Do not allow session ID reuse and clean up sessions for introducee
It was possible that a malicious introducer sends new request with the same session ID that was used previously and thus causing introducees to have multiple states for the same session ID. This commits prevents that from happening and adds an integration test for that scenario. Also if an introducee removes an introducer, all past session states will be deleted from the database. For this, a test was added as well. Closes #371 Closes #372
Showing
- briar-android-tests/src/test/java/org/briarproject/IntroductionIntegrationTest.java 203 additions, 1 deletion...st/java/org/briarproject/IntroductionIntegrationTest.java
- briar-android-tests/src/test/java/org/briarproject/IntroductionIntegrationTestComponent.java 11 additions, 0 deletions...rg/briarproject/IntroductionIntegrationTestComponent.java
- briar-core/src/org/briarproject/introduction/IntroductionGroupFactory.java 1 addition, 1 deletion...g/briarproject/introduction/IntroductionGroupFactory.java
- briar-core/src/org/briarproject/introduction/IntroductionManagerImpl.java 23 additions, 5 deletions...rg/briarproject/introduction/IntroductionManagerImpl.java
- briar-core/src/org/briarproject/introduction/IntroductionValidator.java 2 additions, 0 deletions.../org/briarproject/introduction/IntroductionValidator.java
- briar-core/src/org/briarproject/introduction/MessageSender.java 1 addition, 1 deletion...core/src/org/briarproject/introduction/MessageSender.java
Loading
Please register or sign in to comment