PrivateCoffee/element-web
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
element-web/src/SecurityManager.ts

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

316 lines
13 KiB
TypeScript
Raw Normal View History

Extract callbacks to a new module
2019-12-05 15:20:30 +00:00
/*
Rename CrossSigningManager to SecurityManager The file encompasses bits of cross-signing and also secret storage / secure backup.
2020-09-03 13:50:49 +00:00
Copyright 2019, 2020 The Matrix.org Foundation C.I.C.
Extract callbacks to a new module
2019-12-05 15:20:30 +00:00
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Remove unused CryptoCallbacks implementations (#12919) * Remove unused `onSecretRequested` callback This thing is unused with the rust crypto stack (which is lucky, because it uses methods that only work with the legacy stack). * Remove unused `getDehydrationKey` method This callback is no longer used, so there is no need for an implementation. * Remove unused `dehydrationCache` This is no longer written to, so is redundant. * Remove another write to `CryptoCallbacks.getDehydrationKey` As before: this hook is no longer used by the js-sdk, so writing to it is pointless.
2024-08-23 14:00:18 +00:00
import { ICryptoCallbacks, SecretStorage } from "matrix-js-sdk/src/matrix";
Auto fix Signed-off-by: Aaron Raimist <aaron@raim.ist>
2021-12-09 09:10:23 +00:00
import { deriveKey } from "matrix-js-sdk/src/crypto/key_passphrase";
import { decodeRecoveryKey } from "matrix-js-sdk/src/crypto/recoverykey";
import { logger } from "matrix-js-sdk/src/logger";
Properly type Modal props to ensure useful typescript checking (#10238 * Properly type Modal props to ensure useful typescript checking * delint * Iterate * Iterate * Fix modal.close loop * Iterate * Fix tests * Add comment * Fix test
2023-02-28 10:31:48 +00:00
import type CreateSecretStorageDialog from "./async-components/views/dialogs/security/CreateSecretStorageDialog";
Extract callbacks to a new module
2019-12-05 15:20:30 +00:00
import Modal from "./Modal";
Auto-fix lint errors
2021-06-29 12:11:58 +00:00
import { MatrixClientPeg } from "./MatrixClientPeg";
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
import { _t } from "./languageHandler";
Enforce Secure Backup completion when requested by HS This removes all buttons to escape the Secure Backup setup flow when the matching `.well-known` setting is set by homeserver. Part of https://github.com/vector-im/element-web/issues/14954
2020-08-14 17:06:35 +00:00
import { isSecureBackupRequired } from "./utils/WellKnownUtils";
Properly type Modal props to ensure useful typescript checking (#10238 * Properly type Modal props to ensure useful typescript checking * delint * Iterate * Iterate * Fix modal.close loop * Iterate * Fix tests * Add comment * Fix test
2023-02-28 10:31:48 +00:00
import AccessSecretStorageDialog, { KeyParams } from "./components/views/dialogs/security/AccessSecretStorageDialog";
add a feature flag for dehydration
2020-10-02 01:41:03 +00:00
import SettingsStore from "./settings/SettingsStore";
Replace `SecurityCustomisations` with `CryptoSetupExtension` (#12342) * Changed call sites from customisations/security to ModuleRunner.extensions * Updated depenndecy and added tests * Fixed style and formatting with prettier * Fix according to Element PR comments * Fixing issues raised in PR review * Removed commented code. Improved encapsulation. Removed noisy logging * Improved language of comment about calling the factory * Refactor to get better encapsulation * Find a better name. Provide explicit reset function. Provide more TSDoc * Simplify mock for cryptoSetup, and add assertion for exception message. * Remove unused className property. Adjust TSDoc comments * Fix linting and code style issues * Added test to ensure we canregister anduse experimental extensions * Fix linting and code-style issues * Added test to ensure only on registration of experimental extensions * Added test toensure call to getDehydratedDeviceCallback() * Test what happens when there is no implementation * Iterating cryptoSetup tests * Lint/prettier fix * Assert both branches when checking for dehydrationkey callback * Update src/modules/ModuleRunner.ts Language and formatting Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Reset by setting a fresh ExtensionsManager Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Use regular comment instead of TSDoc style comment Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update test/MatrixClientPeg-test.ts No need to extend the base class Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix spelling Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix spelling Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix TSDoc formatting Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Simplify mock setup * Simplified mock and cleaned up a bit * Keeping track of extensions is an implementation detail internal to ExtensionsManager. Language and punctuation * Addressed issues and comments from PR review * Update src/modules/ModuleRunner.ts Keep the flags to track implementations as direct properties Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Fix flattening of implementation map * Update src/modules/ModuleRunner.ts Fix whitespace Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-04-12 15:15:17 +00:00
import { ModuleRunner } from "./modules/ModuleRunner";
Remove `sdk.getComponent()` where possible (#7091)
2021-11-08 10:27:52 +00:00
import QuestionDialog from "./components/views/dialogs/QuestionDialog";
Step 3.2: Stop using `getComponent` in code
2022-03-02 23:33:40 +00:00
import InteractiveAuthDialog from "./components/views/dialogs/InteractiveAuthDialog";
Globally replace all console.logs via codemod (#6827) This commit replaces all the `console.log` to `logger.log` via an automated script. Related: vector-im/element-web#18425
2021-09-21 15:48:09 +00:00
Re-add the secret storage key cache
2019-12-11 14:28:02 +00:00
// This stores the secret storage private keys in memory for the JS SDK. This is
// only meant to act as a cache to avoid prompting the user multiple times
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
// during the same single operation. Use `accessSecretStorage` below to scope a
// single secret storage operation, as it will clear the cached keys once the
// operation ends.
