Refine Profiles gRPC errors and documentation

Author: eager-signal

service/src/main/java/org/whispersystems/textsecuregcm/grpc/ProfileGrpcHelper.java

@@ -72,7 +72,7 @@ static Optional<GetVersionedProfileResult> getVersionedProfile(final Account acc
       } else {
         responseBuilder.setDataEtag(DataEtag.newBuilder()
             .setData(ByteString.copyFrom(p.data()))
-            .setEtag(ByteString.copyFrom(p.dataHash()))
+            .setEtagSha256(ByteString.copyFrom(p.dataHash()))
             .build());
       }
     });
@@ -110,7 +110,7 @@ static Optional<GetVersionedProfileResult> getVersionedProfile(final Account acc
         } else {
           responseBuilder.setPaymentAddressDataEtag(DataEtag.newBuilder()
               .setData(ByteString.copyFrom(paymentAddress.get()))
-              .setEtag(ByteString.copyFrom(
+              .setEtagSha256(ByteString.copyFrom(
                   profile.map(VersionedProfile::paymentAddressHash).orElseGet(() -> hash(paymentAddress.get()))))
               .build());
         }

service/src/main/java/org/whispersystems/textsecuregcm/grpc/ProfileGrpcService.java

@@ -114,7 +114,7 @@ public SetProfileResponse setProfile(final SetProfileRequest request) {
         : account.getCurrentProfileVersion().get().equals(expectedCurrentVersionHex);
 
     if (!currentVersionMatchesExpected) {
-      return SetProfileResponse.newBuilder().setWriteConflict(FailedPrecondition.newBuilder()
+      return SetProfileResponse.newBuilder().setExpectedVersionWriteConflict(FailedPrecondition.newBuilder()
           .setDescription("current and expected profile versions must match")
           .build()).build();
     }
@@ -170,7 +170,7 @@ yield new AvatarData(currentAvatar, Optional.of(updateAvatarObjectName),
 
     } catch (WriteConflictException _) {
       return SetProfileResponse.newBuilder()
-          .setWriteConflict(FailedPrecondition.newBuilder()
+          .setExpectedDataWriteConflict(FailedPrecondition.newBuilder()
               .setDescription("current and expected data hash mismatch")
               .build())
           .build();
@@ -189,7 +189,7 @@ yield new AvatarData(currentAvatar, Optional.of(updateAvatarObjectName),
 
     } catch (final WriteConflictException _) {
       return SetProfileResponse.newBuilder()
-          .setWriteConflict(FailedPrecondition.newBuilder()
+          .setExpectedVersionWriteConflict(FailedPrecondition.newBuilder()
               .setDescription("current and expected version mismatch")
               .build())
           .build();

service/src/main/java/org/whispersystems/textsecuregcm/storage/ProfilesManager.java

@@ -104,6 +104,7 @@ public void setV1(UUID uuid, VersionedProfileV1 versionedProfile) {
   /// Transactionally sets v1 and v2 Profile data in DynamoDB.
   ///
   /// Note: writes to the Redis cache are not transactional, and a failed DynamoDB write may leave incorrect data in Redis
+  /// @throws WriteConflictException if the expected data hash does not match the stored data hash
   public void set(UUID uuid, VersionedProfileV1 versionedProfileV1, VersionedProfile versionedProfile, @Nullable byte[] expectedCurrentDataHash) throws WriteConflictException {
 
     final TransactWriteItem v1TransactWriteItem = profilesV1.getTransactWriteItem(uuid, versionedProfileV1);

service/src/main/proto/org/signal/chat/profile.proto

@@ -86,8 +86,10 @@ message SetProfileRequest {
   //
   // Optional, if there is no current profile version for the account.
   bytes expected_current_version = 4 [(require.exactlySize) = 0, (require.exactlySize) = 32];
+
   // The ciphertext of the MobileCoin wallet ID on the profile.
   bytes payment_address = 5 [(require.exactlySize) = 0, (require.exactlySize) = 582];
+
   // A list of badge IDs associated with the profile.
   repeated string badge_ids = 6;
 
