Rename AuthenticatedAccount to AuthenticatedDevice

api-doc/src/main/java/org/signal/openapi/OpenApiExtension.java

@@ -21,7 +21,7 @@ import java.util.Optional;
 import java.util.ServiceLoader;
 import java.util.Set;
 import javax.ws.rs.Consumes;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 
 /**
  * One of the extension mechanisms of Swagger Core library (OpenAPI processor) is via custom implementations
@@ -62,11 +62,11 @@ public class OpenApiExtension extends AbstractOpenAPIExtension {
     if (annotations.stream().anyMatch(a -> a.annotationType().equals(Auth.class))) {
       // this is the case of authenticated endpoint,
       if (type instanceof SimpleType simpleType
-          && simpleType.getRawClass().equals(AuthenticatedAccount.class)) {
+          && simpleType.getRawClass().equals(AuthenticatedDevice.class)) {
         return AUTHENTICATED_ACCOUNT;
       }
       if (type instanceof SimpleType simpleType
-          && isOptionalOfType(simpleType, AuthenticatedAccount.class)) {
+          && isOptionalOfType(simpleType, AuthenticatedDevice.class)) {
         return OPTIONAL_AUTHENTICATED_ACCOUNT;
       }
     }

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java

@@ -76,7 +76,7 @@ import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.attachments.GcsAttachmentGenerator;
 import org.whispersystems.textsecuregcm.attachments.TusAttachmentGenerator;
 import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.CertificateGenerator;
 import org.whispersystems.textsecuregcm.auth.CloudflareTurnCredentialsManager;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
@@ -974,8 +974,8 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
               config.getExternalRequestFilterConfiguration().paths().toArray(new String[]{}));
     }
 
-    final AuthFilter<BasicCredentials, AuthenticatedAccount> accountAuthFilter =
+    final AuthFilter<BasicCredentials, AuthenticatedDevice> accountAuthFilter =
-        new BasicCredentialAuthFilter.Builder<AuthenticatedAccount>()
+        new BasicCredentialAuthFilter.Builder<AuthenticatedDevice>()
             .setAuthenticator(accountAuthenticator)
             .buildAuthFilter();
 
@@ -992,12 +992,12 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     environment.jersey().register(new RequestStatisticsFilter(TrafficSource.HTTP));
     environment.jersey().register(MultiRecipientMessageProvider.class);
     environment.jersey().register(new AuthDynamicFeature(accountAuthFilter));
-    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class));
+    environment.jersey().register(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class));
     environment.jersey().register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
     environment.jersey().register(new TimestampResponseFilter());
 
     ///
-    WebSocketEnvironment<AuthenticatedAccount> webSocketEnvironment = new WebSocketEnvironment<>(environment,
+    WebSocketEnvironment<AuthenticatedDevice> webSocketEnvironment = new WebSocketEnvironment<>(environment,
         config.getWebSocketConfiguration(), Duration.ofMillis(90000));
     webSocketEnvironment.jersey().register(new VirtualExecutorServiceProvider("managed-async-websocket-virtual-thread-"));
     webSocketEnvironment.setAuthenticator(new WebSocketAccountAuthenticator(accountAuthenticator, new AccountPrincipalSupplier(accountsManager)));
@@ -1128,7 +1128,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
       webSocketEnvironment.jersey().register(controller);
     }
 
-    WebSocketEnvironment<AuthenticatedAccount> provisioningEnvironment = new WebSocketEnvironment<>(environment,
+    WebSocketEnvironment<AuthenticatedDevice> provisioningEnvironment = new WebSocketEnvironment<>(environment,
         webSocketEnvironment.getRequestLog(), Duration.ofMillis(60000));
     provisioningEnvironment.jersey().register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
     provisioningEnvironment.setConnectListener(new ProvisioningConnectListener(provisioningManager));
@@ -1144,11 +1144,11 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
 
     JettyWebSocketServletContainerInitializer.configure(environment.getApplicationContext(), null);
 
-    WebSocketResourceProviderFactory<AuthenticatedAccount> webSocketServlet = new WebSocketResourceProviderFactory<>(
+    WebSocketResourceProviderFactory<AuthenticatedDevice> webSocketServlet = new WebSocketResourceProviderFactory<>(
-        webSocketEnvironment, AuthenticatedAccount.class, config.getWebSocketConfiguration(),
+        webSocketEnvironment, AuthenticatedDevice.class, config.getWebSocketConfiguration(),
         RemoteAddressFilter.REMOTE_ADDRESS_ATTRIBUTE_NAME);
-    WebSocketResourceProviderFactory<AuthenticatedAccount> provisioningServlet = new WebSocketResourceProviderFactory<>(
+    WebSocketResourceProviderFactory<AuthenticatedDevice> provisioningServlet = new WebSocketResourceProviderFactory<>(
-        provisioningEnvironment, AuthenticatedAccount.class, config.getWebSocketConfiguration(),
+        provisioningEnvironment, AuthenticatedDevice.class, config.getWebSocketConfiguration(),
         RemoteAddressFilter.REMOTE_ADDRESS_ATTRIBUTE_NAME);
 
     ServletRegistration.Dynamic websocket = environment.servlets().addServlet("WebSocket", webSocketServlet);
@@ -1169,8 +1169,8 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
   }
 
   private void registerExceptionMappers(Environment environment,
-      WebSocketEnvironment<AuthenticatedAccount> webSocketEnvironment,
+      WebSocketEnvironment<AuthenticatedDevice> webSocketEnvironment,
-      WebSocketEnvironment<AuthenticatedAccount> provisioningEnvironment) {
+      WebSocketEnvironment<AuthenticatedDevice> provisioningEnvironment) {
 
     List.of(
         new LoggingUnhandledExceptionMapper(),

service/src/main/java/org/whispersystems/textsecuregcm/auth/AccountAuthenticator.java

@@ -25,7 +25,7 @@ import org.whispersystems.textsecuregcm.storage.Device;
 import org.whispersystems.textsecuregcm.util.Pair;
 import org.whispersystems.textsecuregcm.util.Util;
 
-public class AccountAuthenticator implements Authenticator<BasicCredentials, AuthenticatedAccount> {
+public class AccountAuthenticator implements Authenticator<BasicCredentials, AuthenticatedDevice> {
 
   private static final String LEGACY_NAME_PREFIX = "org.whispersystems.textsecuregcm.auth.BaseAccountAuthenticator";
 
@@ -73,7 +73,7 @@ public class AccountAuthenticator implements Authenticator<BasicCredentials, Aut
   }
 
   @Override
-  public Optional<AuthenticatedAccount> authenticate(BasicCredentials basicCredentials) {
+  public Optional<AuthenticatedDevice> authenticate(BasicCredentials basicCredentials) {
     boolean succeeded = false;
     String failureReason = null;
 
@@ -112,7 +112,7 @@ public class AccountAuthenticator implements Authenticator<BasicCredentials, Aut
               device.get(),
               SaltedTokenHash.generateFor(basicCredentials.getPassword()));  // new credentials have current version
         }
-        return Optional.of(new AuthenticatedAccount(authenticatedAccount, device.get()));
+        return Optional.of(new AuthenticatedDevice(authenticatedAccount, device.get()));
       } else {
         failureReason = "incorrectPassword";
         return Optional.empty();

service/src/main/java/org/whispersystems/textsecuregcm/auth/AuthenticatedDevice.java

@@ -6,16 +6,16 @@
 package org.whispersystems.textsecuregcm.auth;
 
 import java.security.Principal;
-import java.util.function.Supplier;
 import javax.security.auth.Subject;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 
-public class AuthenticatedAccount implements Principal, AccountAndAuthenticatedDeviceHolder {
+public class AuthenticatedDevice implements Principal, AccountAndAuthenticatedDeviceHolder {
+
   private final Account account;
   private final Device device;
 
- public AuthenticatedAccount(final Account account, final Device device) {
+  public AuthenticatedDevice(final Account account, final Device device) {
     this.account = account;
     this.device = device;
   }

service/src/main/java/org/whispersystems/textsecuregcm/auth/LinkedDeviceRefreshRequirementProvider.java

@@ -25,7 +25,7 @@ import org.whispersystems.textsecuregcm.util.Pair;
  * any active WebSocket connections for the account must be closed in order for clients to get a refreshed
  * {@link io.dropwizard.auth.Auth} object with a current device list.
  *
- * @see AuthenticatedAccount
+ * @see AuthenticatedDevice
  */
 public class LinkedDeviceRefreshRequirementProvider implements WebsocketRefreshRequirementProvider {
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java

@@ -33,7 +33,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import org.signal.libsignal.usernames.BaseUsernameException;
 import org.whispersystems.textsecuregcm.auth.AccountAndAuthenticatedDeviceHolder;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.SaltedTokenHash;
 import org.whispersystems.textsecuregcm.auth.TurnToken;
 import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
@@ -99,7 +99,7 @@ public class AccountController {
   @GET
   @Path("/turn/")
   @Produces(MediaType.APPLICATION_JSON)
-  public TurnToken getTurnToken(@ReadOnly @Auth AuthenticatedAccount auth) throws RateLimitExceededException {
+  public TurnToken getTurnToken(@ReadOnly @Auth AuthenticatedDevice auth) throws RateLimitExceededException {
     rateLimiters.getTurnLimiter().validate(auth.getAccount().getUuid());
     return turnTokenGenerator.generate(auth.getAccount().getUuid());
   }
@@ -108,7 +108,7 @@ public class AccountController {
   @Path("/gcm/")
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
-  public void setGcmRegistrationId(@Mutable @Auth AuthenticatedAccount auth,
+  public void setGcmRegistrationId(@Mutable @Auth AuthenticatedDevice auth,
       @NotNull @Valid GcmRegistrationId registrationId) {
 
     final Account account = auth.getAccount();
@@ -128,7 +128,7 @@ public class AccountController {
 
   @DELETE
   @Path("/gcm/")
-  public void deleteGcmRegistrationId(@Mutable @Auth AuthenticatedAccount auth) {
+  public void deleteGcmRegistrationId(@Mutable @Auth AuthenticatedDevice auth) {
     Account account = auth.getAccount();
     Device device = auth.getAuthenticatedDevice();
 
@@ -143,7 +143,7 @@ public class AccountController {
   @Path("/apn/")
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
-  public void setApnRegistrationId(@Mutable @Auth AuthenticatedAccount auth,
+  public void setApnRegistrationId(@Mutable @Auth AuthenticatedDevice auth,
       @NotNull @Valid ApnRegistrationId registrationId) {
 
     final Account account = auth.getAccount();
@@ -161,7 +161,7 @@ public class AccountController {
 
   @DELETE
   @Path("/apn/")
-  public void deleteApnRegistrationId(@Mutable @Auth AuthenticatedAccount auth) {
+  public void deleteApnRegistrationId(@Mutable @Auth AuthenticatedDevice auth) {
     Account account = auth.getAccount();
     Device device = auth.getAuthenticatedDevice();
 
@@ -180,7 +180,7 @@ public class AccountController {
   @PUT
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/registration_lock")
-  public void setRegistrationLock(@Mutable @Auth AuthenticatedAccount auth, @NotNull @Valid RegistrationLock accountLock) {
+  public void setRegistrationLock(@Mutable @Auth AuthenticatedDevice auth, @NotNull @Valid RegistrationLock accountLock) {
     SaltedTokenHash credentials = SaltedTokenHash.generateFor(accountLock.getRegistrationLock());
 
     accounts.update(auth.getAccount(),
@@ -189,13 +189,13 @@ public class AccountController {
 
   @DELETE
   @Path("/registration_lock")
-  public void removeRegistrationLock(@Mutable @Auth AuthenticatedAccount auth) {
+  public void removeRegistrationLock(@Mutable @Auth AuthenticatedDevice auth) {
     accounts.update(auth.getAccount(), a -> a.setRegistrationLock(null, null));
   }
 
   @PUT
   @Path("/name/")
-  public void setName(@Mutable @Auth AuthenticatedAccount auth, @NotNull @Valid DeviceName deviceName) {
+  public void setName(@Mutable @Auth AuthenticatedDevice auth, @NotNull @Valid DeviceName deviceName) {
     Account account = auth.getAccount();
     Device device = auth.getAuthenticatedDevice();
     accounts.updateDevice(account, device.getId(), d -> d.setName(deviceName.getDeviceName()));
@@ -206,7 +206,7 @@ public class AccountController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public void setAccountAttributes(
-      @Mutable @Auth AuthenticatedAccount auth,
+      @Mutable @Auth AuthenticatedDevice auth,
       @HeaderParam(HeaderUtils.X_SIGNAL_AGENT) String userAgent,
       @NotNull @Valid AccountAttributes attributes) {
     final Account account = auth.getAccount();
@@ -236,14 +236,14 @@ public class AccountController {
   @Path("/me")
   @Deprecated() // use whoami
   @Produces(MediaType.APPLICATION_JSON)
-  public AccountIdentityResponse getMe(@ReadOnly @Auth AuthenticatedAccount auth) {
+  public AccountIdentityResponse getMe(@ReadOnly @Auth AuthenticatedDevice auth) {
     return buildAccountIdentityResponse(auth);
   }
 
   @GET
   @Path("/whoami")
   @Produces(MediaType.APPLICATION_JSON)
-  public AccountIdentityResponse whoAmI(@ReadOnly @Auth AuthenticatedAccount auth) {
+  public AccountIdentityResponse whoAmI(@ReadOnly @Auth AuthenticatedDevice auth) {
     return buildAccountIdentityResponse(auth);
   }
 