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
let secretStorageKeys: Record<string, Uint8Array> = {};
Clean up some references to internal js-sdk classes (#12363) * Fix references to `crypto-api/verification` This is supposed to be an internal module; use the front door instead. * `IRecoveryKey` -> `GeneratedSecretStorageKey` `IRecoveryKey` is just a backwards-compatibility alias for `GeneratedSecretStorageKey` * `ISecretStorageKeyInfo` -> `SecretStorage.SecretStorageKeyDescription` Again, same thing * `IPassphraseInfo` -> `SecretStorage.PassphraseInfo` * Remove unused import restriction exceptions
2024-03-22 12:28:13 +00:00
let secretStorageKeyInfo: Record<string, SecretStorage.SecretStorageKeyDescription> = {};
Add advanced option to keep secret storage in memory for session This adds a default-off option to keep the secret storage passphrase cached in memory for the current session to avoid death by prompts.
2020-01-30 14:18:12 +00:00
let secretStorageBeingAccessed = false;
Avoid adding setup toast in the middle of setup This improves the experience of going through secret storage setup / reset flows by avoiding intermittent toasts that appear and disappear in the middle of the operation.
2020-08-19 12:28:03 +00:00
/**
* This can be used by other components to check if secret storage access is in
* progress, so that we can e.g. avoid intermittently showing toasts during
* secret storage setup.
*
* @returns {bool}
*/
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
export function isSecretStorageBeingAccessed(): boolean {
Avoid adding setup toast in the middle of setup This improves the experience of going through secret storage setup / reset flows by avoiding intermittent toasts that appear and disappear in the middle of the operation.
2020-08-19 12:28:03 +00:00
return secretStorageBeingAccessed;
}
Log exceptions from accessSecretStorage Rather than ignoring everything assuming the user cancelled
2020-01-31 10:35:05 +00:00
export class AccessCancelledError extends Error {
Enable `@typescript-eslint/explicit-member-accessibility` on /src (#9785) * Enable `@typescript-eslint/explicit-member-accessibility` on /src * Prettier
2022-12-16 12:29:59 +00:00
public constructor() {
Log exceptions from accessSecretStorage Rather than ignoring everything assuming the user cancelled
2020-01-31 10:35:05 +00:00
super("Secret storage access canceled");
}
}
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
async function confirmToDismiss(): Promise<boolean> {
differentiate dismiss dialog based on name passed from js-sdk also make dialog a bit nicer with more descriptive button
2020-02-06 15:51:02 +00:00
const [sure] = await Modal.createDialog(QuestionDialog, {
Migrate more strings to translation keys (#11651)
2023-09-22 15:39:40 +00:00
title: _t("encryption|cancel_entering_passphrase_title"),
description: _t("encryption|cancel_entering_passphrase_description"),
Hopefully ake cancel dialog a bit less weird There's no design on how to fix this so I've switched the buttons and made the primary not a danger button. We could also try some different wording, eg. 'abort' rather than 'cancel' because with 'ancel' it's not clear if you're cancelling whatever you were trying to do or the dialog asking you if you want to cancel... Ideal might be to make the cancel button red but that means making it a separate button or adding support for doing so to DialogButtons, so not going to do that unless we're sure that's what we want. Fixes https://github.com/vector-im/riot-web/issues/14140
2020-06-25 13:52:59 +00:00
danger: false,
Create more `action_*` common strings (#11438)
2023-08-23 10:57:22 +00:00
button: _t("action|go_back"),
cancelButton: _t("action|cancel"),
differentiate dismiss dialog based on name passed from js-sdk also make dialog a bit nicer with more descriptive button
2020-02-06 15:51:02 +00:00
}).finished;
Hopefully ake cancel dialog a bit less weird There's no design on how to fix this so I've switched the buttons and made the primary not a danger button. We could also try some different wording, eg. 'abort' rather than 'cancel' because with 'ancel' it's not clear if you're cancelling whatever you were trying to do or the dialog asking you if you want to cancel... Ideal might be to make the cancel button red but that means making it a separate button or adding support for doing so to DialogButtons, so not going to do that unless we're sure that's what we want. Fixes https://github.com/vector-im/riot-web/issues/14140
2020-06-25 13:52:59 +00:00
return !sure;
differentiate dismiss dialog based on name passed from js-sdk also make dialog a bit nicer with more descriptive button
2020-02-06 15:51:02 +00:00
}
Clean up some references to internal js-sdk classes (#12363) * Fix references to `crypto-api/verification` This is supposed to be an internal module; use the front door instead. * `IRecoveryKey` -> `GeneratedSecretStorageKey` `IRecoveryKey` is just a backwards-compatibility alias for `GeneratedSecretStorageKey` * `ISecretStorageKeyInfo` -> `SecretStorage.SecretStorageKeyDescription` Again, same thing * `IPassphraseInfo` -> `SecretStorage.PassphraseInfo` * Remove unused import restriction exceptions
2024-03-22 12:28:13 +00:00
function makeInputToKey(
keyInfo: SecretStorage.SecretStorageKeyDescription,
