Add in a "verify" slash command to confirm signing keys (#912)
Allows users to send a text string via an alternative channel (like email or SMS) which Riot can leverage to confirm that the signing keys match. Effectively removes the tedium of checking keys until a better mechanism is completed. Signed-off-by: Kit Sczudlo <kit@kitscz.com>
This commit is contained in:
parent
f2e526f1d5
commit
26c8540d03
1 changed files with 54 additions and 1 deletions
|
@ -282,7 +282,60 @@ var commands = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return reject(this.getUsage());
|
return reject(this.getUsage());
|
||||||
})
|
}),
|
||||||
|
|
||||||
|
// Verify a user, device, and pubkey tuple
|
||||||
|
verify: new Command("verify", "<userId> <deviceId> <deviceSigningKey>", function(room_id, args) {
|
||||||
|
if (args) {
|
||||||
|
var matches = args.match(/^(\S+) +(\S+) +(\S+)$/);
|
||||||
|
if (matches) {
|
||||||
|
const userId = matches[1];
|
||||||
|
const deviceId = matches[2];
|
||||||
|
const fingerprint = matches[3];
|
||||||
|
|
||||||
|
const device = MatrixClientPeg.get().getStoredDevice(userId, deviceId);
|
||||||
|
if (!device) {
|
||||||
|
return reject(`Unknown (user, device) pair: (${userId}, ${deviceId})`);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (device.isVerified()) {
|
||||||
|
if (device.getFingerprint() === fingerprint) {
|
||||||
|
return reject(`Device already verified!`);
|
||||||
|
} else {
|
||||||
|
return reject(`WARNING: Device already verified, but keys do NOT MATCH!`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (device.getFingerprint() === fingerprint) {
|
||||||
|
MatrixClientPeg.get().setDeviceVerified(
|
||||||
|
userId, deviceId, true
|
||||||
|
);
|
||||||
|
|
||||||
|
// Tell the user we verified everything!
|
||||||
|
const QuestionDialog = sdk.getComponent("dialogs.QuestionDialog");
|
||||||
|
Modal.createDialog(QuestionDialog, {
|
||||||
|
title: "Verified key",
|
||||||
|
description: (
|
||||||
|
<div>
|
||||||
|
<p>
|
||||||
|
The signing key you provided matches the signing key you received
|
||||||
|
from { userId }'s device { deviceId }. Device marked as verified.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
),
|
||||||
|
hasCancelButton: false,
|
||||||
|
});
|
||||||
|
|
||||||
|
return success();
|
||||||
|
} else {
|
||||||
|
return reject(`WARNING: KEY VERIFICATION FAILED! The signing key for ${userId} and device
|
||||||
|
${deviceId} is "${device.getFingerprint()}" which does not match the provided key
|
||||||
|
"${fingerprint}". This could mean your communications are being intercepted!`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return reject(this.getUsage());
|
||||||
|
}),
|
||||||
};
|
};
|
||||||
|
|
||||||
// helpful aliases
|
// helpful aliases
|
||||||
|
|
Loading…
Reference in a new issue