@@ -266,7 +266,7 @@ public class AccountController {
   )
   @ApiResponse(responseCode = "204", description = "Username successfully deleted.", useReturnTypeSchema = true)
   @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
-  public CompletableFuture<Response> deleteUsernameHash(@Mutable @Auth final AuthenticatedAccount auth) {
+  public CompletableFuture<Response> deleteUsernameHash(@Mutable @Auth final AuthenticatedDevice auth) {
     return accounts.clearUsernameHash(auth.getAccount())
         .thenApply(Util.ASYNC_EMPTY_RESPONSE);
   }
@@ -288,7 +288,7 @@ public class AccountController {
   @ApiResponse(responseCode = "422", description = "Invalid request format.")
   @ApiResponse(responseCode = "429", description = "Ratelimited.")
   public CompletableFuture<ReserveUsernameHashResponse> reserveUsernameHash(
-      @Mutable @Auth final AuthenticatedAccount auth,
+      @Mutable @Auth final AuthenticatedDevice auth,
       @NotNull @Valid final ReserveUsernameHashRequest usernameRequest) throws RateLimitExceededException {
 
     rateLimiters.getUsernameReserveLimiter().validate(auth.getAccount().getUuid());
@@ -328,7 +328,7 @@ public class AccountController {
   @ApiResponse(responseCode = "422", description = "Invalid request format.")
   @ApiResponse(responseCode = "429", description = "Ratelimited.")
   public CompletableFuture<UsernameHashResponse> confirmUsernameHash(
-      @Mutable @Auth final AuthenticatedAccount auth,
+      @Mutable @Auth final AuthenticatedDevice auth,
       @NotNull @Valid final ConfirmUsernameHashRequest confirmRequest) {
 
     try {
@@ -373,7 +373,7 @@ public class AccountController {
   @ApiResponse(responseCode = "400", description = "Request must not be authenticated.")
   @ApiResponse(responseCode = "404", description = "Account not found for the given username.")
   public CompletableFuture<AccountIdentifierResponse> lookupUsernameHash(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> maybeAuthenticatedAccount,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> maybeAuthenticatedAccount,
       @PathParam("usernameHash") final String usernameHash) {
 
     requireNotAuthenticated(maybeAuthenticatedAccount);
@@ -412,7 +412,7 @@ public class AccountController {
   @ApiResponse(responseCode = "422", description = "Invalid request format.")
   @ApiResponse(responseCode = "429", description = "Ratelimited.")
   public UsernameLinkHandle updateUsernameLink(
-      @Mutable @Auth final AuthenticatedAccount auth,
+      @Mutable @Auth final AuthenticatedDevice auth,
       @NotNull @Valid final EncryptedUsername encryptedUsername) throws RateLimitExceededException {
     // check ratelimiter for username link operations
     rateLimiters.forDescriptor(RateLimiters.For.USERNAME_LINK_OPERATION).validate(auth.getAccount().getUuid());
@@ -446,7 +446,7 @@ public class AccountController {
   @ApiResponse(responseCode = "204", description = "Username Link successfully deleted.", useReturnTypeSchema = true)
   @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
   @ApiResponse(responseCode = "429", description = "Ratelimited.")
-  public void deleteUsernameLink(@Mutable @Auth final AuthenticatedAccount auth) throws RateLimitExceededException {
+  public void deleteUsernameLink(@Mutable @Auth final AuthenticatedDevice auth) throws RateLimitExceededException {
     // check ratelimiter for username link operations
     rateLimiters.forDescriptor(RateLimiters.For.USERNAME_LINK_OPERATION).validate(auth.getAccount().getUuid());
     clearUsernameLink(auth.getAccount());
@@ -469,7 +469,7 @@ public class AccountController {
   @ApiResponse(responseCode = "422", description = "Invalid request format.")
   @ApiResponse(responseCode = "429", description = "Ratelimited.")
   public CompletableFuture<EncryptedUsername> lookupUsernameLink(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> maybeAuthenticatedAccount,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> maybeAuthenticatedAccount,
       @PathParam("uuid") final UUID usernameLinkHandle) {
 
     requireNotAuthenticated(maybeAuthenticatedAccount);
@@ -495,7 +495,7 @@ public class AccountController {
   @Path("/account/{identifier}")
   @RateLimitedByIp(RateLimiters.For.CHECK_ACCOUNT_EXISTENCE)
   public Response accountExists(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> authenticatedAccount,
 
       @Parameter(description = "An ACI or PNI account identifier to check")
       @PathParam("identifier") final ServiceIdentifier accountIdentifier) {
@@ -510,7 +510,7 @@ public class AccountController {
 
   @DELETE
   @Path("/me")
-  public CompletableFuture<Response> deleteAccount(@Mutable @Auth AuthenticatedAccount auth) {
+  public CompletableFuture<Response> deleteAccount(@Mutable @Auth AuthenticatedDevice auth) {
     return accounts.delete(auth.getAccount(), AccountsManager.DeletionReason.USER_REQUEST).thenApply(Util.ASYNC_EMPTY_RESPONSE);
   }
 
@@ -528,7 +528,7 @@ public class AccountController {
     accounts.update(account, a -> a.setUsernameLinkDetails(usernameLinkHandle, encryptedUsername));
   }
 
-  private void requireNotAuthenticated(final Optional<AuthenticatedAccount> authenticatedAccount) {
+  private void requireNotAuthenticated(final Optional<AuthenticatedDevice> authenticatedAccount) {
     if (authenticatedAccount.isPresent()) {
       throw new BadRequestException("Operation requires unauthenticated access");
     }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountControllerV2.java

@@ -36,7 +36,7 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ChangesPhoneNumber;
 import org.whispersystems.textsecuregcm.auth.PhoneVerificationTokenManager;
 import org.whispersystems.textsecuregcm.auth.RegistrationLockVerificationManager;
@@ -49,7 +49,6 @@ import org.whispersystems.textsecuregcm.entities.PhoneNumberIdentityKeyDistribut
 import org.whispersystems.textsecuregcm.entities.PhoneVerificationRequest;
 import org.whispersystems.textsecuregcm.entities.RegistrationLockFailure;
 import org.whispersystems.textsecuregcm.entities.StaleDevices;
-import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.storage.Account;
@@ -106,11 +105,11 @@ public class AccountControllerV2 {
   @ApiResponse(responseCode = "429", description = "Too many attempts", headers = @Header(
       name = "Retry-After",
       description = "If present, an positive integer indicating the number of seconds before a subsequent attempt could succeed"))
-  public AccountIdentityResponse changeNumber(@Mutable @Auth final AuthenticatedAccount authenticatedAccount,
+  public AccountIdentityResponse changeNumber(@Mutable @Auth final AuthenticatedDevice authenticatedDevice,
       @NotNull @Valid final ChangeNumberRequest request, @HeaderParam(HttpHeaders.USER_AGENT) final String userAgentString)
       throws RateLimitExceededException, InterruptedException {
 
-    if (!authenticatedAccount.getAuthenticatedDevice().isPrimary()) {
+    if (!authenticatedDevice.getAuthenticatedDevice().isPrimary()) {
       throw new ForbiddenException();
     }
 
@@ -132,7 +131,7 @@ public class AccountControllerV2 {
     final String number = request.number();
 
     // Only verify and check reglock if there's a data change to be made...
-    if (!authenticatedAccount.getAccount().getNumber().equals(number)) {
+    if (!authenticatedDevice.getAccount().getNumber().equals(number)) {
 
       rateLimiters.getRegistrationLimiter().validate(number);
 
@@ -154,7 +153,7 @@ public class AccountControllerV2 {
     // ...but always attempt to make the change in case a client retries and needs to re-send messages
     try {
       final Account updatedAccount = changeNumberManager.changeNumber(
-          authenticatedAccount.getAccount(),
+          authenticatedDevice.getAccount(),
           request.number(),
           request.pniIdentityKey(),
           request.devicePniSignedPrekeys(),
@@ -199,11 +198,11 @@ public class AccountControllerV2 {
   @ApiResponse(responseCode = "410", description = "The registration IDs provided for some devices do not match those stored on the server.",
       content = @Content(schema = @Schema(implementation = StaleDevices.class)))
   public AccountIdentityResponse distributePhoneNumberIdentityKeys(
-      @Mutable @Auth final AuthenticatedAccount authenticatedAccount,
+      @Mutable @Auth final AuthenticatedDevice authenticatedDevice,
       @HeaderParam(HttpHeaders.USER_AGENT) @Nullable final String userAgentString,
       @NotNull @Valid final PhoneNumberIdentityKeyDistributionRequest request) {
 
-    if (!authenticatedAccount.getAuthenticatedDevice().isPrimary()) {
+    if (!authenticatedDevice.getAuthenticatedDevice().isPrimary()) {
       throw new ForbiddenException();
     }
 
@@ -213,7 +212,7 @@ public class AccountControllerV2 {
 
     try {
       final Account updatedAccount = changeNumberManager.updatePniKeys(
-          authenticatedAccount.getAccount(),
+          authenticatedDevice.getAccount(),
           request.pniIdentityKey(),
           request.devicePniSignedPrekeys(),
           request.devicePniPqLastResortPrekeys(),
@@ -247,7 +246,7 @@ public class AccountControllerV2 {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public void setPhoneNumberDiscoverability(
-      @Mutable @Auth AuthenticatedAccount auth,
+      @Mutable @Auth AuthenticatedDevice auth,
       @NotNull @Valid PhoneNumberDiscoverabilityRequest phoneNumberDiscoverability
   ) {
     accountsManager.update(auth.getAccount(), a -> a.setDiscoverableByPhoneNumber(
@@ -261,7 +260,7 @@ public class AccountControllerV2 {
   @ApiResponse(responseCode = "200",
       description = "Response with data report. A plain text representation is a field in the response.",
       useReturnTypeSchema = true)
-  public AccountDataReportResponse getAccountDataReport(@ReadOnly @Auth final AuthenticatedAccount auth) {
+  public AccountDataReportResponse getAccountDataReport(@ReadOnly @Auth final AuthenticatedDevice auth) {
 
     final Account account = auth.getAccount();
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java

@@ -53,7 +53,7 @@ import org.signal.libsignal.zkgroup.InvalidInputException;
 import org.signal.libsignal.zkgroup.backups.BackupAuthCredentialPresentation;
 import org.signal.libsignal.zkgroup.backups.BackupAuthCredentialRequest;
 import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialPresentation;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.backup.BackupAuthManager;
 import org.whispersystems.textsecuregcm.backup.BackupManager;
 import org.whispersystems.textsecuregcm.backup.CopyParameters;
@@ -112,7 +112,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "400", description = "The provided backup auth credential request was invalid")
   @ApiResponse(responseCode = "429", description = "Rate limited. Too many attempts to change the backup-id have been made")
   public CompletionStage<Response> setBackupId(
-      @Mutable @Auth final AuthenticatedAccount account,
+      @Mutable @Auth final AuthenticatedDevice account,
       @Valid @NotNull final SetBackupIdRequest setBackupIdRequest) throws RateLimitExceededException {
     return this.backupAuthManager
         .commitBackupId(account.getAccount(), setBackupIdRequest.backupAuthCredentialRequest)
@@ -156,7 +156,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "400", description = "The provided presentation or receipt was invalid")
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   public CompletionStage<Response> redeemReceipt(
-      @Mutable @Auth final AuthenticatedAccount account,
+      @Mutable @Auth final AuthenticatedDevice account,
       @Valid @NotNull final RedeemBackupReceiptRequest redeemBackupReceiptRequest) {
     return this.backupAuthManager.redeemReceipt(
             account.getAccount(),
@@ -197,7 +197,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "404", description = "Could not find an existing blinded backup id")
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   public CompletionStage<BackupAuthCredentialsResponse> getBackupZKCredentials(
-      @Mutable @Auth AuthenticatedAccount auth,
+      @Mutable @Auth AuthenticatedDevice auth,
       @NotNull @QueryParam("redemptionStartSeconds") Long startSeconds,
       @NotNull @QueryParam("redemptionEndSeconds") Long endSeconds) {
 
@@ -270,7 +270,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<ReadAuthResponse> readAuth(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -321,7 +321,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<BackupInfoResponse> backupInfo(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -366,7 +366,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "204", description = "The public key was set")
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   public CompletionStage<Response> setPublicKey(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -403,7 +403,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<UploadDescriptorResponse> backup(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -439,7 +439,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<UploadDescriptorResponse> uploadTemporaryAttachment(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -537,7 +537,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<CopyMediaResponse> copyMedia(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -634,7 +634,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<Response> copyMedia(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -671,7 +671,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<Response> refresh(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -737,7 +737,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<ListResponse> listMedia(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -792,7 +792,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<Response> deleteMedia(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
@@ -828,7 +828,7 @@ public class ArchiveController {
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   @ApiResponseZkAuth
   public CompletionStage<Response> deleteBackup(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> account,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> account,
 
       @Parameter(description = BackupAuthCredentialPresentationHeader.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArtController.java

@@ -12,7 +12,7 @@ import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.ArtServiceConfiguration;
@@ -43,7 +43,7 @@ public class ArtController {
   @GET
   @Path("/auth")
   @Produces(MediaType.APPLICATION_JSON)
-  public ExternalServiceCredentials getAuth(final @ReadOnly @Auth AuthenticatedAccount auth)
+  public ExternalServiceCredentials getAuth(final @ReadOnly @Auth AuthenticatedDevice auth)
     throws RateLimitExceededException {
     final UUID uuid = auth.getAccount().getUuid();
     rateLimiters.forDescriptor(RateLimiters.For.EXTERNAL_SERVICE_CREDENTIALS).validate(uuid);

