Merge pull request #4125 from matrix-org/foldleft/12095-insecure-dialog

Show a warning dialog when user indicates a new session wasn't them
This commit is contained in:
Zoe 2020-02-25 15:49:44 +00:00 committed by GitHub
commit 181e06e06d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 1 deletions

View file

@ -23,6 +23,7 @@ import VerificationRequestDialog from './VerificationRequestDialog';
import BaseDialog from './BaseDialog'; import BaseDialog from './BaseDialog';
import DialogButtons from '../elements/DialogButtons'; import DialogButtons from '../elements/DialogButtons';
import {MatrixClientPeg} from "../../../MatrixClientPeg"; import {MatrixClientPeg} from "../../../MatrixClientPeg";
import * as sdk from '../../../index';
@replaceableComponent("views.dialogs.NewSessionReviewDialog") @replaceableComponent("views.dialogs.NewSessionReviewDialog")
export default class NewSessionReviewDialog extends React.PureComponent { export default class NewSessionReviewDialog extends React.PureComponent {
@ -33,7 +34,24 @@ export default class NewSessionReviewDialog extends React.PureComponent {
} }
onCancelClick = () => { onCancelClick = () => {
this.props.onFinished(false); const ErrorDialog = sdk.getComponent("dialogs.ErrorDialog");
Modal.createTrackedDialog("Verification failed", "insecure", ErrorDialog, {
headerImage: require("../../../../res/img/e2e/warning.svg"),
title: _t("Your account is not secure"),
description: <div>
{_t("One of the following may be compromised:")}
<ul>
<li>{_t("Your password")}</li>
<li>{_t("Your homeserver")}</li>
<li>{_t("This session, or the other session")}</li>
<li>{_t("The internet connection either session is using")}</li>
</ul>
<div>
{_t("We recommend you change your password and recovery key in Settings immediately")}
</div>
</div>,
onFinished: () => this.props.onFinished(false),
});
} }
onContinueClick = async () => { onContinueClick = async () => {

View file

@ -42,6 +42,12 @@ export default class UnverifiedSessionToast extends React.PureComponent {
Modal.createTrackedDialog('New Session Review', 'Starting dialog', NewSessionReviewDialog, { Modal.createTrackedDialog('New Session Review', 'Starting dialog', NewSessionReviewDialog, {
userId: MatrixClientPeg.get().getUserId(), userId: MatrixClientPeg.get().getUserId(),
device, device,
onFinished: (r) => {
if (!r) {
/* This'll come back false if the user clicks "this wasn't me" and saw a warning dialog */
this._onLaterClick();
}
},
}, null, /* priority = */ false, /* static = */ true); }, null, /* priority = */ false, /* static = */ true);
}; };

View file

@ -1572,6 +1572,11 @@
"Are you sure you want to sign out?": "Are you sure you want to sign out?", "Are you sure you want to sign out?": "Are you sure you want to sign out?",
"Your homeserver doesn't seem to support this feature.": "Your homeserver doesn't seem to support this feature.", "Your homeserver doesn't seem to support this feature.": "Your homeserver doesn't seem to support this feature.",
"Message edits": "Message edits", "Message edits": "Message edits",
"Your account is not secure": "Your account is not secure",
"Your password": "Your password",
"This session, or the other session": "This session, or the other session",
"The internet connection either session is using": "The internet connection either session is using",
"We recommend you change your password and recovery key in Settings immediately": "We recommend you change your password and recovery key in Settings immediately",
"New session": "New session", "New session": "New session",
"Use this session to verify your new one, granting it access to encrypted messages:": "Use this session to verify your new one, granting it access to encrypted messages:", "Use this session to verify your new one, granting it access to encrypted messages:": "Use this session to verify your new one, granting it access to encrypted messages:",
"If you didnt sign in to this session, your account may be compromised.": "If you didnt sign in to this session, your account may be compromised.", "If you didnt sign in to this session, your account may be compromised.": "If you didnt sign in to this session, your account may be compromised.",