): (keyParams: KeyParams) => Promise<Uint8Array> {
Enable `@typescript-eslint/explicit-function-return-type` in /src (#9788) * Enable `@typescript-eslint/explicit-member-accessibility` on /src * Prettier * Enable `@typescript-eslint/explicit-function-return-type` in /src * Fix types * tsc strict fixes * Delint * Fix test * Fix bad merge
2023-01-12 13:25:14 +00:00
return async ({ passphrase, recoveryKey }): Promise<Uint8Array> => {
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
if (passphrase) {
return deriveKey(passphrase, keyInfo.passphrase.salt, keyInfo.passphrase.iterations);
Apply `strictNullChecks` around the codebase (#10302 * Apply `strictNullChecks` around the codebase * Iterate PR
2023-03-07 13:19:18 +00:00
} else if (recoveryKey) {
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
return decodeRecoveryKey(recoveryKey);
}
Apply `strictNullChecks` around the codebase (#10302 * Apply `strictNullChecks` around the codebase * Iterate PR
2023-03-07 13:19:18 +00:00
throw new Error("Invalid input, passphrase or recoveryKey need to be provided");
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
};
}
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
async function getSecretStorageKey({
keys: keyInfos,
}: {
Clean up some references to internal js-sdk classes (#12363) * Fix references to `crypto-api/verification` This is supposed to be an internal module; use the front door instead. * `IRecoveryKey` -> `GeneratedSecretStorageKey` `IRecoveryKey` is just a backwards-compatibility alias for `GeneratedSecretStorageKey` * `ISecretStorageKeyInfo` -> `SecretStorage.SecretStorageKeyDescription` Again, same thing * `IPassphraseInfo` -> `SecretStorage.PassphraseInfo` * Remove unused import restriction exceptions
2024-03-22 12:28:13 +00:00
keys: Record<string, SecretStorage.SecretStorageKeyDescription>;
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
}): Promise<[string, Uint8Array]> {
Use MatrixClientPeg::safeGet for strict typing (#10989)
2023-06-21 16:29:44 +00:00
const cli = MatrixClientPeg.safeGet();
use the default SSSS key if the default is set implements MSC2874
2021-02-11 21:34:15 +00:00
let keyId = await cli.getDefaultSecretStorageKeyId();
Clean up some references to internal js-sdk classes (#12363) * Fix references to `crypto-api/verification` This is supposed to be an internal module; use the front door instead. * `IRecoveryKey` -> `GeneratedSecretStorageKey` `IRecoveryKey` is just a backwards-compatibility alias for `GeneratedSecretStorageKey` * `ISecretStorageKeyInfo` -> `SecretStorage.SecretStorageKeyDescription` Again, same thing * `IPassphraseInfo` -> `SecretStorage.PassphraseInfo` * Remove unused import restriction exceptions
2024-03-22 12:28:13 +00:00
let keyInfo!: SecretStorage.SecretStorageKeyDescription;
use the default SSSS key if the default is set implements MSC2874
2021-02-11 21:34:15 +00:00
if (keyId) {
// use the default SSSS key if set
keyInfo = keyInfos[keyId];
if (!keyInfo) {
fall back to the old method if the default key isn't available
2021-02-24 22:55:27 +00:00
// if the default key is not available, pretend the default key
// isn't set
Conform more code to strict null checking (#10153) * Conform more code to strict null checking * Conform more code to strict null checking * Iterate * Iterate
2023-02-15 13:36:22 +00:00
keyId = null;
use the default SSSS key if the default is set implements MSC2874
2021-02-11 21:34:15 +00:00
}
fall back to the old method if the default key isn't available
2021-02-24 22:55:27 +00:00
}
if (!keyId) {
use the default SSSS key if the default is set implements MSC2874
2021-02-11 21:34:15 +00:00
// if no default SSSS key is set, fall back to a heuristic of using the
// only available key, if only one key is set
const keyInfoEntries = Object.entries(keyInfos);
if (keyInfoEntries.length > 1) {
throw new Error("Multiple storage key requests not implemented");
}
[keyId, keyInfo] = keyInfoEntries[0];
Extract callbacks to a new module
2019-12-05 15:20:30 +00:00
}
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug(`getSecretStorageKey: request for 4S keys [${Object.keys(keyInfos)}]: looking for key ${keyId}`);
Re-add the secret storage key cache
2019-12-11 14:28:02 +00:00
// Check the in-memory cache
Cleanup tasks in SecurityManager/SetupEncryptionStore (#12764) * Remove call to no-op `checkOwnCrossSigningTrust` this is a no-op on rust crypto * inline `SecurityManager.isCachingAllowed` Since https://github.com/matrix-org/matrix-react-sdk/pull/4789, this has just been an obscure way to write a test of a local variable. * Remove unused `CreateSecretStorageOpts.getKeyBackupPassphrase` parameter This is unused on rust crypto (cf https://github.com/matrix-org/matrix-js-sdk/pull/4313)
2024-07-13 10:27:59 +00:00
if (secretStorageBeingAccessed && secretStorageKeys[keyId]) {
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug(`getSecretStorageKey: returning key ${keyId} from cache`);
Add secret storage cache callback to avoid prompts This supplies a cache callback to the JS SDK so that we can be notified if a new storage key is created e.g. by resetting secret storage. This allows it to be supplied automatically in case it's needed in the same user operation, as it is when resetting both secret storage and cross-signing together.