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AttachmentControllerV2.java

@@ -20,7 +20,7 @@ import javax.ws.rs.HeaderParam;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV2;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
@@ -54,7 +54,7 @@ public class AttachmentControllerV2 {
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/form/upload")
   public AttachmentDescriptorV2 getAttachmentUploadForm(
-      @ReadOnly @Auth AuthenticatedAccount auth,
+      @ReadOnly @Auth AuthenticatedDevice auth,
       @HeaderParam(HttpHeaders.USER_AGENT) String userAgent)
       throws RateLimitExceededException {
     rateLimiter.validate(auth.getAccount().getUuid());

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AttachmentControllerV3.java

@@ -19,7 +19,7 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import org.whispersystems.textsecuregcm.attachments.AttachmentGenerator;
 import org.whispersystems.textsecuregcm.attachments.GcsAttachmentGenerator;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV3;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
@@ -50,7 +50,7 @@ public class AttachmentControllerV3 {
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/form/upload")
-  public AttachmentDescriptorV3 getAttachmentUploadForm(@ReadOnly @Auth AuthenticatedAccount auth)
+  public AttachmentDescriptorV3 getAttachmentUploadForm(@ReadOnly @Auth AuthenticatedDevice auth)
       throws RateLimitExceededException {
     rateLimiter.validate(auth.getAccount().getUuid());
     final String key = generateAttachmentKey();

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AttachmentControllerV4.java

@@ -21,7 +21,7 @@ import javax.ws.rs.core.MediaType;
 import org.whispersystems.textsecuregcm.attachments.AttachmentGenerator;
 import org.whispersystems.textsecuregcm.attachments.GcsAttachmentGenerator;
 import org.whispersystems.textsecuregcm.attachments.TusAttachmentGenerator;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV3;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
@@ -77,7 +77,7 @@ public class AttachmentControllerV4 {
   @ApiResponse(responseCode = "429", description = "Too many attempts", headers = @Header(
       name = "Retry-After",
       description = "If present, an positive integer indicating the number of seconds before a subsequent attempt could succeed"))
-  public AttachmentDescriptorV3 getAttachmentUploadForm(@ReadOnly @Auth AuthenticatedAccount auth)
+  public AttachmentDescriptorV3 getAttachmentUploadForm(@ReadOnly @Auth AuthenticatedDevice auth)
       throws RateLimitExceededException {
     rateLimiter.validate(auth.getAccount().getUuid());
     final String key = generateAttachmentKey();

service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallLinkController.java

@@ -16,7 +16,7 @@ import org.signal.libsignal.protocol.ServiceId;
 import org.signal.libsignal.zkgroup.GenericServerSecretParams;
 import org.signal.libsignal.zkgroup.InvalidInputException;
 import org.signal.libsignal.zkgroup.calllinks.CreateCallLinkCredentialRequest;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.CreateCallLinkCredential;
 import org.whispersystems.textsecuregcm.entities.GetCreateCallLinkCredentialsRequest;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
@@ -52,7 +52,7 @@ public class CallLinkController {
   @ApiResponse(responseCode = "422", description = "Invalid request format.")
   @ApiResponse(responseCode = "429", description = "Ratelimited.")
   public CreateCallLinkCredential getCreateAuth(
-      final @ReadOnly @Auth AuthenticatedAccount auth,
+      final @ReadOnly @Auth AuthenticatedDevice auth,
       final @NotNull @Valid GetCreateCallLinkCredentialsRequest request
   ) throws RateLimitExceededException {
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallRoutingController.java

@@ -20,7 +20,7 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.CloudflareTurnCredentialsManager;
 import org.whispersystems.textsecuregcm.auth.TurnToken;
 import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
@@ -73,7 +73,7 @@ public class CallRoutingController {
   @ApiResponse(responseCode = "422", description = "Invalid request format.")
   @ApiResponse(responseCode = "429", description = "Rate limited.")
   public TurnToken getCallingRelays(
-      final @ReadOnly @Auth AuthenticatedAccount auth,
+      final @ReadOnly @Auth AuthenticatedDevice auth,
       @Context ContainerRequestContext requestContext
   ) throws RateLimitExceededException, IOException {
     UUID aci = auth.getAccount().getUuid();

service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java

@@ -34,7 +34,7 @@ import org.signal.libsignal.zkgroup.GenericServerSecretParams;
 import org.signal.libsignal.zkgroup.auth.AuthCredentialWithPniResponse;
 import org.signal.libsignal.zkgroup.auth.ServerZkAuthOperations;
 import org.signal.libsignal.zkgroup.calllinks.CallLinkAuthCredentialResponse;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.CertificateGenerator;
 import org.whispersystems.textsecuregcm.entities.DeliveryCertificate;
 import org.whispersystems.textsecuregcm.entities.GroupCredentials;
@@ -70,7 +70,7 @@ public class CertificateController {
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/delivery")
-  public DeliveryCertificate getDeliveryCertificate(@ReadOnly @Auth AuthenticatedAccount auth,
+  public DeliveryCertificate getDeliveryCertificate(@ReadOnly @Auth AuthenticatedDevice auth,
       @QueryParam("includeE164") @DefaultValue("true") boolean includeE164)
       throws InvalidKeyException {
 
@@ -89,7 +89,7 @@ public class CertificateController {
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/auth/group")
   public GroupCredentials getGroupAuthenticationCredentials(
-      @ReadOnly @Auth AuthenticatedAccount auth,
+      @ReadOnly @Auth AuthenticatedDevice auth,
       @QueryParam("redemptionStartSeconds") long startSeconds,
       @QueryParam("redemptionEndSeconds") long endSeconds,
       @QueryParam("zkcCredential") boolean zkcCredential) {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ChallengeController.java

@@ -30,7 +30,7 @@ import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.AnswerChallengeRequest;
 import org.whispersystems.textsecuregcm.entities.AnswerPushChallengeRequest;
 import org.whispersystems.textsecuregcm.entities.AnswerCaptchaChallengeRequest;
@@ -79,7 +79,7 @@ public class ChallengeController {
   @ApiResponse(responseCode = "429", description = "Too many attempts", headers = @Header(
       name = "Retry-After",
       description = "If present, an positive integer indicating the number of seconds before a subsequent attempt could succeed"))
-  public Response handleChallengeResponse(@ReadOnly @Auth final AuthenticatedAccount auth,
+  public Response handleChallengeResponse(@ReadOnly @Auth final AuthenticatedDevice auth,
       @Valid final AnswerChallengeRequest answerRequest,
       @Context ContainerRequestContext requestContext,
       @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent) throws RateLimitExceededException, IOException {
@@ -165,7 +165,7 @@ public class ChallengeController {
   @ApiResponse(responseCode = "429", description = "Too many attempts", headers = @Header(
       name = "Retry-After",
       description = "If present, an positive integer indicating the number of seconds before a subsequent attempt could succeed"))
-  public Response requestPushChallenge(@ReadOnly @Auth final AuthenticatedAccount auth,
+  public Response requestPushChallenge(@ReadOnly @Auth final AuthenticatedDevice auth,
       @Context ContainerRequestContext requestContext) {
     final ChallengeConstraints constraints = challengeConstraintChecker.challengeConstraints(
         requestContext, auth.getAccount());

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DeviceController.java

@@ -47,7 +47,7 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.glassfish.jersey.server.ContainerRequest;
 import org.whispersystems.textsecuregcm.auth.LinkedDeviceRefreshRequirementProvider;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.BasicAuthorizationHeader;
 import org.whispersystems.textsecuregcm.auth.ChangesLinkedDevices;
 import org.whispersystems.textsecuregcm.entities.AccountAttributes;
@@ -118,7 +118,7 @@ public class DeviceController {
 
   @GET
   @Produces(MediaType.APPLICATION_JSON)
-  public DeviceInfoList getDevices(@ReadOnly @Auth AuthenticatedAccount auth) {
+  public DeviceInfoList getDevices(@ReadOnly @Auth AuthenticatedDevice auth) {
     List<DeviceInfo> devices = new LinkedList<>();
 
     for (Device device : auth.getAccount().getDevices()) {
@@ -133,7 +133,7 @@ public class DeviceController {
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/{device_id}")
   @ChangesLinkedDevices
-  public void removeDevice(@Mutable @Auth AuthenticatedAccount auth, @PathParam("device_id") byte deviceId) {
+  public void removeDevice(@Mutable @Auth AuthenticatedDevice auth, @PathParam("device_id") byte deviceId) {
     if (auth.getAuthenticatedDevice().getId() != Device.PRIMARY_ID) {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
@@ -148,7 +148,7 @@ public class DeviceController {
   @GET
   @Path("/provisioning/code")
   @Produces(MediaType.APPLICATION_JSON)
-  public VerificationCode createDeviceToken(@ReadOnly @Auth AuthenticatedAccount auth)
+  public VerificationCode createDeviceToken(@ReadOnly @Auth AuthenticatedDevice auth)
       throws RateLimitExceededException, DeviceLimitExceededException {
 
     final Account account = auth.getAccount();
@@ -273,7 +273,7 @@ public class DeviceController {
   @PUT
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/unauthenticated_delivery")
-  public void setUnauthenticatedDelivery(@Mutable @Auth AuthenticatedAccount auth) {
+  public void setUnauthenticatedDelivery(@Mutable @Auth AuthenticatedDevice auth) {
     assert (auth.getAuthenticatedDevice() != null);
     // Deprecated
   }
@@ -281,7 +281,7 @@ public class DeviceController {
   @PUT
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/capabilities")
-  public void setCapabilities(@Mutable @Auth AuthenticatedAccount auth, @NotNull @Valid DeviceCapabilities capabilities) {
+  public void setCapabilities(@Mutable @Auth AuthenticatedDevice auth, @NotNull @Valid DeviceCapabilities capabilities) {
     assert (auth.getAuthenticatedDevice() != null);
     final byte deviceId = auth.getAuthenticatedDevice().getId();
     accounts.updateDevice(auth.getAccount(), deviceId, d -> d.setCapabilities(capabilities));
@@ -301,7 +301,7 @@ public class DeviceController {
   @ApiResponse(responseCode = "200", description = "Public key stored successfully")
   @ApiResponse(responseCode = "401", description = "Account authentication check failed")
   @ApiResponse(responseCode = "422", description = "Invalid request format")
-  public CompletableFuture<Void> setPublicKey(@Auth final AuthenticatedAccount auth,
+  public CompletableFuture<Void> setPublicKey(@Auth final AuthenticatedDevice auth,
       final SetPublicKeyRequest setPublicKeyRequest) {
 
     return clientPublicKeysManager.setPublicKey(auth.getAccount(),

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DirectoryV2Controller.java

@@ -14,7 +14,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.DirectoryV2ClientConfiguration;
@@ -48,7 +48,7 @@ public class DirectoryV2Controller {
   @GET
   @Path("/auth")
   @Produces(MediaType.APPLICATION_JSON)
-  public Response getAuthToken(final @ReadOnly @Auth AuthenticatedAccount auth) {
+  public Response getAuthToken(final @ReadOnly @Auth AuthenticatedDevice auth) {
     final UUID uuid = auth.getAccount().getUuid();
     final ExternalServiceCredentials credentials = directoryServiceTokenGenerator.generateForUuid(uuid);
     return Response.ok().entity(credentials).build();

service/src/main/java/org/whispersystems/textsecuregcm/controllers/DonationController.java

@@ -28,9 +28,7 @@ import org.signal.libsignal.zkgroup.VerificationFailedException;
 import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialPresentation;
 import org.signal.libsignal.zkgroup.receipts.ReceiptSerial;
 import org.signal.libsignal.zkgroup.receipts.ServerZkReceiptOperations;
-import org.slf4j.Logger;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
-import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
 import org.whispersystems.textsecuregcm.entities.RedeemReceiptRequest;
 import org.whispersystems.textsecuregcm.storage.AccountBadge;
@@ -73,7 +71,7 @@ public class DonationController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces({MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN})
   public CompletionStage<Response> redeemReceipt(
-      @Mutable @Auth final AuthenticatedAccount auth,
+      @Mutable @Auth final AuthenticatedDevice auth,
       @NotNull @Valid final RedeemReceiptRequest request) {
     return CompletableFuture.supplyAsync(() -> {
       ReceiptCredentialPresentation receiptCredentialPresentation;

service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeepAliveController.java

@@ -17,7 +17,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.core.Response;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.websocket.auth.ReadOnly;
@@ -41,7 +41,7 @@ public class KeepAliveController {
   }
 
   @GET
-  public Response getKeepAlive(@ReadOnly @Auth Optional<AuthenticatedAccount> maybeAuth,
+  public Response getKeepAlive(@ReadOnly @Auth Optional<AuthenticatedDevice> maybeAuth,
       @WebSocketSession WebSocketSessionContext context) {
 
     maybeAuth.ifPresent(auth -> {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyController.java

@@ -19,7 +19,7 @@ import katie.MonitorResponse;
 import katie.SearchResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.KeyTransparencyMonitorRequest;
 import org.whispersystems.textsecuregcm.entities.KeyTransparencyMonitorResponse;
 import org.whispersystems.textsecuregcm.entities.KeyTransparencySearchRequest;
@@ -85,7 +85,7 @@ public class KeyTransparencyController {
   @RateLimitedByIp(RateLimiters.For.KEY_TRANSPARENCY_SEARCH_PER_IP)
   @Produces(MediaType.APPLICATION_JSON)
   public KeyTransparencySearchResponse search(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> authenticatedAccount,
       @NotNull @Valid final KeyTransparencySearchRequest request) {
 
