Felix' Wire API UserInformation Tests

Goal

Getting the required information to send messages correctly

Procedure

Analysis of the Wire API

Getting information from this website

Information was obtained by going through the list of operations and writing down each command that seemed useful

Commands that might be analyzed further

• GET /self
• PUT /self
• GET /self/name
• POST /users/handles
• POST /users/prekeys: Given a map of user IDs to client IDs return a prekey for each one.
  • Might help to connect to another user
• GET /connections: Lists the connections to other users
• GET /clients: Get a list of all registered clients
  • Might help to find the own client id
• GET /clients/{client}
• POST /clients: Registers a new client

Testing in Java

Tests

• Compare stored cookie with cookies from HTTP responses
• Results were obtained by sending a HTTP request to the server and analyzing the answers

List of commands that were analyzed

• GET /self
• GET /clients
• GET /clients/{client}
• POST /clients

Results

Website

Each user has 1 userID, but has a clientID for each device

GET /self

• Response codes
  • 200: Get your profile
  • 401: Authorization required
• Response body (json)
  • email (optional)
  • phone (optional)
  • handle (optional)
  • locale (required)
  • managed_by (optional)
  • accent_id (optional)
  • name (required)
  • id (required)
  • deleted (optional)
  • assets (required)
    • Asset
      • size (required)
      • key (required)
      • type (required)

PUT /self

• Responses
  • 200: Profile updated
  • 401: Authorization required
• Requires a json body
• Responds a html body

GET /self/name

• Responses
  • 200: Get your profile
  • 401: Authorization required
• Returns json body with username

POST /users/handles

• Responses
  • 200: Get your profile
  • 401: Authorization required
• Requires json body
  • return (optional): number of free handles
  • handles (required): list of handles to check
• Returns a html body

GET /clients/{client}

• Responses
  • 200: Get all client information
  • 401: Authorization required
• Requires clientID in url
• Returns json string with the following entries
  • cookie
  • time
  • location (optional)
  • address (optional)
  • model (optional)
  • id
  • type
  • class
  • label (optional)

POST /clients

• Responses
  • 200: Success
  • 400: Prekey error
  • 401: Authentication error
  • 403: Too many clients
• Requires json body
• Returns json body

Tests in Java

GET /self

• Using a HTTP request without bearer token results in a 401 response code
• Using the bearer token in the url reslults in a 200 response code
• No special header
• Body is a json format
  • email: String
  • handle: String
  • locale: locale
  • managed_by: "wire"
  • accent_id: int
  • picture: "[]"
  • name: String
  • id: Hex
  • asets: Array
    • ""
      • size: "preview"
      • key: Hex
      • type: "image"
    • ""
      • size: "complete"
      • key: Hex
      • type: "image"
• Storing information in WireStorage class
• Comparing IDs
  • User ID from login and the one from this response are the same

GET /clients

• Bearer token required
• Usual header
• Body is json array. Each entry is structured as follows
  • time: Timestamp
  • location
    • lat: float
    • lon: float
  • model: String
  • id: Hex
  • type: String
  • class: String
  • label: String
• IDs are different from the userID

GET /clients/{client}

• This doesn't return a cookie, which makes this request useless for our goal

POST /clients

• Needs a valid prekey to register a client which we can't generate at the moment