2020-08-28 11:10:17 +00:00
return [keyId, secretStorageKeys[keyId]];
Re-add the secret storage key cache
2019-12-11 14:28:02 +00:00
}
Replace `SecurityCustomisations` with `CryptoSetupExtension` (#12342) * Changed call sites from customisations/security to ModuleRunner.extensions * Updated depenndecy and added tests * Fixed style and formatting with prettier * Fix according to Element PR comments * Fixing issues raised in PR review * Removed commented code. Improved encapsulation. Removed noisy logging * Improved language of comment about calling the factory * Refactor to get better encapsulation * Find a better name. Provide explicit reset function. Provide more TSDoc * Simplify mock for cryptoSetup, and add assertion for exception message. * Remove unused className property. Adjust TSDoc comments * Fix linting and code style issues * Added test to ensure we canregister anduse experimental extensions * Fix linting and code-style issues * Added test to ensure only on registration of experimental extensions * Added test toensure call to getDehydratedDeviceCallback() * Test what happens when there is no implementation * Iterating cryptoSetup tests * Lint/prettier fix * Assert both branches when checking for dehydrationkey callback * Update src/modules/ModuleRunner.ts Language and formatting Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Reset by setting a fresh ExtensionsManager Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Use regular comment instead of TSDoc style comment Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update test/MatrixClientPeg-test.ts No need to extend the base class Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix spelling Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix spelling Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix TSDoc formatting Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Simplify mock setup * Simplified mock and cleaned up a bit * Keeping track of extensions is an implementation detail internal to ExtensionsManager. Language and punctuation * Addressed issues and comments from PR review * Update src/modules/ModuleRunner.ts Keep the flags to track implementations as direct properties Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Fix flattening of implementation map * Update src/modules/ModuleRunner.ts Fix whitespace Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-04-12 15:15:17 +00:00
const keyFromCustomisations = ModuleRunner.instance.extensions.cryptoSetup.getSecretStorageKey();
Add security customisation points This adds various customisations point in the app for security related decisions. By default, these do nothing, but would be customised at the app level via module replacement (so that no changes are needed here in the SDK). Fixes https://github.com/vector-im/element-web/issues/15350
2020-10-08 15:35:17 +00:00
if (keyFromCustomisations) {
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.log("getSecretStorageKey: Using secret storage key from CryptoSetupExtension");
Add security customisation points This adds various customisations point in the app for security related decisions. By default, these do nothing, but would be customised at the app level via module replacement (so that no changes are needed here in the SDK). Fixes https://github.com/vector-im/element-web/issues/15350
2020-10-08 15:35:17 +00:00
cacheSecretStorageKey(keyId, keyInfo, keyFromCustomisations);
return [keyId, keyFromCustomisations];
}
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("getSecretStorageKey: prompting user for key");
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
const inputToKey = makeInputToKey(keyInfo);
Remove Piwik support (#8835) * Remove all mentions of Piwik * Kill off all consumer of the old Piwik Analytics module * Simplify ModalManager interface * i18n * Attempt to fix old e2e tests * Remove unused component * Iterate PR
2022-06-14 16:51:51 +00:00
const { finished } = Modal.createDialog(
Use private key check to provide feedback
2019-12-06 17:54:00 +00:00
AccessSecretStorageDialog,
confirm to close the passphrase dialog if it was done by backgroundClick as it is easy to do by accident
2020-02-06 12:11:24 +00:00
/* props= */
Use private key check to provide feedback
2019-12-06 17:54:00 +00:00
{
Add secret storage cache callback to avoid prompts This supplies a cache callback to the JS SDK so that we can be notified if a new storage key is created e.g. by resetting secret storage. This allows it to be supplied automatically in case it's needed in the same user operation, as it is when resetting both secret storage and cross-signing together.
2020-08-28 11:10:17 +00:00
keyInfo,
Enable `@typescript-eslint/explicit-function-return-type` in /src (#9788) * Enable `@typescript-eslint/explicit-member-accessibility` on /src * Prettier * Enable `@typescript-eslint/explicit-function-return-type` in /src * Fix types * tsc strict fixes * Delint * Fix test * Fix bad merge
2023-01-12 13:25:14 +00:00
checkPrivateKey: async (input: KeyParams): Promise<boolean> => {
Use private key check to provide feedback
2019-12-06 17:54:00 +00:00
const key = await inputToKey(input);
Use MatrixClientPeg::safeGet for strict typing (#10989)
2023-06-21 16:29:44 +00:00
return MatrixClientPeg.safeGet().checkSecretStorageKey(key, keyInfo);
Use private key check to provide feedback
2019-12-06 17:54:00 +00:00
},
},
Conform more code to strict null checking (#10153) * Conform more code to strict null checking * Conform more code to strict null checking * Iterate * Iterate
2023-02-15 13:36:22 +00:00
/* className= */ undefined,
confirm to close the passphrase dialog if it was done by backgroundClick as it is easy to do by accident
2020-02-06 12:11:24 +00:00
/* isPriorityModal= */ false,
/* isStaticModal= */ false,
/* options= */ {
Enable `@typescript-eslint/explicit-function-return-type` in /src (#9788) * Enable `@typescript-eslint/explicit-member-accessibility` on /src * Prettier * Enable `@typescript-eslint/explicit-function-return-type` in /src * Fix types * tsc strict fixes * Delint * Fix test * Fix bad merge
2023-01-12 13:25:14 +00:00
onBeforeClose: async (reason): Promise<boolean> => {
differentiate dismiss dialog based on name passed from js-sdk also make dialog a bit nicer with more descriptive button
2020-02-06 15:51:02 +00:00
if (reason === "backgroundClick") {
New copy on passphrase cancel dialog
2020-07-06 14:26:40 +00:00
return confirmToDismiss();
confirm to close the passphrase dialog if it was done by backgroundClick as it is easy to do by accident
2020-02-06 12:11:24 +00:00
}
differentiate dismiss dialog based on name passed from js-sdk also make dialog a bit nicer with more descriptive button
2020-02-06 15:51:02 +00:00
return true;
confirm to close the passphrase dialog if it was done by backgroundClick as it is easy to do by accident
2020-02-06 12:11:24 +00:00
},
},
Extract callbacks to a new module
2019-12-05 15:20:30 +00:00
);
Apply corrections identified by SonarQube (#8457)
2022-05-03 21:04:37 +00:00
const [keyParams] = await finished;
if (!keyParams) {
Log exceptions from accessSecretStorage Rather than ignoring everything assuming the user cancelled
2020-01-31 10:35:05 +00:00
throw new AccessCancelledError();
Extract callbacks to a new module
2019-12-05 15:20:30 +00:00
}
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("getSecretStorageKey: got key from user");
Apply corrections identified by SonarQube (#8457)
2022-05-03 21:04:37 +00:00
const key = await inputToKey(keyParams);
Re-add the secret storage key cache
2019-12-11 14:28:02 +00:00
// Save to cache to avoid future prompts in the current session
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
cacheSecretStorageKey(keyId, keyInfo, key);
Add secret storage cache callback to avoid prompts This supplies a cache callback to the JS SDK so that we can be notified if a new storage key is created e.g. by resetting secret storage. This allows it to be supplied automatically in case it's needed in the same user operation, as it is when resetting both secret storage and cross-signing together.