     // Disallow clients from making authenticated requests to this endpoint
@@ -144,7 +144,7 @@ public class KeyTransparencyController {
   @RateLimitedByIp(RateLimiters.For.KEY_TRANSPARENCY_MONITOR_PER_IP)
   @Produces(MediaType.APPLICATION_JSON)
   public KeyTransparencyMonitorResponse monitor(
-      @ReadOnly @Auth final Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth final Optional<AuthenticatedDevice> authenticatedAccount,
       @NotNull @Valid final KeyTransparencyMonitorRequest request) {
 
     // Disallow clients from making authenticated requests to this endpoint
@@ -226,7 +226,7 @@ public class KeyTransparencyController {
         .build();
   }
 
-  private void requireNotAuthenticated(final Optional<AuthenticatedAccount> authenticatedAccount) {
+  private void requireNotAuthenticated(final Optional<AuthenticatedDevice> authenticatedAccount) {
     if (authenticatedAccount.isPresent()) {
       throw new BadRequestException("Endpoint requires unauthenticated access");
     }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/KeysController.java

@@ -49,7 +49,7 @@ import org.signal.libsignal.zkgroup.VerificationFailedException;
 import org.signal.libsignal.zkgroup.groupsend.GroupSendDerivedKeyPair;
 import org.signal.libsignal.zkgroup.groupsend.GroupSendFullToken;
 import org.whispersystems.textsecuregcm.auth.Anonymous;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.GroupSendTokenHeader;
 import org.whispersystems.textsecuregcm.auth.OptionalAccess;
 import org.whispersystems.textsecuregcm.entities.CheckKeysRequest;
@@ -108,7 +108,7 @@ public class KeysController {
       description = "Gets the number of one-time prekeys uploaded for this device and still available")
   @ApiResponse(responseCode = "200", description = "Body contains the number of available one-time prekeys for the device.", useReturnTypeSchema = true)
   @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
-  public CompletableFuture<PreKeyCount> getStatus(@ReadOnly @Auth final AuthenticatedAccount auth,
+  public CompletableFuture<PreKeyCount> getStatus(@ReadOnly @Auth final AuthenticatedDevice auth,
       @QueryParam("identity") @DefaultValue("aci") final IdentityType identityType) {
 
     final CompletableFuture<Integer> ecCountFuture =
@@ -129,7 +129,7 @@ public class KeysController {
   @ApiResponse(responseCode = "403", description = "Attempt to change identity key from a non-primary device.")
   @ApiResponse(responseCode = "422", description = "Invalid request format.")
   public CompletableFuture<Response> setKeys(
-      @ReadOnly @Auth final AuthenticatedAccount auth,
+      @ReadOnly @Auth final AuthenticatedDevice auth,
       @RequestBody @NotNull @Valid final SetKeysRequest setKeysRequest,
 
       @Parameter(allowEmptyValue=true)
@@ -243,7 +243,7 @@ public class KeysController {
   """)
   @ApiResponse(responseCode = "422", description = "Invalid request format")
   public CompletableFuture<Response> checkKeys(
-      @ReadOnly @Auth final AuthenticatedAccount auth,
+      @ReadOnly @Auth final AuthenticatedDevice auth,
       @RequestBody @NotNull @Valid final CheckKeysRequest checkKeysRequest,
       @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent) {
 
@@ -318,7 +318,7 @@ public class KeysController {
       name = "Retry-After",
       description = "If present, a positive integer indicating the number of seconds before a subsequent attempt could succeed"))
   public PreKeyResponse getDeviceKeys(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> auth,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> auth,
       @HeaderParam(HeaderUtils.UNIDENTIFIED_ACCESS_KEY) Optional<Anonymous> accessKey,
       @HeaderParam(HeaderUtils.GROUP_SEND_TOKEN) Optional<GroupSendTokenHeader> groupSendToken,
 
@@ -335,7 +335,7 @@ public class KeysController {
       throw new WebApplicationException(Response.Status.UNAUTHORIZED);
     }
 
-    final Optional<Account> account = auth.map(AuthenticatedAccount::getAccount);
+    final Optional<Account> account = auth.map(AuthenticatedDevice::getAccount);
     final Optional<Account> maybeTarget = accounts.getByServiceIdentifier(targetIdentifier);
 
     if (groupSendToken.isPresent()) {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java

@@ -83,7 +83,7 @@ import org.signal.libsignal.zkgroup.groupsend.GroupSendFullToken;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.auth.Anonymous;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.CombinedUnidentifiedSenderAccessKeys;
 import org.whispersystems.textsecuregcm.auth.GroupSendTokenHeader;
 import org.whispersystems.textsecuregcm.auth.OptionalAccess;
@@ -270,7 +270,7 @@ public class MessageController {
   @ApiResponse(
       responseCode = "410", description = "Mismatched registration ids supplied for some recipient devices",
       content = @Content(schema = @Schema(implementation = AccountStaleDevices[].class)))
-  public Response sendMessage(@ReadOnly @Auth Optional<AuthenticatedAccount> source,
+  public Response sendMessage(@ReadOnly @Auth Optional<AuthenticatedDevice> source,
       @Parameter(description="The recipient's unidentified access key")
       @HeaderParam(HeaderUtils.UNIDENTIFIED_ACCESS_KEY) Optional<Anonymous> accessKey,
 
@@ -326,11 +326,11 @@ public class MessageController {
       if (!isSyncMessage) {
         destination = accountsManager.getByServiceIdentifier(destinationIdentifier);
       } else {
-        destination = source.map(AuthenticatedAccount::getAccount);
+        destination = source.map(AuthenticatedDevice::getAccount);
       }
 
       final Optional<Response> spamCheck = spamChecker.checkForSpam(
-          context, source.map(AuthenticatedAccount::getAccount), destination);
+          context, source.map(AuthenticatedDevice::getAccount), destination);
       if (spamCheck.isPresent()) {
         return spamCheck.get();
       }
@@ -374,7 +374,7 @@ public class MessageController {
             throw new NotFoundException();
           }
         } else {
-          OptionalAccess.verify(source.map(AuthenticatedAccount::getAccount), accessKey, destination,
+          OptionalAccess.verify(source.map(AuthenticatedDevice::getAccount), accessKey, destination,
               destinationIdentifier);
         }
 
@@ -745,7 +745,7 @@ public class MessageController {
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
-  public CompletableFuture<OutgoingMessageEntityList> getPendingMessages(@ReadOnly @Auth AuthenticatedAccount auth,
+  public CompletableFuture<OutgoingMessageEntityList> getPendingMessages(@ReadOnly @Auth AuthenticatedDevice auth,
       @HeaderParam(Stories.X_SIGNAL_RECEIVE_STORIES) String receiveStoriesHeader,
       @HeaderParam(HttpHeaders.USER_AGENT) String userAgent) {
 
@@ -800,7 +800,7 @@ public class MessageController {
   @Timed
   @DELETE
   @Path("/uuid/{uuid}")
-  public CompletableFuture<Response> removePendingMessage(@ReadOnly @Auth AuthenticatedAccount auth, @PathParam("uuid") UUID uuid) {
+  public CompletableFuture<Response> removePendingMessage(@ReadOnly @Auth AuthenticatedDevice auth, @PathParam("uuid") UUID uuid) {
     return messagesManager.delete(
             auth.getAccount().getUuid(),
             auth.getAuthenticatedDevice(),
@@ -831,7 +831,7 @@ public class MessageController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Path("/report/{source}/{messageGuid}")
   public Response reportSpamMessage(
-      @ReadOnly @Auth AuthenticatedAccount auth,
+      @ReadOnly @Auth AuthenticatedDevice auth,
       @PathParam("source") String source,
       @PathParam("messageGuid") UUID messageGuid,
       @Nullable SpamReport spamReport,
@@ -881,7 +881,7 @@ public class MessageController {
   }
 
   private void sendIndividualMessage(
-      Optional<AuthenticatedAccount> source,
+      Optional<AuthenticatedDevice> source,
       Account destinationAccount,
       Device destinationDevice,
       ServiceIdentifier destinationIdentifier,
@@ -896,7 +896,7 @@ public class MessageController {
     final Envelope envelope;
 
     try {
-      final Account sourceAccount = source.map(AuthenticatedAccount::getAccount).orElse(null);
+      final Account sourceAccount = source.map(AuthenticatedDevice::getAccount).orElse(null);
       final Byte sourceDeviceId = source.map(account -> account.getAuthenticatedDevice().getId()).orElse(null);
       envelope = incomingMessage.toEnvelope(
           destinationIdentifier,
@@ -938,7 +938,7 @@ public class MessageController {
     messageSender.sendMessage(destinationAccount, destinationDevice, messageBuilder.build(), online);
   }
 
-  private void checkMessageRateLimit(AuthenticatedAccount source, Account destination, String userAgent)
+  private void checkMessageRateLimit(AuthenticatedDevice source, Account destination, String userAgent)
       throws RateLimitExceededException {
     final String senderCountryCode = Util.getCountryCode(source.getAccount().getNumber());
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/PaymentsController.java

@@ -11,7 +11,7 @@ import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.PaymentsServiceConfiguration;
@@ -43,14 +43,14 @@ public class PaymentsController {
   @GET
   @Path("/auth")
   @Produces(MediaType.APPLICATION_JSON)
-  public ExternalServiceCredentials getAuth(final @ReadOnly @Auth AuthenticatedAccount auth) {
+  public ExternalServiceCredentials getAuth(final @ReadOnly @Auth AuthenticatedDevice auth) {
     return paymentsServiceCredentialsGenerator.generateForUuid(auth.getAccount().getUuid());
   }
 
   @GET
   @Path("/conversions")
   @Produces(MediaType.APPLICATION_JSON)
-  public CurrencyConversionEntityList getConversions(final @ReadOnly @Auth AuthenticatedAccount auth) {
+  public CurrencyConversionEntityList getConversions(final @ReadOnly @Auth AuthenticatedDevice auth) {
     return currencyManager.getCurrencyConversions().orElseThrow();
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ProfileController.java

@@ -64,7 +64,7 @@ import org.signal.libsignal.zkgroup.profiles.ServerZkProfileOperations;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.auth.Anonymous;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.GroupSendTokenHeader;
 import org.whispersystems.textsecuregcm.auth.OptionalAccess;
 import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessChecksum;
@@ -167,7 +167,7 @@ public class ProfileController {
   @PUT
   @Produces(MediaType.APPLICATION_JSON)
   @Consumes(MediaType.APPLICATION_JSON)
-  public Response setProfile(@Mutable @Auth AuthenticatedAccount auth, @NotNull @Valid CreateProfileRequest request) {
+  public Response setProfile(@Mutable @Auth AuthenticatedDevice auth, @NotNull @Valid CreateProfileRequest request) {
 
     final Optional<VersionedProfile> currentProfile = profilesManager.get(auth.getAccount().getUuid(),
         request.version());
@@ -233,14 +233,14 @@ public class ProfileController {
   @Path("/{identifier}/{version}")
   @ManagedAsync
   public VersionedProfileResponse getProfile(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> auth,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> auth,
       @HeaderParam(HeaderUtils.UNIDENTIFIED_ACCESS_KEY) Optional<Anonymous> accessKey,
       @Context ContainerRequestContext containerRequestContext,
       @PathParam("identifier") AciServiceIdentifier accountIdentifier,
       @PathParam("version") String version)
       throws RateLimitExceededException {
 
-    final Optional<Account> maybeRequester = auth.map(AuthenticatedAccount::getAccount);
+    final Optional<Account> maybeRequester = auth.map(AuthenticatedDevice::getAccount);
     final Account targetAccount = verifyPermissionToReceiveProfile(maybeRequester, accessKey, accountIdentifier);
 
     return buildVersionedProfileResponse(targetAccount,
@@ -253,7 +253,7 @@ public class ProfileController {
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/{identifier}/{version}/{credentialRequest}")
   public CredentialProfileResponse getProfile(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> auth,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> auth,
       @HeaderParam(HeaderUtils.UNIDENTIFIED_ACCESS_KEY) Optional<Anonymous> accessKey,
       @Context ContainerRequestContext containerRequestContext,
       @PathParam("identifier") AciServiceIdentifier accountIdentifier,
@@ -266,7 +266,7 @@ public class ProfileController {
       throw new BadRequestException();
     }
 
-    final Optional<Account> maybeRequester = auth.map(AuthenticatedAccount::getAccount);
+    final Optional<Account> maybeRequester = auth.map(AuthenticatedDevice::getAccount);
     final Account targetAccount = verifyPermissionToReceiveProfile(maybeRequester, accessKey, accountIdentifier);
     final boolean isSelf = maybeRequester.map(requester -> ProfileHelper.isSelfProfileRequest(requester.getUuid(), accountIdentifier)).orElse(false);
 
@@ -284,7 +284,7 @@ public class ProfileController {
   @Path("/{identifier}")
   @ManagedAsync
   public BaseProfileResponse getUnversionedProfile(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> auth,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> auth,
       @HeaderParam(HeaderUtils.UNIDENTIFIED_ACCESS_KEY) Optional<Anonymous> accessKey,
       @HeaderParam(HeaderUtils.GROUP_SEND_TOKEN) Optional<GroupSendTokenHeader> groupSendToken,
       @Context ContainerRequestContext containerRequestContext,
@@ -293,7 +293,7 @@ public class ProfileController {
       @QueryParam("ca") boolean useCaCertificate)
       throws RateLimitExceededException {
 
-    final Optional<Account> maybeRequester = auth.map(AuthenticatedAccount::getAccount);
+    final Optional<Account> maybeRequester = auth.map(AuthenticatedDevice::getAccount);
 
     final Account targetAccount;
     if (groupSendToken.isPresent()) {

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ProvisioningController.java

@@ -26,7 +26,7 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.ProvisioningMessage;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
@@ -56,7 +56,7 @@ public class ProvisioningController {
   @PUT
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
-  public void sendProvisioningMessage(@ReadOnly @Auth AuthenticatedAccount auth,
+  public void sendProvisioningMessage(@ReadOnly @Auth AuthenticatedDevice auth,
       @PathParam("destination") String destinationName,
       @NotNull @Valid ProvisioningMessage message,
       @HeaderParam(HttpHeaders.USER_AGENT) String userAgent)

service/src/main/java/org/whispersystems/textsecuregcm/controllers/RemoteConfigController.java