@@ -128,8 +130,15 @@ message SetProfileResult {
 message SetProfileResponse {
   oneof response {
     SetProfileResult result = 1;
-    errors.FailedPrecondition write_conflict = 2 [(tag.reason) = "write_conflict"];
+    // The current data hash did not match the request's expectation, indicating
+    // another device on the account may have written an update the caller does not know about.
+    errors.FailedPrecondition expected_data_write_conflict = 2 [(tag.reason) = "expected_data_write_conflict"];
+    // Payments are not permitted in the account's region, based on its phone number.
+    // The request should be retried without `payment_address.
     PaymentsForbiddenInRegion payments_forbidden_in_region = 3 [(tag.reason) = "payments_forbidden_in_region"];
+    // The current version did not match the request's expectation, indicating
+    // another device on the account may have created a new version the caller does not know about.
+    errors.FailedPrecondition expected_version_write_conflict = 4 [(tag.reason) = "expected_version_write_conflict"];
 
     // Because this is a temporary field during the migration, it has the highest
     // field number without serialization overhead. This is purely aesthetic.
@@ -167,7 +176,10 @@ message DataEtag {
   bytes data = 1;
   // An entity tag for `data`. This may be used in subsequent requests for
   // this profile version to optimize bandwidth.
-  bytes etag = 2;
+  //
+  // Clients may validate that the value has been correctly calculated by deriving
+  // the SHA-256 digest of `data`.
+  bytes etag_sha256 = 2;
 }
 
 
@@ -301,13 +313,6 @@ message GetExpiringProfileKeyCredentialResult {
   bytes profile_key_credential = 1;
 }
 
-message GetExpiringProfileKeyCredentialResponse {
-  oneof response {
-    GetExpiringProfileKeyCredentialResult result = 1;
-    errors.NotFound not_found = 2 [(tag.reason) = "not_found"];
-  }
-}
-
 message GetExpiringProfileKeyCredentialAnonymousResponse {
   oneof response {
     GetExpiringProfileKeyCredentialResult result = 1;

service/src/test/java/org/whispersystems/textsecuregcm/grpc/ProfileAnonymousGrpcServiceTest.java

@@ -404,7 +404,7 @@ void getVersionedProfile(final byte[] requestVersion,
     if (expectResponseHasPaymentAddress) {
       expectedResultBuilder.setPaymentAddressDataEtag(DataEtag.newBuilder()
           .setData(ByteString.copyFrom(paymentAddress))
-          .setEtag(ByteString.copyFrom(ProfileGrpcHelper.hash(paymentAddress)))
+          .setEtagSha256(ByteString.copyFrom(ProfileGrpcHelper.hash(paymentAddress)))
           .build());
     }
 
@@ -456,10 +456,10 @@ void getVersionedProfileV2() {
     final GetVersionedProfileResult result = response.getResult();
     assertTrue(result.hasDataEtag());
     assertEquals(ByteString.copyFrom(data), result.getDataEtag().getData());
-    assertEquals(ByteString.copyFrom(v2Profile.dataHash()), result.getDataEtag().getEtag());
+    assertEquals(ByteString.copyFrom(v2Profile.dataHash()), result.getDataEtag().getEtagSha256());
     assertTrue(result.hasPaymentAddressDataEtag());
     assertEquals(ByteString.copyFrom(paymentAddress), result.getPaymentAddressDataEtag().getData());
-    assertEquals(ByteString.copyFrom(Objects.requireNonNull(v2Profile.paymentAddressHash())), result.getPaymentAddressDataEtag().getEtag());
+    assertEquals(ByteString.copyFrom(Objects.requireNonNull(v2Profile.paymentAddressHash())), result.getPaymentAddressDataEtag().getEtagSha256());
     assertFalse(result.getDataEtagMatched());
     assertFalse(result.getPaymentAddressEtagMatched());
     assertFalse(result.hasV1Response());

service/src/test/java/org/whispersystems/textsecuregcm/grpc/ProfileGrpcServiceTest.java