2020-08-28 11:10:17 +00:00
return [keyId, key];
}
Clean up some references to internal js-sdk classes (#12363) * Fix references to `crypto-api/verification` This is supposed to be an internal module; use the front door instead. * `IRecoveryKey` -> `GeneratedSecretStorageKey` `IRecoveryKey` is just a backwards-compatibility alias for `GeneratedSecretStorageKey` * `ISecretStorageKeyInfo` -> `SecretStorage.SecretStorageKeyDescription` Again, same thing * `IPassphraseInfo` -> `SecretStorage.PassphraseInfo` * Remove unused import restriction exceptions
2024-03-22 12:28:13 +00:00
function cacheSecretStorageKey(
keyId: string,
keyInfo: SecretStorage.SecretStorageKeyDescription,
key: Uint8Array,
): void {
Cleanup tasks in SecurityManager/SetupEncryptionStore (#12764) * Remove call to no-op `checkOwnCrossSigningTrust` this is a no-op on rust crypto * inline `SecurityManager.isCachingAllowed` Since https://github.com/matrix-org/matrix-react-sdk/pull/4789, this has just been an obscure way to write a test of a local variable. * Remove unused `CreateSecretStorageOpts.getKeyBackupPassphrase` parameter This is unused on rust crypto (cf https://github.com/matrix-org/matrix-js-sdk/pull/4313)
2024-07-13 10:27:59 +00:00
if (secretStorageBeingAccessed) {
Add secret storage cache callback to avoid prompts This supplies a cache callback to the JS SDK so that we can be notified if a new storage key is created e.g. by resetting secret storage. This allows it to be supplied automatically in case it's needed in the same user operation, as it is when resetting both secret storage and cross-signing together.
2020-08-28 11:10:17 +00:00
secretStorageKeys[keyId] = key;
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
secretStorageKeyInfo[keyId] = keyInfo;
Only allow key caching inside the access helper
2019-12-12 15:34:01 +00:00
}
}
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
export const crossSigningCallbacks: ICryptoCallbacks = {
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
getSecretStorageKey,
Add secret storage cache callback to avoid prompts This supplies a cache callback to the JS SDK so that we can be notified if a new storage key is created e.g. by resetting secret storage. This allows it to be supplied automatically in case it's needed in the same user operation, as it is when resetting both secret storage and cross-signing together.
2020-08-28 11:10:17 +00:00
cacheSecretStorageKey,
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
};
Element-R: fix repeated requests to enter 4S key during cross-signing reset (#12059) * Remove redundant `forceReset` parameter This was always true, so let's get rid of it. Also some function renames. * Factor out new `withSecretStorageKeyCache` helper ... so that we can use the cache without the whole of `accessSecretStorage`. * Cache secret storage key during cross-signing reset * Playwright test for resetting cross-signing * CrossSigningPanel: Silence annoying react warnings React complains if we don't include an explicit `tbody`. * Simple unit test of reset button
2023-12-15 14:59:36 +00:00
/**
* Carry out an operation that may require multiple accesses to secret storage, caching the key.
*
* Use this helper to wrap an operation that may require multiple accesses to secret storage; the user will be prompted
* to enter the 4S key or passphrase on the first access, and the key will be cached for the rest of the operation.
*
* @param func - The operation to be wrapped.