@@ -22,7 +22,7 @@ import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.UserRemoteConfig;
 import org.whispersystems.textsecuregcm.entities.UserRemoteConfigList;
 import org.whispersystems.textsecuregcm.storage.RemoteConfigsManager;
@@ -52,7 +52,7 @@ public class RemoteConfigController {
 
   @GET
   @Produces(MediaType.APPLICATION_JSON)
-  public UserRemoteConfigList getAll(@ReadOnly @Auth AuthenticatedAccount auth) {
+  public UserRemoteConfigList getAll(@ReadOnly @Auth AuthenticatedDevice auth) {
     try {
       MessageDigest digest = MessageDigest.getInstance("SHA1");
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureStorageController.java

@@ -11,7 +11,7 @@ import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.SecureStorageServiceConfiguration;
@@ -37,7 +37,7 @@ public class SecureStorageController {
   @GET
   @Path("/auth")
   @Produces(MediaType.APPLICATION_JSON)
-  public ExternalServiceCredentials getAuth(@ReadOnly @Auth AuthenticatedAccount auth) {
+  public ExternalServiceCredentials getAuth(@ReadOnly @Auth AuthenticatedDevice auth) {
     return storageServiceCredentialsGenerator.generateForUuid(auth.getAccount().getUuid());
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureValueRecovery2Controller.java

@@ -23,7 +23,7 @@ import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsSelector;
@@ -78,7 +78,7 @@ public class SecureValueRecovery2Controller {
   )
   @ApiResponse(responseCode = "200", description = "`JSON` with generated credentials.", useReturnTypeSchema = true)
   @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
-  public ExternalServiceCredentials getAuth(@ReadOnly @Auth final AuthenticatedAccount auth) {
+  public ExternalServiceCredentials getAuth(@ReadOnly @Auth final AuthenticatedDevice auth) {
     return backupServiceCredentialGenerator.generateFor(auth.getAccount().getUuid().toString());
   }
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureValueRecovery3Controller.java

@@ -24,7 +24,7 @@ import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsSelector;
@@ -85,7 +85,7 @@ public class SecureValueRecovery3Controller {
           """)
   @ApiResponse(responseCode = "200", description = "`JSON` with generated credentials and share-set", useReturnTypeSchema = true)
   @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
-  public Svr3Credentials getAuth(@ReadOnly @Auth final AuthenticatedAccount auth) {
+  public Svr3Credentials getAuth(@ReadOnly @Auth final AuthenticatedDevice auth) {
     final ExternalServiceCredentials creds = backupServiceCredentialGenerator.generateFor(
         auth.getAccount().getUuid().toString());
     return new Svr3Credentials(creds.username(), creds.password(), auth.getAccount().getSvr3ShareSet());
@@ -104,7 +104,7 @@ public class SecureValueRecovery3Controller {
   @ApiResponse(responseCode = "204", description = "Successfully set share-set")
   @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
   public void setShareSet(
-      @Mutable @Auth final AuthenticatedAccount auth,
+      @Mutable @Auth final AuthenticatedDevice auth,
       @NotNull @Valid final SetShareSetRequest request) {
     accountsManager.update(auth.getAccount(), account -> account.setSvr3ShareSet(request.shareSet()));
   }

service/src/main/java/org/whispersystems/textsecuregcm/controllers/StickerController.java

@@ -20,7 +20,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.StickerPackFormUploadAttributes;
 import org.whispersystems.textsecuregcm.entities.StickerPackFormUploadAttributes.StickerPackFormUploadItem;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
@@ -47,7 +47,7 @@ public class StickerController {
   @GET
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/pack/form/{count}")
-  public StickerPackFormUploadAttributes getStickersForm(@ReadOnly @Auth AuthenticatedAccount auth,
+  public StickerPackFormUploadAttributes getStickersForm(@ReadOnly @Auth AuthenticatedDevice auth,
       @PathParam("count") @Min(1) @Max(201) int stickerCount)
       throws RateLimitExceededException {
     rateLimiters.getStickerPackLimiter().validate(auth.getAccount().getUuid());

service/src/main/java/org/whispersystems/textsecuregcm/controllers/SubscriptionController.java

@@ -77,7 +77,7 @@ import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialResponse;
 import org.signal.libsignal.zkgroup.receipts.ServerZkReceiptOperations;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.backup.BackupManager;
 import org.whispersystems.textsecuregcm.badges.BadgeTranslator;
 import org.whispersystems.textsecuregcm.badges.LevelTranslator;
@@ -250,7 +250,7 @@ public class SubscriptionController {
   @Path("/{subscriberId}")
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> deleteSubscriber(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId) {
     RequestData requestData = RequestData.process(authenticatedAccount, subscriberId, clock);
     return subscriptionManager.get(requestData.subscriberUser, requestData.hmac)
@@ -272,7 +272,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> updateSubscriber(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId) {
     RequestData requestData = RequestData.process(authenticatedAccount, subscriberId, clock);
     return subscriptionManager.get(requestData.subscriberUser, requestData.hmac)
@@ -306,7 +306,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> createPaymentMethod(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId,
       @QueryParam("type") @DefaultValue("CARD") PaymentMethod paymentMethodType,
       @HeaderParam(HttpHeaders.USER_AGENT) @Nullable final String userAgentString) {
@@ -361,7 +361,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> createPayPalPaymentMethod(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId,
       @NotNull @Valid CreatePayPalBillingAgreementRequest request,
       @Context ContainerRequestContext containerRequestContext,
@@ -426,7 +426,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> setDefaultPaymentMethodWithProcessor(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId,
       @PathParam("processor") SubscriptionProcessor processor,
       @PathParam("paymentMethodToken") @NotEmpty String paymentMethodToken) {
@@ -457,7 +457,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> setSubscriptionLevel(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId,
       @PathParam("level") long level,
       @PathParam("currency") String currency,
@@ -660,7 +660,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> createBoostPaymentIntent(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @NotNull @Valid CreateBoostRequest request,
       @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent) {
 
@@ -732,7 +732,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> createPayPalBoost(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @NotNull @Valid CreatePayPalBoostRequest request,
       @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent,
       @Context ContainerRequestContext containerRequestContext) {
@@ -783,7 +783,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> confirmPayPalBoost(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @NotNull @Valid ConfirmPayPalBoostRequest request,
       @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent) {
 
@@ -829,7 +829,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> createBoostReceiptCredentials(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @NotNull @Valid final CreateBoostReceiptCredentialsRequest request,
       @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent) {
 
@@ -924,7 +924,7 @@ public class SubscriptionController {
   @Path("/{subscriberId}")
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> getSubscriptionInformation(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId) {
     RequestData requestData = RequestData.process(authenticatedAccount, subscriberId, clock);
     return subscriptionManager.get(requestData.subscriberUser, requestData.hmac)
@@ -967,7 +967,7 @@ public class SubscriptionController {
   @Consumes(MediaType.APPLICATION_JSON)
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> createSubscriptionReceiptCredentials(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @HeaderParam(HttpHeaders.USER_AGENT) final String userAgent,
       @PathParam("subscriberId") String subscriberId,
       @NotNull @Valid GetReceiptCredentialsRequest request) {
@@ -1020,7 +1020,7 @@ public class SubscriptionController {
   @Path("/{subscriberId}/default_payment_method_for_ideal/{setupIntentId}")
   @Produces(MediaType.APPLICATION_JSON)
   public CompletableFuture<Response> setDefaultPaymentMethodForIdeal(
-      @ReadOnly @Auth Optional<AuthenticatedAccount> authenticatedAccount,
+      @ReadOnly @Auth Optional<AuthenticatedDevice> authenticatedAccount,
       @PathParam("subscriberId") String subscriberId,
       @PathParam("setupIntentId") @NotEmpty String setupIntentId) {
     RequestData requestData = RequestData.process(authenticatedAccount, subscriberId, clock);
@@ -1117,7 +1117,7 @@ public class SubscriptionController {
                              @Nonnull Instant now) {
 
       public static RequestData process(
-          Optional<AuthenticatedAccount> authenticatedAccount,
+          Optional<AuthenticatedDevice> authenticatedAccount,
           String subscriberId,
           Clock clock) {
         Instant now = clock.instant();

service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountPrincipalSupplier.java

@@ -4,10 +4,10 @@
  */
 package org.whispersystems.textsecuregcm.storage;
 
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.websocket.auth.PrincipalSupplier;
 
-public class AccountPrincipalSupplier implements PrincipalSupplier<AuthenticatedAccount> {
+public class AccountPrincipalSupplier implements PrincipalSupplier<AuthenticatedDevice> {
 
   private final AccountsManager accountsManager;
 
@@ -16,20 +16,20 @@ public class AccountPrincipalSupplier implements PrincipalSupplier<Authenticated
   }
 
   @Override
-  public AuthenticatedAccount refresh(final AuthenticatedAccount oldAccount) {
+  public AuthenticatedDevice refresh(final AuthenticatedDevice oldAccount) {
     final Account account = accountsManager.getByAccountIdentifier(oldAccount.getAccount().getUuid())
         .orElseThrow(() -> new RefreshingAccountNotFoundException("Could not find account"));
     final Device device = account.getDevice(oldAccount.getAuthenticatedDevice().getId())
         .orElseThrow(() -> new RefreshingAccountNotFoundException("Could not find device"));
-    return new AuthenticatedAccount(account, device);
+    return new AuthenticatedDevice(account, device);
   }
 
   @Override
-  public AuthenticatedAccount deepCopy(final AuthenticatedAccount authenticatedAccount) {
+  public AuthenticatedDevice deepCopy(final AuthenticatedDevice authenticatedDevice) {
-    final Account cloned = AccountUtil.cloneAccountAsNotStale(authenticatedAccount.getAccount());
+    final Account cloned = AccountUtil.cloneAccountAsNotStale(authenticatedDevice.getAccount());
-    return new AuthenticatedAccount(
+    return new AuthenticatedDevice(
         cloned,
-        cloned.getDevice(authenticatedAccount.getAuthenticatedDevice().getId())
+        cloned.getDevice(authenticatedDevice.getAuthenticatedDevice().getId())
             .orElseThrow(() -> new IllegalStateException(
                 "Could not find device from a clone of an account where the device was present")));
   }

service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountUtil.java

@@ -5,9 +5,7 @@
 
 package org.whispersystems.textsecuregcm.storage;
 
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.util.SystemMapper;
-import org.whispersystems.websocket.auth.PrincipalSupplier;
 import java.io.IOException;
 
 public class AccountUtil {

service/src/main/java/org/whispersystems/textsecuregcm/websocket/AuthenticatedConnectListener.java

@@ -19,7 +19,7 @@ import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicReference;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.metrics.MessageMetrics;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
@@ -136,7 +136,7 @@ public class AuthenticatedConnectListener implements WebSocketConnectListener {
     final Timer connectionTimer = getConnectionTimer(userAgent, authenticated);
 
     if (authenticated) {
-      final AuthenticatedAccount auth = context.getAuthenticated(AuthenticatedAccount.class);
+      final AuthenticatedDevice auth = context.getAuthenticated(AuthenticatedDevice.class);
       final Timer.Sample sample = Timer.start();
       final WebSocketConnection connection = new WebSocketConnection(receiptSender,
           messagesManager,

service/src/main/java/org/whispersystems/textsecuregcm/websocket/WebSocketAccountAuthenticator.java

@@ -14,30 +14,30 @@ import java.util.Map;
 import javax.annotation.Nullable;
 import org.eclipse.jetty.websocket.api.UpgradeRequest;
 import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.websocket.ReusableAuth;
 import org.whispersystems.websocket.auth.AuthenticationException;
 import org.whispersystems.websocket.auth.PrincipalSupplier;
 import org.whispersystems.websocket.auth.WebSocketAuthenticator;
 
 
-public class WebSocketAccountAuthenticator implements WebSocketAuthenticator<AuthenticatedAccount> {
+public class WebSocketAccountAuthenticator implements WebSocketAuthenticator<AuthenticatedDevice> {
 
-  private static final ReusableAuth<AuthenticatedAccount> CREDENTIALS_NOT_PRESENTED = ReusableAuth.anonymous();
+  private static final ReusableAuth<AuthenticatedDevice> CREDENTIALS_NOT_PRESENTED = ReusableAuth.anonymous();
 
-  private static final ReusableAuth<AuthenticatedAccount> INVALID_CREDENTIALS_PRESENTED = ReusableAuth.invalid();
+  private static final ReusableAuth<AuthenticatedDevice> INVALID_CREDENTIALS_PRESENTED = ReusableAuth.invalid();
 
   private final AccountAuthenticator accountAuthenticator;
-  private final PrincipalSupplier<AuthenticatedAccount> principalSupplier;
+  private final PrincipalSupplier<AuthenticatedDevice> principalSupplier;
 
   public WebSocketAccountAuthenticator(final AccountAuthenticator accountAuthenticator,
-      final PrincipalSupplier<AuthenticatedAccount> principalSupplier) {
+      final PrincipalSupplier<AuthenticatedDevice> principalSupplier) {
     this.accountAuthenticator = accountAuthenticator;
     this.principalSupplier = principalSupplier;
   }
 