@@ -265,6 +265,99 @@ void setProfile() throws Exception {
     assertThat(v1Profile.phoneNumberSharing()).isEqualTo(validPhoneNumberSharing);
   }
 
+  @Test
+  void setProfileExpectedDataWriteConflict() throws Exception {
+    final byte[] commitment = new ProfileKey(new byte[32]).getCommitment(new ServiceId.Aci(AUTHENTICATED_ACI)).serialize();
+    final byte[] validAboutEmoji = new byte[60];
+    final byte[] validAbout = new byte[540];
+    final byte[] validPaymentAddress = new byte[582];
+    final byte[] validPhoneNumberSharing = new byte[29];
+
+    doThrow(WriteConflictException.class)
+        .when(profilesManager).set(any(), any(), any(), any());
+
+    final SetProfileRequest request = SetProfileRequest.newBuilder()
+        .setVersion(ByteString.copyFrom(VERSION))
+        .setData(ByteString.copyFrom(VALID_DATA))
+        .setCommitment(ByteString.copyFrom(commitment)) // after v1 -> v2 migration, commitment can be null if expectedDataHash is present
+        .setPaymentAddress(ByteString.copyFrom(validPaymentAddress))
+        .setV1Request(V1_REQUEST.toBuilder()
+            .setAvatarChange(AvatarChange.AVATAR_CHANGE_UNCHANGED)
+            .setAboutEmoji(ByteString.copyFrom(validAboutEmoji))
+            .setAbout(ByteString.copyFrom(validAbout))
+            .setPhoneNumberSharing(ByteString.copyFrom(validPhoneNumberSharing))
+        )
+        .build();
+
+    final SetProfileResponse response = authenticatedServiceStub().setProfile(request);
+
+    assertTrue(response.hasExpectedDataWriteConflict());
+    verify(accountsManager, never()).updateCurrentProfileVersion(any(), any(), any(), any());
+  }
+
+  @Test
+  void setProfileExpectedVersionWriteConflictBeforeUpdates() throws Exception {
+    final byte[] commitment = new ProfileKey(new byte[32]).getCommitment(new ServiceId.Aci(AUTHENTICATED_ACI)).serialize();
+    final byte[] validAboutEmoji = new byte[60];
+    final byte[] validAbout = new byte[540];
+    final byte[] validPaymentAddress = new byte[582];
+    final byte[] validPhoneNumberSharing = new byte[29];
+
+    when(account.getCurrentProfileVersion()).thenReturn(
+        Optional.of(HexFormat.of().formatHex(TestRandomUtil.nextBytes(32))));
+
+    final SetProfileRequest request = SetProfileRequest.newBuilder()
+        .setVersion(ByteString.copyFrom(VERSION))
+        .setData(ByteString.copyFrom(VALID_DATA))
+        .setCommitment(ByteString.copyFrom(commitment)) // after v1 -> v2 migration, commitment can be null if expectedDataHash is present
+        .setPaymentAddress(ByteString.copyFrom(validPaymentAddress))
+        .setExpectedCurrentVersion(ByteString.copyFrom(VERSION))
+        .setV1Request(V1_REQUEST.toBuilder()
+            .setAvatarChange(AvatarChange.AVATAR_CHANGE_UNCHANGED)
+            .setAboutEmoji(ByteString.copyFrom(validAboutEmoji))
+            .setAbout(ByteString.copyFrom(validAbout))
+            .setPhoneNumberSharing(ByteString.copyFrom(validPhoneNumberSharing))
+        )
+        .build();
+
+    final SetProfileResponse response = authenticatedServiceStub().setProfile(request);
+
+    assertTrue(response.hasExpectedVersionWriteConflict());
+    verify(profilesManager, never()).set(any(), any(), any(), any());