*/
export async function withSecretStorageKeyCache<T>(func: () => Promise<T>): Promise<T> {
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("SecurityManager: enabling 4S key cache");
Element-R: fix repeated requests to enter 4S key during cross-signing reset (#12059) * Remove redundant `forceReset` parameter This was always true, so let's get rid of it. Also some function renames. * Factor out new `withSecretStorageKeyCache` helper ... so that we can use the cache without the whole of `accessSecretStorage`. * Cache secret storage key during cross-signing reset * Playwright test for resetting cross-signing * CrossSigningPanel: Silence annoying react warnings React complains if we don't include an explicit `tbody`. * Simple unit test of reset button
2023-12-15 14:59:36 +00:00
secretStorageBeingAccessed = true;
try {
return await func();
} finally {
// Clear secret storage key cache now that work is complete
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("SecurityManager: disabling 4S key cache");
Element-R: fix repeated requests to enter 4S key during cross-signing reset (#12059) * Remove redundant `forceReset` parameter This was always true, so let's get rid of it. Also some function renames. * Factor out new `withSecretStorageKeyCache` helper ... so that we can use the cache without the whole of `accessSecretStorage`. * Cache secret storage key during cross-signing reset * Playwright test for resetting cross-signing * CrossSigningPanel: Silence annoying react warnings React complains if we don't include an explicit `tbody`. * Simple unit test of reset button
2023-12-15 14:59:36 +00:00
secretStorageBeingAccessed = false;
Cleanup tasks in SecurityManager/SetupEncryptionStore (#12764) * Remove call to no-op `checkOwnCrossSigningTrust` this is a no-op on rust crypto * inline `SecurityManager.isCachingAllowed` Since https://github.com/matrix-org/matrix-react-sdk/pull/4789, this has just been an obscure way to write a test of a local variable. * Remove unused `CreateSecretStorageOpts.getKeyBackupPassphrase` parameter This is unused on rust crypto (cf https://github.com/matrix-org/matrix-js-sdk/pull/4313)
2024-07-13 10:27:59 +00:00
secretStorageKeys = {};
secretStorageKeyInfo = {};
Element-R: fix repeated requests to enter 4S key during cross-signing reset (#12059) * Remove redundant `forceReset` parameter This was always true, so let's get rid of it. Also some function renames. * Factor out new `withSecretStorageKeyCache` helper ... so that we can use the cache without the whole of `accessSecretStorage`. * Cache secret storage key during cross-signing reset * Playwright test for resetting cross-signing * CrossSigningPanel: Silence annoying react warnings React complains if we don't include an explicit `tbody`. * Simple unit test of reset button
2023-12-15 14:59:36 +00:00
}
}
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
/**
* This helper should be used whenever you need to access secret storage. It
* ensures that secret storage (and also cross-signing since they each depend on
* each other in a cycle of sorts) have been bootstrapped before running the
* provided function.
*
* Bootstrapping secret storage may take one of these paths:
* 1. Create secret storage from a passphrase and store cross-signing keys
* in secret storage.
* 2. Access existing secret storage by requesting passphrase and accessing
* cross-signing keys as needed.
* 3. All keys are loaded and there's nothing to do.
*
* Additionally, the secret storage keys are cached during the scope of this function
* to ensure the user is prompted only once for their secret storage
Finish sentence in accessSecretStorage docs
2020-01-03 13:45:52 +00:00
* passphrase. The cache is then cleared once the provided function completes.
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
*
* @param {Function} [func] An operation to perform once secret storage has been
* bootstrapped. Optional.
Revert "Use recovery keys over passphrases"
2020-06-18 08:35:11 +00:00
* @param {bool} [forceReset] Reset secret storage even if it's already set up
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
*/
Revert "Set up key backup using non-deprecated APIs (#12005)" (#12102)
2024-01-04 13:11:28 +00:00
export async function accessSecretStorage(func = async (): Promise<void> => {}, forceReset = false): Promise<void> {
await withSecretStorageKeyCache(() => doAccessSecretStorage(func, forceReset));
Element-R: fix repeated requests to enter 4S key during cross-signing reset (#12059) * Remove redundant `forceReset` parameter This was always true, so let's get rid of it. Also some function renames. * Factor out new `withSecretStorageKeyCache` helper ... so that we can use the cache without the whole of `accessSecretStorage`. * Cache secret storage key during cross-signing reset * Playwright test for resetting cross-signing * CrossSigningPanel: Silence annoying react warnings React complains if we don't include an explicit `tbody`. * Simple unit test of reset button
2023-12-15 14:59:36 +00:00
}
/** Helper for {@link #accessSecretStorage} */
Set up key backup using non-deprecated APIs (2nd take) (#12098) * Ensure backup settings in playwright * Fix verification by pass causing backup reset * fix force backup setup by default * fix test * clarify when we need to bootstrap * jslint * post merge fix * post rebase missing files * fix bad merge * update test * Fix import * test user forgot passkey * better usage of locator * fix snapshot * remove getDialogByTitle * Update src/async-components/views/dialogs/security/CreateKeyBackupDialog.tsx Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * unneeded permission * code review * cleaning --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-01-10 10:34:03 +00:00
async function doAccessSecretStorage(func: () => Promise<void>, forceReset: boolean): Promise<void> {
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
try {
Use MatrixClientPeg::safeGet for strict typing (#10989)
2023-06-21 16:29:44 +00:00
const cli = MatrixClientPeg.safeGet();
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
const crypto = cli.getCrypto();
if (!crypto) {
throw new Error("End-to-end encryption is disabled - unable to access secret storage.");
}
let createNew = false;
if (forceReset) {
logger.debug("accessSecretStorage: resetting 4S");
createNew = true;
} else if (!(await cli.secretStorage.hasKey())) {
logger.debug("accessSecretStorage: no 4S key configured, creating a new one");
createNew = true;
}
if (createNew) {
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
// This dialog calls bootstrap itself after guiding the user through
// passphrase creation.