   @Override
-  public ReusableAuth<AuthenticatedAccount> authenticate(final UpgradeRequest request)
+  public ReusableAuth<AuthenticatedDevice> authenticate(final UpgradeRequest request)
       throws AuthenticationException {
     try {
       // If the `Authorization` header was set for the request it takes priority, and we use the result of the
@@ -54,7 +54,7 @@ public class WebSocketAccountAuthenticator implements WebSocketAuthenticator<Aut
     }
   }
 
-  private ReusableAuth<AuthenticatedAccount> authenticatedAccountFromQueryParams(final UpgradeRequest request) {
+  private ReusableAuth<AuthenticatedDevice> authenticatedAccountFromQueryParams(final UpgradeRequest request) {
     final Map<String, List<String>> parameters = request.getParameterMap();
     final List<String> usernames = parameters.get("login");
     final List<String> passwords = parameters.get("password");
@@ -69,7 +69,7 @@ public class WebSocketAccountAuthenticator implements WebSocketAuthenticator<Aut
         .orElse(INVALID_CREDENTIALS_PRESENTED);
   }
 
-  private ReusableAuth<AuthenticatedAccount> authenticatedAccountFromHeaderAuth(@Nullable final String authHeader)
+  private ReusableAuth<AuthenticatedDevice> authenticatedAccountFromHeaderAuth(@Nullable final String authHeader)
       throws AuthenticationException {
     if (authHeader == null) {
       return CREDENTIALS_NOT_PRESENTED;

service/src/main/java/org/whispersystems/textsecuregcm/websocket/WebSocketConnection.java

@@ -34,7 +34,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.reactivestreams.Publisher;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.controllers.MessageController;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.Envelope;
 import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
@@ -116,7 +116,7 @@ public class WebSocketConnection implements MessageAvailabilityListener, Displac
   private final MessageMetrics messageMetrics;
   private final PushNotificationManager pushNotificationManager;
 
-  private final AuthenticatedAccount auth;
+  private final AuthenticatedDevice auth;
   private final WebSocketClient client;
 
   private final int sendFuturesTimeoutMillis;
@@ -148,7 +148,7 @@ public class WebSocketConnection implements MessageAvailabilityListener, Displac
       MessagesManager messagesManager,
       MessageMetrics messageMetrics,
       PushNotificationManager pushNotificationManager,
-      AuthenticatedAccount auth,
+      AuthenticatedDevice auth,
       WebSocketClient client,
       ScheduledExecutorService scheduledExecutorService,
       Scheduler messageDeliveryScheduler,
@@ -171,7 +171,7 @@ public class WebSocketConnection implements MessageAvailabilityListener, Displac
       MessagesManager messagesManager,
       MessageMetrics messageMetrics,
       PushNotificationManager pushNotificationManager,
-      AuthenticatedAccount auth,
+      AuthenticatedDevice auth,
       WebSocketClient client,
       int sendFuturesTimeoutMillis,
       ScheduledExecutorService scheduledExecutorService,

service/src/test/java/org/whispersystems/textsecuregcm/WebsocketResourceProviderIntegrationTest.java

@@ -32,7 +32,7 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.filters.RemoteAddressFilter;
 import org.whispersystems.textsecuregcm.tests.util.TestWebsocketListener;
 import org.whispersystems.websocket.ReusableAuth;
@@ -70,7 +70,7 @@ public class WebsocketResourceProviderIntegrationTest {
 
       final WebSocketConfiguration webSocketConfiguration = new WebSocketConfiguration();
 
-      final WebSocketEnvironment<AuthenticatedAccount> webSocketEnvironment =
+      final WebSocketEnvironment<AuthenticatedDevice> webSocketEnvironment =
           new WebSocketEnvironment<>(environment, webSocketConfiguration);
 
       environment.jersey().register(testController);
@@ -80,14 +80,14 @@ public class WebsocketResourceProviderIntegrationTest {
       webSocketEnvironment.jersey().register(testController);
       webSocketEnvironment.jersey().register(new RemoteAddressFilter());
       webSocketEnvironment.setAuthenticator(upgradeRequest ->
-          ReusableAuth.authenticated(mock(AuthenticatedAccount.class), PrincipalSupplier.forImmutablePrincipal()));
+          ReusableAuth.authenticated(mock(AuthenticatedDevice.class), PrincipalSupplier.forImmutablePrincipal()));
 
       webSocketEnvironment.jersey().property(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE);
       webSocketEnvironment.setConnectListener(webSocketSessionContext -> {
       });
 
-      final WebSocketResourceProviderFactory<AuthenticatedAccount> webSocketServlet =
+      final WebSocketResourceProviderFactory<AuthenticatedDevice> webSocketServlet =
-          new WebSocketResourceProviderFactory<>(webSocketEnvironment, AuthenticatedAccount.class,
+          new WebSocketResourceProviderFactory<>(webSocketEnvironment, AuthenticatedDevice.class,
               webSocketConfiguration, REMOTE_ADDRESS_ATTRIBUTE_NAME);
 
       JettyWebSocketServletContainerInitializer.configure(environment.getApplicationContext(), null);

service/src/test/java/org/whispersystems/textsecuregcm/WebsocketReuseAuthIntegrationTest.java

@@ -43,7 +43,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.filters.RemoteAddressFilter;
 import org.whispersystems.textsecuregcm.storage.RefreshingAccountNotFoundException;
 import org.whispersystems.textsecuregcm.tests.util.TestWebsocketListener;
@@ -58,9 +58,9 @@ import org.whispersystems.websocket.setup.WebSocketEnvironment;
 @ExtendWith(DropwizardExtensionsSupport.class)
 public class WebsocketReuseAuthIntegrationTest {
 
-  private static final AuthenticatedAccount ACCOUNT = mock(AuthenticatedAccount.class);
+  private static final AuthenticatedDevice ACCOUNT = mock(AuthenticatedDevice.class);
   @SuppressWarnings("unchecked")
-  private static final PrincipalSupplier<AuthenticatedAccount> PRINCIPAL_SUPPLIER = mock(PrincipalSupplier.class);
+  private static final PrincipalSupplier<AuthenticatedDevice> PRINCIPAL_SUPPLIER = mock(PrincipalSupplier.class);
   private static final DropwizardAppExtension<Configuration> DROPWIZARD_APP_EXTENSION =
       new DropwizardAppExtension<>(TestApplication.class);
 
@@ -90,7 +90,7 @@ public class WebsocketReuseAuthIntegrationTest {
 
       final WebSocketConfiguration webSocketConfiguration = new WebSocketConfiguration();
 
-      final WebSocketEnvironment<AuthenticatedAccount> webSocketEnvironment =
+      final WebSocketEnvironment<AuthenticatedDevice> webSocketEnvironment =
           new WebSocketEnvironment<>(environment, webSocketConfiguration);
 
       environment.jersey().register(testController);
@@ -105,8 +105,8 @@ public class WebsocketReuseAuthIntegrationTest {
       webSocketEnvironment.setConnectListener(webSocketSessionContext -> {
       });
 
-      final WebSocketResourceProviderFactory<AuthenticatedAccount> webSocketServlet =
+      final WebSocketResourceProviderFactory<AuthenticatedDevice> webSocketServlet =
-          new WebSocketResourceProviderFactory<>(webSocketEnvironment, AuthenticatedAccount.class,
+          new WebSocketResourceProviderFactory<>(webSocketEnvironment, AuthenticatedDevice.class,
               webSocketConfiguration, REMOTE_ADDRESS_ATTRIBUTE_NAME);
 
       JettyWebSocketServletContainerInitializer.configure(environment.getApplicationContext(), null);
@@ -139,7 +139,7 @@ public class WebsocketReuseAuthIntegrationTest {
   @ParameterizedTest
   @ValueSource(strings = {"/test/write-auth", "/test/optional-write-auth"})
   public void writeAuth(final String path) throws IOException {
-    final AuthenticatedAccount copiedAccount = mock(AuthenticatedAccount.class);
+    final AuthenticatedDevice copiedAccount = mock(AuthenticatedDevice.class);
     when(copiedAccount.getName()).thenReturn("copy");
     when(PRINCIPAL_SUPPLIER.deepCopy(any())).thenReturn(copiedAccount);
 
@@ -153,7 +153,7 @@ public class WebsocketReuseAuthIntegrationTest {
   @Test
   public void readAfterWrite() throws IOException {
     when(PRINCIPAL_SUPPLIER.deepCopy(any())).thenReturn(ACCOUNT);
-    final AuthenticatedAccount account2 = mock(AuthenticatedAccount.class);
+    final AuthenticatedDevice account2 = mock(AuthenticatedDevice.class);
     when(account2.getName()).thenReturn("refresh");
     when(PRINCIPAL_SUPPLIER.refresh(any())).thenReturn(account2);
 
@@ -189,11 +189,11 @@ public class WebsocketReuseAuthIntegrationTest {
 
   @Test
   public void readConcurrentWithWrite() throws IOException, ExecutionException, InterruptedException, TimeoutException {
-    final AuthenticatedAccount deepCopy = mock(AuthenticatedAccount.class);
+    final AuthenticatedDevice deepCopy = mock(AuthenticatedDevice.class);
     when(deepCopy.getName()).thenReturn("deepCopy");
     when(PRINCIPAL_SUPPLIER.deepCopy(any())).thenReturn(deepCopy);
 
-    final AuthenticatedAccount refresh = mock(AuthenticatedAccount.class);
+    final AuthenticatedDevice refresh = mock(AuthenticatedDevice.class);
     when(refresh.getName()).thenReturn("refresh");
     when(PRINCIPAL_SUPPLIER.refresh(any())).thenReturn(refresh);
 
@@ -234,35 +234,35 @@ public class WebsocketReuseAuthIntegrationTest {
     @GET
     @Path("/read-auth")
     @ManagedAsync
-    public String readAuth(@ReadOnly @Auth final AuthenticatedAccount account) {
+    public String readAuth(@ReadOnly @Auth final AuthenticatedDevice account) {
       return account.getName();
     }
 
     @GET
     @Path("/optional-read-auth")
     @ManagedAsync
-    public String optionalReadAuth(@ReadOnly @Auth final Optional<AuthenticatedAccount> account) {
+    public String optionalReadAuth(@ReadOnly @Auth final Optional<AuthenticatedDevice> account) {
-      return account.map(AuthenticatedAccount::getName).orElse("empty");
+      return account.map(AuthenticatedDevice::getName).orElse("empty");
     }
 
     @GET
     @Path("/write-auth")
     @ManagedAsync
-    public String writeAuth(@Auth final AuthenticatedAccount account) {
+    public String writeAuth(@Auth final AuthenticatedDevice account) {
       return account.getName();
     }
 
     @GET
     @Path("/optional-write-auth")
     @ManagedAsync
-    public String optionalWriteAuth(@Auth final Optional<AuthenticatedAccount> account) {
+    public String optionalWriteAuth(@Auth final Optional<AuthenticatedDevice> account) {
-      return account.map(AuthenticatedAccount::getName).orElse("empty");
+      return account.map(AuthenticatedDevice::getName).orElse("empty");
     }
 
     @GET
     @Path("/start-delayed-write/{id}")
     @ManagedAsync
-    public String startDelayedWrite(@Auth final AuthenticatedAccount account, @PathParam("id") String id)
+    public String startDelayedWrite(@Auth final AuthenticatedDevice account, @PathParam("id") String id)
         throws InterruptedException {
       delayedWriteLatches.computeIfAbsent(id, i -> new CountDownLatch(1)).await();
       return account.getName();

service/src/test/java/org/whispersystems/textsecuregcm/auth/AccountAuthenticatorTest.java

@@ -166,7 +166,7 @@ class AccountAuthenticatorTest {
     when(credentials.verify(password)).thenReturn(true);
     when(credentials.getVersion()).thenReturn(SaltedTokenHash.CURRENT_VERSION);
 
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount =
+    final Optional<AuthenticatedDevice> maybeAuthenticatedAccount =
         accountAuthenticator.authenticate(new BasicCredentials(uuid.toString(), password));
 
     assertThat(maybeAuthenticatedAccount).isPresent();
@@ -194,7 +194,7 @@ class AccountAuthenticatorTest {
     when(credentials.verify(password)).thenReturn(true);
     when(credentials.getVersion()).thenReturn(SaltedTokenHash.CURRENT_VERSION);
 
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount =
+    final Optional<AuthenticatedDevice> maybeAuthenticatedAccount =
         accountAuthenticator.authenticate(new BasicCredentials(uuid + "." + deviceId, password));
 
     assertThat(maybeAuthenticatedAccount).isPresent();
@@ -231,7 +231,7 @@ class AccountAuthenticatorTest {
     } else {
       identifier = uuid.toString() + AccountAuthenticator.DEVICE_ID_SEPARATOR + deviceId;
     }
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount =
+    final Optional<AuthenticatedDevice> maybeAuthenticatedAccount =
         accountAuthenticator.authenticate(new BasicCredentials(identifier, password));
 
     assertThat(maybeAuthenticatedAccount).isPresent();
@@ -259,7 +259,7 @@ class AccountAuthenticatorTest {
     when(credentials.verify(password)).thenReturn(true);
     when(credentials.getVersion()).thenReturn(SaltedTokenHash.Version.V1);
 
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount =
+    final Optional<AuthenticatedDevice> maybeAuthenticatedAccount =
         accountAuthenticator.authenticate(new BasicCredentials(uuid.toString(), password));
 
     assertThat(maybeAuthenticatedAccount).isPresent();
@@ -294,7 +294,7 @@ class AccountAuthenticatorTest {
     when(credentials.verify(password)).thenReturn(true);
     when(credentials.getVersion()).thenReturn(SaltedTokenHash.CURRENT_VERSION);
 