+    verify(accountsManager, never()).updateCurrentProfileVersion(any(), any(), any(), any());
+  }
+
+  @Test
+  void setProfileExpectedVersionWriteConflict() throws Exception {
+    final byte[] commitment = new ProfileKey(new byte[32]).getCommitment(new ServiceId.Aci(AUTHENTICATED_ACI)).serialize();
+    final byte[] validAboutEmoji = new byte[60];
+    final byte[] validAbout = new byte[540];
+    final byte[] validPaymentAddress = new byte[582];
+    final byte[] validPhoneNumberSharing = new byte[29];
+
+    doThrow(WriteConflictException.class)
+        .when(accountsManager).updateCurrentProfileVersion(any(), any(), any(), any());
+
+    final SetProfileRequest request = SetProfileRequest.newBuilder()
+        .setVersion(ByteString.copyFrom(VERSION))
+        .setData(ByteString.copyFrom(VALID_DATA))
+        .setCommitment(ByteString.copyFrom(commitment)) // after v1 -> v2 migration, commitment can be null if expectedDataHash is present
+        .setPaymentAddress(ByteString.copyFrom(validPaymentAddress))
+        .setV1Request(V1_REQUEST.toBuilder()
+            .setAvatarChange(AvatarChange.AVATAR_CHANGE_UNCHANGED)
+            .setAboutEmoji(ByteString.copyFrom(validAboutEmoji))
+            .setAbout(ByteString.copyFrom(validAbout))
+            .setPhoneNumberSharing(ByteString.copyFrom(validPhoneNumberSharing))
+        )
+        .build();
+
+    final SetProfileResponse response = authenticatedServiceStub().setProfile(request);
+
+    assertTrue(response.hasExpectedVersionWriteConflict());
+    verify(profilesManager).set(any(), any(), any(), any());
+    verify(accountsManager).updateCurrentProfileVersion(any(), any(), any(), any());
+  }
+
   @Test
   void setProfileWithoutCapability() {
     when(account.hasCapability(DeviceCapability.PROFILES_V2)).thenReturn(false);
@@ -640,7 +733,7 @@ void getVersionedProfile(final byte[] requestVersion, @Nullable final byte[] acc
     if (expectResponseHasPaymentAddress) {
       expectedResultBuilder.setPaymentAddressDataEtag(
           DataEtag.newBuilder().setData(ByteString.copyFrom(paymentAddress))
-              .setEtag(ByteString.copyFrom(ProfileGrpcHelper.hash(paymentAddress)))
+              .setEtagSha256(ByteString.copyFrom(ProfileGrpcHelper.hash(paymentAddress)))
               .build());
 
     }
@@ -693,10 +786,10 @@ void getVersionedProfileV2() {
 
     assertTrue(result.hasDataEtag());
     assertEquals(ByteString.copyFrom(data), result.getDataEtag().getData());
-    assertEquals(ByteString.copyFrom(v2Profile.dataHash()), result.getDataEtag().getEtag());
+    assertEquals(ByteString.copyFrom(v2Profile.dataHash()), result.getDataEtag().getEtagSha256());
     assertTrue(result.hasPaymentAddressDataEtag());
     assertEquals(ByteString.copyFrom(paymentAddress), result.getPaymentAddressDataEtag().getData());
-    assertEquals(ByteString.copyFrom(v2Profile.paymentAddressHash()), result.getPaymentAddressDataEtag().getEtag());
+    assertEquals(ByteString.copyFrom(v2Profile.paymentAddressHash()), result.getPaymentAddressDataEtag().getEtagSha256());
     assertFalse(result.getDataEtagMatched());
     assertFalse(result.getPaymentAddressEtagMatched());
     assertFalse(result.hasV1Response());