Remove Piwik support (#8835) * Remove all mentions of Piwik * Kill off all consumer of the old Piwik Analytics module * Simplify ModalManager interface * i18n * Attempt to fix old e2e tests * Remove unused component * Iterate PR
2022-06-14 16:51:51 +00:00
const { finished } = Modal.createDialogAsync(
Convert `/src/async-components/views/dialogs/security` to TS (#6923) * Convert RecoveryMethodRemovedDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert NewRecoveryMethodDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert ImportE2eKeysDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert ExportE2eKeysDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert CreateSecretStorageDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert CreateKeyBackupDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Fix types This is somewhat hacky though I don't know of a better way to do this Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
2021-10-23 03:32:16 +00:00
import("./async-components/views/dialogs/security/CreateSecretStorageDialog") as unknown as Promise<
Properly type Modal props to ensure useful typescript checking (#10238 * Properly type Modal props to ensure useful typescript checking * delint * Iterate * Iterate * Fix modal.close loop * Iterate * Fix tests * Add comment * Fix test
2023-02-28 10:31:48 +00:00
typeof CreateSecretStorageDialog
Convert `/src/async-components/views/dialogs/security` to TS (#6923) * Convert RecoveryMethodRemovedDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert NewRecoveryMethodDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert ImportE2eKeysDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert ExportE2eKeysDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert CreateSecretStorageDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Convert CreateKeyBackupDialog to TS Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com> * Fix types This is somewhat hacky though I don't know of a better way to do this Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
2021-10-23 03:32:16 +00:00
>,
Button to reset cross-signing and SSSS keys
2020-02-07 14:55:01 +00:00
{
Rename reset secret storage prop The bare word `force` has bothered me, so this adds a tiny amount more meaning.
2020-08-27 12:50:50 +00:00
forceReset,
Button to reset cross-signing and SSSS keys
2020-02-07 14:55:01 +00:00
},
Conform more code to strict null checking (#10153) * Conform more code to strict null checking * Conform more code to strict null checking * Iterate * Iterate
2023-02-15 13:36:22 +00:00
undefined,
Enforce Secure Backup completion when requested by HS This removes all buttons to escape the Secure Backup setup flow when the matching `.well-known` setting is set by homeserver. Part of https://github.com/vector-im/element-web/issues/14954
2020-08-14 17:06:35 +00:00
/* priority = */ false,
/* static = */ true,
/* options = */ {
Enable `@typescript-eslint/explicit-function-return-type` in /src (#9788) * Enable `@typescript-eslint/explicit-member-accessibility` on /src * Prettier * Enable `@typescript-eslint/explicit-function-return-type` in /src * Fix types * tsc strict fixes * Delint * Fix test * Fix bad merge
2023-01-12 13:25:14 +00:00
onBeforeClose: async (reason): Promise<boolean> => {
Enforce Secure Backup completion when requested by HS This removes all buttons to escape the Secure Backup setup flow when the matching `.well-known` setting is set by homeserver. Part of https://github.com/vector-im/element-web/issues/14954
2020-08-14 17:06:35 +00:00
// If Secure Backup is required, you cannot leave the modal.
if (reason === "backgroundClick") {
Eliminate the use of MatrixClientPeg in utils (#10910)
2023-05-23 15:24:12 +00:00
return !isSecureBackupRequired(cli);
Enforce Secure Backup completion when requested by HS This removes all buttons to escape the Secure Backup setup flow when the matching `.well-known` setting is set by homeserver. Part of https://github.com/vector-im/element-web/issues/14954
2020-08-14 17:06:35 +00:00
}
return true;
},
Button to reset cross-signing and SSSS keys
2020-02-07 14:55:01 +00:00
},
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
);
const [confirmed] = await finished;
if (!confirmed) {
throw new Error("Secret storage creation canceled");
}
} else {
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("accessSecretStorage: bootstrapCrossSigning");
Set up key backup using non-deprecated APIs (2nd take) (#12098) * Ensure backup settings in playwright * Fix verification by pass causing backup reset * fix force backup setup by default * fix test * clarify when we need to bootstrap * jslint * post merge fix * post rebase missing files * fix bad merge * update test * Fix import * test user forgot passkey * better usage of locator * fix snapshot * remove getDialogByTitle * Update src/async-components/views/dialogs/security/CreateKeyBackupDialog.tsx Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * unneeded permission * code review * cleaning --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-01-10 10:34:03 +00:00
await crypto.bootstrapCrossSigning({
Enable `@typescript-eslint/explicit-function-return-type` in /src (#9788) * Enable `@typescript-eslint/explicit-member-accessibility` on /src * Prettier * Enable `@typescript-eslint/explicit-function-return-type` in /src * Fix types * tsc strict fixes * Delint * Fix test * Fix bad merge
2023-01-12 13:25:14 +00:00
authUploadDeviceSigningKeys: async (makeRequest): Promise<void> => {
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("accessSecretStorage: performing UIA to upload cross-signing keys");
Remove Piwik support (#8835) * Remove all mentions of Piwik * Kill off all consumer of the old Piwik Analytics module * Simplify ModalManager interface * i18n * Attempt to fix old e2e tests * Remove unused component * Iterate PR
2022-06-14 16:51:51 +00:00
const { finished } = Modal.createDialog(InteractiveAuthDialog, {
Migrate more strings to translation keys (#11651)
2023-09-22 15:39:40 +00:00
title: _t("encryption|bootstrap_title"),
Remove Piwik support (#8835) * Remove all mentions of Piwik * Kill off all consumer of the old Piwik Analytics module * Simplify ModalManager interface * i18n * Attempt to fix old e2e tests * Remove unused component * Iterate PR
2022-06-14 16:51:51 +00:00
matrixClient: cli,
makeRequest,
});
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
const [confirmed] = await finished;
if (!confirmed) {
throw new Error("Cross-signing key upload auth canceled");
}
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("accessSecretStorage: Cross-signing key upload successful");
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
},
Migrate to new, separate APIs for cross-signing and secret storage This migrates to the new JS SDK APIs, which now use separate paths for cross-signing and secret storage setup. There should be no functional change here. Part of https://github.com/vector-im/element-web/issues/13895
