From 3693255cd53f3ca3884561c3ec01946f3f337eaa Mon Sep 17 00:00:00 2001 From: ElementRobot Date: Fri, 31 Mar 2023 09:07:47 +0100 Subject: [PATCH 1/3] Fix detection of encryption for all users in a room (#10487) (#10489) (cherry picked from commit dddef858f1bb26072a24e942df5ad40175bad90d) Co-authored-by: Michael Weimann --- src/createRoom.ts | 17 +++++++---- test/createRoom-test.ts | 67 +++++++++++++++++++++++++++-------------- 2 files changed, 55 insertions(+), 29 deletions(-) diff --git a/src/createRoom.ts b/src/createRoom.ts index 25c7b10fe2..f45df045ec 100644 --- a/src/createRoom.ts +++ b/src/createRoom.ts @@ -398,16 +398,21 @@ export default async function createRoom(opts: IOpts): Promise { export async function canEncryptToAllUsers(client: MatrixClient, userIds: string[]): Promise { try { const usersDeviceMap = await client.downloadKeys(userIds); - // { "@user:host": { "DEVICE": {...}, ... }, ... } - return Object.values(usersDeviceMap).every( - (userDevices) => - // { "DEVICE": {...}, ... } - Object.keys(userDevices).length > 0, - ); + + // There are no devices at all. + if (usersDeviceMap.size === 0) return false; + + for (const devices of usersDeviceMap.values()) { + if (devices.size === 0) { + return false; + } + } } catch (e) { logger.error("Error determining if it's possible to encrypt to all users: ", e); return false; // assume not } + + return true; } // Similar to ensureDMExists but also adds creation content diff --git a/test/createRoom-test.ts b/test/createRoom-test.ts index fc49c5656a..d89ee82ddb 100644 --- a/test/createRoom-test.ts +++ b/test/createRoom-test.ts @@ -147,35 +147,56 @@ describe("createRoom", () => { }); describe("canEncryptToAllUsers", () => { - const trueUser = new Map([ - [ - "@goodUser:localhost", - new Map([ - ["DEV1", {} as unknown as DeviceInfo], - ["DEV2", {} as unknown as DeviceInfo], - ]), - ], + const user1Id = "@user1:example.com"; + const user2Id = "@user2:example.com"; + + const devices = new Map([ + ["DEV1", {} as unknown as DeviceInfo], + ["DEV2", {} as unknown as DeviceInfo], ]); - const falseUser = { - "@badUser:localhost": {}, - }; - let client: Mocked; - beforeEach(() => { - stubClient(); - client = mocked(MatrixClientPeg.get()); + + beforeAll(() => { + client = mocked(stubClient()); }); - it("returns true if all devices have crypto", async () => { - client.downloadKeys.mockResolvedValue(trueUser); - const response = await canEncryptToAllUsers(client, ["@goodUser:localhost"]); - expect(response).toBe(true); + it("should return false if download keys does not return any user", async () => { + client.downloadKeys.mockResolvedValue(new Map()); + const result = await canEncryptToAllUsers(client, [user1Id, user2Id]); + expect(result).toBe(false); }); - it("returns false if not all users have crypto", async () => { - client.downloadKeys.mockResolvedValue({ ...trueUser, ...falseUser }); - const response = await canEncryptToAllUsers(client, ["@goodUser:localhost", "@badUser:localhost"]); - expect(response).toBe(false); + it("should return false if none of the users has a device", async () => { + client.downloadKeys.mockResolvedValue( + new Map([ + [user1Id, new Map()], + [user2Id, new Map()], + ]), + ); + const result = await canEncryptToAllUsers(client, [user1Id, user2Id]); + expect(result).toBe(false); + }); + + it("should return false if some of the users don't have a device", async () => { + client.downloadKeys.mockResolvedValue( + new Map([ + [user1Id, new Map()], + [user2Id, devices], + ]), + ); + const result = await canEncryptToAllUsers(client, [user1Id, user2Id]); + expect(result).toBe(false); + }); + + it("should return true if all users have a device", async () => { + client.downloadKeys.mockResolvedValue( + new Map([ + [user1Id, devices], + [user2Id, devices], + ]), + ); + const result = await canEncryptToAllUsers(client, [user1Id, user2Id]); + expect(result).toBe(true); }); }); From 5a132e42e18341266cac6f3712c84d80f03dfe6e Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Fri, 31 Mar 2023 09:57:40 +0100 Subject: [PATCH 2/3] Prepare changelog for v3.69.1 --- CHANGELOG.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c22e956991..13713b1569 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,15 @@ -Changes in [3.69.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.69.0) (2023-03-28) +Changes in [3.69.1](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.69.1) (2023-03-31) ===================================================================================================== ## 🐛 Bug Fixes - * Changes for matrix-js-sdk v24.0.0 - * Changes for matrix-react-sdk v3.69.0 + * Fix detection of encryption for all users in a room ([\#10487](https://github.com/matrix-org/matrix-react-sdk/pull/10487)). Fixes vector-im/element-web#24995. + +Changes in [3.69.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.69.0) (2023-03-28) +===================================================================================================== + +## 🔒 Security + * Fixes for [CVE-2023-28427](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-28427) / GHSA-mwq8-fjpf-c2gr + * Fixes for [CVE-2023-28103](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-28103) / GHSA-6g43-88cp-w5gv Changes in [3.68.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.68.0) (2023-03-15) ===================================================================================================== From af3e57f9e132d4cb260c47010652bc49671f1955 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Fri, 31 Mar 2023 09:57:42 +0100 Subject: [PATCH 3/3] v3.69.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2eece6f67a..ed887486cd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "matrix-react-sdk", - "version": "3.69.0", + "version": "3.69.1", "description": "SDK for matrix.org using React", "author": "matrix.org", "repository": {