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount =
+    final Optional<AuthenticatedDevice> maybeAuthenticatedAccount =
         accountAuthenticator.authenticate(new BasicCredentials(uuid + "." + (deviceId + 1), password));
 
     assertThat(maybeAuthenticatedAccount).isEmpty();
@@ -322,7 +322,7 @@ class AccountAuthenticatorTest {
 
     final String incorrectPassword = password + "incorrect";
 
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount =
+    final Optional<AuthenticatedDevice> maybeAuthenticatedAccount =
         accountAuthenticator.authenticate(new BasicCredentials(uuid.toString(), incorrectPassword));
 
     assertThat(maybeAuthenticatedAccount).isEmpty();
@@ -332,7 +332,7 @@ class AccountAuthenticatorTest {
   @ParameterizedTest
   @MethodSource
   void testAuthenticateMalformedCredentials(final String username) {
-    final Optional<AuthenticatedAccount> maybeAuthenticatedAccount = assertDoesNotThrow(
+    final Optional<AuthenticatedDevice> maybeAuthenticatedAccount = assertDoesNotThrow(
         () -> accountAuthenticator.authenticate(new BasicCredentials(username, "password")));
 
     assertThat(maybeAuthenticatedAccount).isEmpty();

service/src/test/java/org/whispersystems/textsecuregcm/auth/PhoneNumberChangeRefreshRequirementProviderTest.java

@@ -112,7 +112,7 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
 
       final WebSocketConfiguration webSocketConfiguration = new WebSocketConfiguration();
 
-      final WebSocketEnvironment<AuthenticatedAccount> webSocketEnvironment =
+      final WebSocketEnvironment<AuthenticatedDevice> webSocketEnvironment =
           new WebSocketEnvironment<>(environment, webSocketConfiguration);
 
       environment.jersey().register(testController);
@@ -129,13 +129,13 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
       });
 
 
-      environment.jersey().register(new AuthDynamicFeature(new BasicCredentialAuthFilter.Builder<AuthenticatedAccount>()
+      environment.jersey().register(new AuthDynamicFeature(new BasicCredentialAuthFilter.Builder<AuthenticatedDevice>()
           .setAuthenticator(AUTHENTICATOR)
           .buildAuthFilter()));
       webSocketEnvironment.setAuthenticator(new WebSocketAccountAuthenticator(AUTHENTICATOR, mock(PrincipalSupplier.class)));
 
-      final WebSocketResourceProviderFactory<AuthenticatedAccount> webSocketServlet =
+      final WebSocketResourceProviderFactory<AuthenticatedDevice> webSocketServlet =
-          new WebSocketResourceProviderFactory<>(webSocketEnvironment, AuthenticatedAccount.class,
+          new WebSocketResourceProviderFactory<>(webSocketEnvironment, AuthenticatedDevice.class,
               webSocketConfiguration, REMOTE_ADDRESS_ATTRIBUTE_NAME);
 
       JettyWebSocketServletContainerInitializer.configure(environment.getApplicationContext(), null);
@@ -160,7 +160,7 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
   private void makeAuthenticatedRequest(
       final Protocol protocol,
       final String requestPath) throws IOException {
-    when(AUTHENTICATOR.authenticate(any())).thenReturn(Optional.of(new AuthenticatedAccount(account1, authenticatedDevice)));
+    when(AUTHENTICATOR.authenticate(any())).thenReturn(Optional.of(new AuthenticatedDevice(account1, authenticatedDevice)));
     makeRequest(protocol,requestPath, false);
   }
 
@@ -206,7 +206,7 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
   @EnumSource(Protocol.class)
   void handleRequestChange(final Protocol protocol) throws IOException {
     when(ACCOUNTS_MANAGER.getByAccountIdentifier(any())).thenReturn(Optional.of(account2));
-    when(AUTHENTICATOR.authenticate(any())).thenReturn(Optional.of(new AuthenticatedAccount(account1, authenticatedDevice)));
+    when(AUTHENTICATOR.authenticate(any())).thenReturn(Optional.of(new AuthenticatedDevice(account1, authenticatedDevice)));
 
     makeAuthenticatedRequest(protocol, "/test/annotated");
 
@@ -220,7 +220,7 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
   @Test
   void handleRequestChangeAsyncEndpoint() throws IOException {
     when(ACCOUNTS_MANAGER.getByAccountIdentifier(any())).thenReturn(Optional.of(account2));
-    when(AUTHENTICATOR.authenticate(any())).thenReturn(Optional.of(new AuthenticatedAccount(account1, authenticatedDevice)));
+    when(AUTHENTICATOR.authenticate(any())).thenReturn(Optional.of(new AuthenticatedDevice(account1, authenticatedDevice)));
 
     // Event listeners with asynchronous HTTP endpoints don't currently correctly maintain state between request and
     // response
@@ -268,7 +268,7 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
     @GET
     @Path("/annotated")
     @ChangesPhoneNumber
-    public String annotated(@ReadOnly @Auth final AuthenticatedAccount account) {
+    public String annotated(@ReadOnly @Auth final AuthenticatedDevice account) {
       return "ok";
     }
 
@@ -276,7 +276,7 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
     @Path("/async-annotated")
     @ChangesPhoneNumber
     @ManagedAsync
-    public String asyncAnnotated(@ReadOnly @Auth final AuthenticatedAccount account) {
+    public String asyncAnnotated(@ReadOnly @Auth final AuthenticatedDevice account) {
       return "ok";
     }
 
@@ -289,7 +289,7 @@ class PhoneNumberChangeRefreshRequirementProviderTest {
 
     @GET
     @Path("/not-annotated")
-    public String notAnnotated(@ReadOnly @Auth final AuthenticatedAccount account) {
+    public String notAnnotated(@ReadOnly @Auth final AuthenticatedDevice account) {
       return "ok";
     }
   }

service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerTest.java

@@ -54,7 +54,7 @@ import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.ArgumentCaptor;
 import org.signal.libsignal.usernames.BaseUsernameException;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.SaltedTokenHash;
 import org.whispersystems.textsecuregcm.auth.StoredRegistrationLock;
 import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
@@ -140,7 +140,7 @@ class AccountControllerTest {
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProperty(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE)
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new JsonMappingExceptionMapper())
       .addProvider(new RateLimitExceededExceptionMapper())
       .addProvider(new ImpossiblePhoneNumberExceptionMapper())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/AccountControllerV2Test.java

@@ -64,7 +64,7 @@ import org.mockito.stubbing.Answer;
 import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.PhoneVerificationTokenManager;
 import org.whispersystems.textsecuregcm.auth.RegistrationLockError;
 import org.whispersystems.textsecuregcm.auth.RegistrationLockVerificationManager;
@@ -116,7 +116,7 @@ class AccountControllerV2Test {
   private final ResourceExtension resources = ResourceExtension.builder()
       .addProperty(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE)
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new RateLimitExceededExceptionMapper())
       .addProvider(new ImpossiblePhoneNumberExceptionMapper())
       .addProvider(new NonNormalizedPhoneNumberExceptionMapper())
@@ -858,7 +858,7 @@ class AccountControllerV2Test {
 
     /**
      * Creates an {@link Account} with data sufficient for
-     * {@link AccountControllerV2#getAccountDataReport(AuthenticatedAccount)}.
+     * {@link AccountControllerV2#getAccountDataReport(AuthenticatedDevice)}.
      * <p>
      * Note: All devices will have a {@link SaltedTokenHash} for "password"
      */

service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java

@@ -59,7 +59,7 @@ import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialRequestContext;
 import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialResponse;
 import org.signal.libsignal.zkgroup.receipts.ReceiptSerial;
 import org.signal.libsignal.zkgroup.receipts.ServerZkReceiptOperations;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedBackupUser;
 import org.whispersystems.textsecuregcm.backup.BackupAuthManager;
 import org.whispersystems.textsecuregcm.backup.BackupAuthTestUtil;
@@ -84,7 +84,7 @@ public class ArchiveControllerTest {
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProperty(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE)
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new CompletionExceptionMapper())
       .addResource(new GrpcStatusRuntimeExceptionMapper())
       .addProvider(new RateLimitExceededExceptionMapper())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArtControllerTest.java

@@ -16,7 +16,7 @@ import java.time.Duration;
 import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.ArtServiceConfiguration;
@@ -34,7 +34,7 @@ class ArtControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(new ArtController(rateLimiters, artCredentialsGenerator))

service/src/test/java/org/whispersystems/textsecuregcm/controllers/AttachmentControllerTest.java

@@ -34,7 +34,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.whispersystems.textsecuregcm.attachments.GcsAttachmentGenerator;
 import org.whispersystems.textsecuregcm.attachments.TusAttachmentGenerator;
 import org.whispersystems.textsecuregcm.attachments.TusConfiguration;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.configuration.secrets.SecretBytes;
 import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV2;
 import org.whispersystems.textsecuregcm.entities.AttachmentDescriptorV3;
@@ -90,7 +90,7 @@ class AttachmentControllerTest {
           "signal@example.com", 1000, "/attach-here", RSA_PRIVATE_KEY_PEM);
       resources = ResourceExtension.builder()
           .addProvider(AuthHelper.getAuthFilter())
-          .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+          .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
           .setMapper(SystemMapper.jsonMapper())
           .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
           .addResource(new AttachmentControllerV2(RATE_LIMITERS, "accessKey", "accessSecret", "us-east-1",

service/src/test/java/org/whispersystems/textsecuregcm/controllers/CallLinkControllerTest.java

@@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.signal.libsignal.protocol.util.Hex;
 import org.signal.libsignal.zkgroup.GenericServerSecretParams;
 import org.signal.libsignal.zkgroup.calllinks.CreateCallLinkCredentialRequestContext;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.GetCreateCallLinkCredentialsRequest;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
@@ -41,7 +41,7 @@ public class CallLinkControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new RateLimitExceededExceptionMapper())
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/CallRoutingControllerTest.java

@@ -28,7 +28,7 @@ import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.CloudflareTurnCredentialsManager;
 import org.whispersystems.textsecuregcm.auth.TurnToken;
 import org.whispersystems.textsecuregcm.auth.TurnTokenGenerator;
@@ -65,7 +65,7 @@ class CallRoutingControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new RateLimitExceededExceptionMapper())
       .addProvider(new TestRemoteAddressFilterProvider(REMOTE_ADDRESS))
       .setMapper(SystemMapper.jsonMapper())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java

@@ -38,7 +38,7 @@ import org.signal.libsignal.zkgroup.auth.AuthCredentialWithPniResponse;
 import org.signal.libsignal.zkgroup.auth.ClientZkAuthOperations;
 import org.signal.libsignal.zkgroup.auth.ServerZkAuthOperations;
 import org.signal.libsignal.zkgroup.calllinks.CallLinkAuthCredentialResponse;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.CertificateGenerator;
 import org.whispersystems.textsecuregcm.entities.DeliveryCertificate;
 import org.whispersystems.textsecuregcm.entities.GroupCredentials;
@@ -79,7 +79,7 @@ class CertificateControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(new CertificateController(certificateGenerator, serverZkAuthOperations, genericServerSecretParams, clock))

service/src/test/java/org/whispersystems/textsecuregcm/controllers/ChallengeControllerTest.java

@@ -32,7 +32,7 @@ import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.limits.RateLimitChallengeManager;
 import org.whispersystems.textsecuregcm.mappers.RateLimitExceededExceptionMapper;
 import org.whispersystems.textsecuregcm.push.NotPushRegisteredException;
@@ -53,7 +53,7 @@ class ChallengeControllerTest {
 
   private static final ResourceExtension EXTENSION = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new TestRemoteAddressFilterProvider("127.0.0.1"))
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/DeviceControllerTest.java

@@ -51,7 +51,7 @@ import org.mockito.ArgumentCaptor;
 import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.WebsocketRefreshApplicationEventListener;
 import org.whispersystems.textsecuregcm.entities.AccountAttributes;
 import org.whispersystems.textsecuregcm.entities.ApnRegistrationId;
@@ -119,7 +119,7 @@ class DeviceControllerTest {
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProperty(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE)
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addProvider(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager))
       .addProvider(new DeviceLimitExceededExceptionMapper())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/DirectoryControllerV2Test.java

@@ -15,13 +15,12 @@ import java.time.Instant;
 import java.time.ZoneId;
 import java.util.UUID;
 import org.junit.jupiter.api.Test;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.DirectoryV2ClientConfiguration;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
-import org.whispersystems.textsecuregcm.util.Pair;
 
 class DirectoryControllerV2Test {
 
@@ -39,7 +38,7 @@ class DirectoryControllerV2Test {
     when(account.getUuid()).thenReturn(uuid);
 
     final ExternalServiceCredentials credentials = (ExternalServiceCredentials) controller.getAuthToken(
-        new AuthenticatedAccount(account, mock(Device.class))).getEntity();
+        new AuthenticatedDevice(account, mock(Device.class))).getEntity();
 
     assertEquals(credentials.username(), "d369bc712e2e0dd36258");
     assertEquals(credentials.password(), "1633738643:4433b0fab41f25f79dd4");

service/src/test/java/org/whispersystems/textsecuregcm/controllers/DonationControllerTest.java

@@ -32,7 +32,7 @@ import org.signal.libsignal.zkgroup.InvalidInputException;
 import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialPresentation;
 import org.signal.libsignal.zkgroup.receipts.ReceiptSerial;
 import org.signal.libsignal.zkgroup.receipts.ServerZkReceiptOperations;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.configuration.BadgeConfiguration;
 import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
 import org.whispersystems.textsecuregcm.entities.BadgeSvg;
@@ -94,7 +94,7 @@ class DonationControllerTest {
 
     resources = ResourceExtension.builder()
         .addProvider(AuthHelper.getAuthFilter())
-        .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+        .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
         .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
         .addResource(new DonationController(clock, zkReceiptOperations, redeemedReceiptsManager, accountsManager,
             getBadgesConfiguration(), receiptCredentialPresentationFactory))

service/src/test/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyControllerTest.java