2020-08-27 12:41:03 +00:00
});
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("accessSecretStorage: bootstrapSecretStorage");
Cleanup tasks in SecurityManager/SetupEncryptionStore (#12764) * Remove call to no-op `checkOwnCrossSigningTrust` this is a no-op on rust crypto * inline `SecurityManager.isCachingAllowed` Since https://github.com/matrix-org/matrix-react-sdk/pull/4789, this has just been an obscure way to write a test of a local variable. * Remove unused `CreateSecretStorageOpts.getKeyBackupPassphrase` parameter This is unused on rust crypto (cf https://github.com/matrix-org/matrix-js-sdk/pull/4313)
2024-07-13 10:27:59 +00:00
await crypto.bootstrapSecretStorage({});
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
const keyId = Object.keys(secretStorageKeys)[0];
add a feature flag for dehydration
2020-10-02 01:41:03 +00:00
if (keyId && SettingsStore.getValue("feature_dehydration")) {
Convert `src/SecurityManager.js` to TypeScript This includes a few small API tweaks as well, only in cases where TS revealed we were doing something confusing or wrong. Part of https://github.com/vector-im/element-web/issues/15350
2020-10-09 15:59:56 +00:00
let dehydrationKeyInfo = {};
if (secretStorageKeyInfo[keyId] && secretStorageKeyInfo[keyId].passphrase) {
dehydrationKeyInfo = { passphrase: secretStorageKeyInfo[keyId].passphrase };
}
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.log("accessSecretStorage: Setting dehydration key");
add a feature flag for dehydration
2020-10-02 01:41:03 +00:00
await cli.setDehydrationKey(secretStorageKeys[keyId], dehydrationKeyInfo, "Backup device");
Add security customisation points This adds various customisations point in the app for security related decisions. By default, these do nothing, but would be customised at the app level via module replacement (so that no changes are needed here in the SDK). Fixes https://github.com/vector-im/element-web/issues/15350
2020-10-08 15:35:17 +00:00
} else if (!keyId) {
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.warn("accessSecretStorage: Not setting dehydration key: no SSSS key found");
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
} else {
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.log("accessSecretStorage: Not setting dehydration key: feature disabled");
update to latest js-sdk changes
2020-09-30 04:52:47 +00:00
}
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
}
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.debug("accessSecretStorage: 4S now ready");
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
// `return await` needed here to ensure `finally` block runs after the
// inner operation completes.
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
await func();
logger.debug("accessSecretStorage: operation complete");
Add security customisation points This adds various customisations point in the app for security related decisions. By default, these do nothing, but would be customised at the app level via module replacement (so that no changes are needed here in the SDK). Fixes https://github.com/vector-im/element-web/issues/15350
2020-10-08 15:35:17 +00:00
} catch (e) {
Replace `SecurityCustomisations` with `CryptoSetupExtension` (#12342) * Changed call sites from customisations/security to ModuleRunner.extensions * Updated depenndecy and added tests * Fixed style and formatting with prettier * Fix according to Element PR comments * Fixing issues raised in PR review * Removed commented code. Improved encapsulation. Removed noisy logging * Improved language of comment about calling the factory * Refactor to get better encapsulation * Find a better name. Provide explicit reset function. Provide more TSDoc * Simplify mock for cryptoSetup, and add assertion for exception message. * Remove unused className property. Adjust TSDoc comments * Fix linting and code style issues * Added test to ensure we canregister anduse experimental extensions * Fix linting and code-style issues * Added test to ensure only on registration of experimental extensions * Added test toensure call to getDehydratedDeviceCallback() * Test what happens when there is no implementation * Iterating cryptoSetup tests * Lint/prettier fix * Assert both branches when checking for dehydrationkey callback * Update src/modules/ModuleRunner.ts Language and formatting Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Reset by setting a fresh ExtensionsManager Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Use regular comment instead of TSDoc style comment Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update test/MatrixClientPeg-test.ts No need to extend the base class Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix spelling Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix spelling Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Update src/modules/ModuleRunner.ts Fix TSDoc formatting Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Simplify mock setup * Simplified mock and cleaned up a bit * Keeping track of extensions is an implementation detail internal to ExtensionsManager. Language and punctuation * Addressed issues and comments from PR review * Update src/modules/ModuleRunner.ts Keep the flags to track implementations as direct properties Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Fix flattening of implementation map * Update src/modules/ModuleRunner.ts Fix whitespace Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --------- Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-04-12 15:15:17 +00:00
ModuleRunner.instance.extensions.cryptoSetup.catchAccessSecretStorageError(e as Error);
Add logging to encryption setup (#12765) * Add logging to `getSecretStorageKey` * Replace call to deprecated MatrixClient.hasSecretStorageKey * Add/improve logging in `accessSecretStorage` * Add/improve logging in SetupEncryptionStore.usePassPhrase
2024-07-13 12:36:45 +00:00
logger.error("accessSecretStorage: error during operation", e);
Tweak security key error handling This reworks error handling of "use security key" so we stop the overall operation when cancelling access (instead of just the immediate prompt). In addition, flowing the error to outer catch block also handles resetting state to re-display the initial verification choices. Fixes https://github.com/vector-im/element-web/issues/15584
2021-03-26 13:01:30 +00:00
// Re-throw so that higher level logic can abort as needed
throw e;
Add `accessSecretStorage` helper with common flow setup This moves the details of dialogs that may be needed when accessing secret storage to centralised helper. In addition, this clears the secret storage key cache so that keys are only live for a single operation.
2019-12-11 15:05:03 +00:00
}
}
Reference in a new issue Copy permalink