txn), response.token)
}
+ // setup token can no longer be used
+ assertEquals(
+ HttpStatusCode.Unauthorized,
+ httpClient.put<HttpResponse>("$baseUrl/setup") {
+ authenticateWithToken(token)
+ }.status
+ )
}
@Test
--
GitLab