@@ -25,7 +25,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.KeyTransparencyMonitorRequest;
 import org.whispersystems.textsecuregcm.entities.KeyTransparencyMonitorResponse;
 import org.whispersystems.textsecuregcm.entities.KeyTransparencySearchRequest;
@@ -81,7 +81,7 @@ public class KeyTransparencyControllerTest {
 
   private final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(TEST_REMOTE_ADDRESS_FILTER_PROVIDER)
       .addProvider(new RateLimitByIpFilter(rateLimiters))
       .setMapper(SystemMapper.jsonMapper())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/KeysControllerTest.java

@@ -56,7 +56,7 @@ import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
 import org.signal.libsignal.zkgroup.ServerSecretParams;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.CheckKeysRequest;
 import org.whispersystems.textsecuregcm.entities.ECPreKey;
 import org.whispersystems.textsecuregcm.entities.ECSignedPreKey;
@@ -155,7 +155,7 @@ class KeysControllerTest {
       .addProperty(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE)
       .addProvider(AuthHelper.getAuthFilter())
       .addProvider(CompletionExceptionMapper.class)
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(new ServerRejectedExceptionMapper())
       .addResource(new KeysController(rateLimiters, KEYS, accounts, serverSecretParams, clock))

service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java

@@ -82,7 +82,7 @@ import org.junitpioneer.jupiter.cartesian.ArgumentSets;
 import org.junitpioneer.jupiter.cartesian.CartesianTest;
 import org.mockito.ArgumentCaptor;
 import org.signal.libsignal.zkgroup.ServerSecretParams;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicInboundMessageByteLimitConfiguration;
@@ -194,7 +194,7 @@ class MessageControllerTest {
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProperty(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE)
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(RateLimitExceededExceptionMapper.class)
       .addProvider(MultiRecipientMessageProvider.class)
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/PaymentsControllerTest.java

@@ -22,7 +22,7 @@ import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.currency.CurrencyConversionManager;
@@ -40,7 +40,7 @@ class PaymentsControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(new PaymentsController(currencyManager, paymentsCredentialsGenerator))
       .build();

service/src/test/java/org/whispersystems/textsecuregcm/controllers/ProfileControllerTest.java

@@ -74,7 +74,7 @@ import org.signal.libsignal.zkgroup.profiles.ProfileKeyCommitment;
 import org.signal.libsignal.zkgroup.profiles.ProfileKeyCredentialRequest;
 import org.signal.libsignal.zkgroup.profiles.ProfileKeyCredentialRequestContext;
 import org.signal.libsignal.zkgroup.profiles.ServerZkProfileOperations;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.configuration.BadgeConfiguration;
 import org.whispersystems.textsecuregcm.configuration.BadgesConfiguration;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
@@ -149,7 +149,7 @@ class ProfileControllerTest {
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProperty(ServerProperties.UNWRAP_COMPLETION_STAGE_IN_WRITER_ENABLE, Boolean.TRUE)
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new RateLimitExceededExceptionMapper())
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/ProvisioningControllerTest.java

@@ -30,7 +30,7 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.ProvisioningMessage;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
@@ -50,7 +50,7 @@ class ProvisioningControllerTest {
 
   private static final ResourceExtension RESOURCE_EXTENSION = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .addProvider(new RateLimitExceededExceptionMapper())
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())

service/src/test/java/org/whispersystems/textsecuregcm/controllers/RemoteConfigControllerTest.java

@@ -34,7 +34,7 @@ import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.UserRemoteConfig;
 import org.whispersystems.textsecuregcm.entities.UserRemoteConfigList;
 import org.whispersystems.textsecuregcm.mappers.DeviceLimitExceededExceptionMapper;
@@ -54,7 +54,7 @@ class RemoteConfigControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addProvider(new DeviceLimitExceededExceptionMapper())
       .addResource(new RemoteConfigController(remoteConfigsManager, Map.of("maxGroupSize", "42"), TEST_CLOCK))

service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureStorageControllerTest.java

@@ -16,7 +16,7 @@ import javax.ws.rs.core.Response;
 import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.SecureStorageServiceConfiguration;
@@ -36,7 +36,7 @@ class SecureStorageControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(new SecureStorageController(STORAGE_CREDENTIAL_GENERATOR))

service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureValueRecovery3ControllerTest.java

@@ -38,7 +38,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.SecureValueRecovery3Configuration;
 import org.whispersystems.textsecuregcm.entities.AuthCheckRequest;
@@ -74,7 +74,7 @@ public class SecureValueRecovery3ControllerTest extends SecureValueRecoveryContr
 
   private static final ResourceExtension RESOURCES = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(CONTROLLER)

service/src/test/java/org/whispersystems/textsecuregcm/controllers/StickerControllerTest.java

@@ -20,7 +20,7 @@ import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.StickerPackFormUploadAttributes;
 import org.whispersystems.textsecuregcm.limits.RateLimiter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
@@ -35,7 +35,7 @@ class StickerControllerTest {
 
   private static final ResourceExtension resources = ResourceExtension.builder()
       .addProvider(AuthHelper.getAuthFilter())
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(new StickerController(rateLimiters, "foo", "bar", "us-east-1", "mybucket"))

service/src/test/java/org/whispersystems/textsecuregcm/controllers/SubscriptionControllerTest.java

@@ -63,7 +63,7 @@ import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialRequest;
 import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialResponse;
 import org.signal.libsignal.zkgroup.receipts.ReceiptSerial;
 import org.signal.libsignal.zkgroup.receipts.ServerZkReceiptOperations;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.backup.BackupManager;
 import org.whispersystems.textsecuregcm.badges.BadgeTranslator;
 import org.whispersystems.textsecuregcm.badges.LevelTranslator;
@@ -119,7 +119,7 @@ class SubscriptionControllerTest {
       .addProvider(AuthHelper.getAuthFilter())
       .addProvider(CompletionExceptionMapper.class)
       .addProvider(SubscriptionProcessorExceptionMapper.class)
-      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedAccount.class))
+      .addProvider(new AuthValueFactoryProvider.Binder<>(AuthenticatedDevice.class))
       .setMapper(SystemMapper.jsonMapper())
       .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
       .addResource(SUBSCRIPTION_CONTROLLER)

service/src/test/java/org/whispersystems/textsecuregcm/tests/util/AuthHelper.java

@@ -47,7 +47,7 @@ import org.signal.libsignal.zkgroup.groupsend.GroupSendEndorsementsResponse;
 import org.signal.libsignal.zkgroup.groupsend.GroupSendFullToken;
 import org.signal.libsignal.zkgroup.groupsend.GroupSendEndorsementsResponse.ReceivedEndorsements;
 import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.auth.SaltedTokenHash;
 import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
@@ -213,10 +213,10 @@ public class AuthHelper {
       testAccount.setup(ACCOUNTS_MANAGER);
     }
 
-    AuthFilter<BasicCredentials, AuthenticatedAccount> accountAuthFilter = new BasicCredentialAuthFilter.Builder<AuthenticatedAccount>().setAuthenticator(
+    AuthFilter<BasicCredentials, AuthenticatedDevice> accountAuthFilter = new BasicCredentialAuthFilter.Builder<AuthenticatedDevice>().setAuthenticator(
         new AccountAuthenticator(ACCOUNTS_MANAGER)).buildAuthFilter();
 
-    return new PolymorphicAuthDynamicFeature<>(ImmutableMap.of(AuthenticatedAccount.class, accountAuthFilter));
+    return new PolymorphicAuthDynamicFeature<>(ImmutableMap.of(AuthenticatedDevice.class, accountAuthFilter));
   }
 
   public static String getAuthHeader(UUID uuid, byte deviceId, String password) {

service/src/test/java/org/whispersystems/textsecuregcm/websocket/WebSocketAccountAuthenticatorTest.java

@@ -24,7 +24,7 @@ import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 import org.whispersystems.textsecuregcm.util.HeaderUtils;
@@ -52,7 +52,7 @@ class WebSocketAccountAuthenticatorTest {
     accountAuthenticator = mock(AccountAuthenticator.class);
 
     when(accountAuthenticator.authenticate(eq(new BasicCredentials(VALID_USER, VALID_PASSWORD))))
-        .thenReturn(Optional.of(new AuthenticatedAccount(mock(Account.class), mock(Device.class))));
+        .thenReturn(Optional.of(new AuthenticatedDevice(mock(Account.class), mock(Device.class))));
 
     when(accountAuthenticator.authenticate(eq(new BasicCredentials(INVALID_USER, INVALID_PASSWORD))))
         .thenReturn(Optional.empty());
@@ -77,7 +77,7 @@ class WebSocketAccountAuthenticatorTest {
         accountAuthenticator,
         mock(PrincipalSupplier.class));
 
-    final ReusableAuth<AuthenticatedAccount> result = webSocketAuthenticator.authenticate(upgradeRequest);
+    final ReusableAuth<AuthenticatedDevice> result = webSocketAuthenticator.authenticate(upgradeRequest);
 
     assertEquals(expectAccount, result.ref().isPresent());
     assertEquals(expectInvalid, result.invalidCredentialsProvided());

service/src/test/java/org/whispersystems/textsecuregcm/websocket/WebSocketConnectionIntegrationTest.java

@@ -43,7 +43,7 @@ import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.CsvSource;
 import org.mockito.ArgumentCaptor;
 import org.mockito.stubbing.Answer;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.entities.MessageProtos;
 import org.whispersystems.textsecuregcm.entities.MessageProtos.Envelope;
 import org.whispersystems.textsecuregcm.metrics.MessageMetrics;
@@ -127,7 +127,7 @@ class WebSocketConnectionIntegrationTest {
         new MessagesManager(messagesDynamoDb, messagesCache, reportMessageManager, sharedExecutorService),
         new MessageMetrics(),
         mock(PushNotificationManager.class),
-        new AuthenticatedAccount(account, device),
+        new AuthenticatedDevice(account, device),
         webSocketClient,
         scheduledExecutorService,
         messageDeliveryScheduler,
@@ -213,7 +213,7 @@ class WebSocketConnectionIntegrationTest {
         new MessagesManager(messagesDynamoDb, messagesCache, reportMessageManager, sharedExecutorService),
         new MessageMetrics(),
         mock(PushNotificationManager.class),
-        new AuthenticatedAccount(account, device),
+        new AuthenticatedDevice(account, device),
         webSocketClient,
         scheduledExecutorService,
         messageDeliveryScheduler,
@@ -280,7 +280,7 @@ class WebSocketConnectionIntegrationTest {
         new MessagesManager(messagesDynamoDb, messagesCache, reportMessageManager, sharedExecutorService),
         new MessageMetrics(),
         mock(PushNotificationManager.class),
-        new AuthenticatedAccount(account, device),
+        new AuthenticatedDevice(account, device),
         webSocketClient,
         100, // use a very short timeout, so that this test completes quickly
         scheduledExecutorService,

service/src/test/java/org/whispersystems/textsecuregcm/websocket/WebSocketConnectionTest.java

@@ -10,7 +10,6 @@ import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTimeoutPreemptively;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.anyBoolean;
-import static org.mockito.ArgumentMatchers.anyByte;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.nullable;
@@ -55,7 +54,7 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.stubbing.Answer;
 import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedDevice;
 import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
 import org.whispersystems.textsecuregcm.metrics.MessageMetrics;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
@@ -89,7 +88,7 @@ class WebSocketConnectionTest {
   private AccountsManager accountsManager;
   private Account account;
   private Device device;
-  private AuthenticatedAccount auth;
+  private AuthenticatedDevice auth;
   private UpgradeRequest upgradeRequest;
   private MessagesManager messagesManager;
   private ReceiptSender receiptSender;
@@ -103,7 +102,7 @@ class WebSocketConnectionTest {
     accountsManager = mock(AccountsManager.class);
     account = mock(Account.class);
     device = mock(Device.class);
-    auth = new AuthenticatedAccount(account, device);
+    auth = new AuthenticatedDevice(account, device);
     upgradeRequest = mock(UpgradeRequest.class);
     messagesManager = mock(MessagesManager.class);
     receiptSender = mock(ReceiptSender.class);
@@ -128,11 +127,11 @@ class WebSocketConnectionTest {
     WebSocketSessionContext sessionContext = mock(WebSocketSessionContext.class);
 
     when(accountAuthenticator.authenticate(eq(new BasicCredentials(VALID_USER, VALID_PASSWORD))))
-        .thenReturn(Optional.of(new AuthenticatedAccount(account, device)));
+        .thenReturn(Optional.of(new AuthenticatedDevice(account, device)));
 
-    ReusableAuth<AuthenticatedAccount> account = webSocketAuthenticator.authenticate(upgradeRequest);
+    ReusableAuth<AuthenticatedDevice> account = webSocketAuthenticator.authenticate(upgradeRequest);
     when(sessionContext.getAuthenticated()).thenReturn(account.ref().orElse(null));
-    when(sessionContext.getAuthenticated(AuthenticatedAccount.class)).thenReturn(account.ref().orElse(null));
+    when(sessionContext.getAuthenticated(AuthenticatedDevice.class)).thenReturn(account.ref().orElse(null));
 
     final WebSocketClient webSocketClient = mock(WebSocketClient.class);
     when(webSocketClient.getUserAgent()).thenReturn("Signal-Android/6.22.8");