ElementR: Cross user verification (#11364)

The hard work has been done in previous PRs in the js-sdk, so this is now just a case of updating a few call sites to use the new APIs.
This commit is contained in:
Florian Duros 2023-09-18 18:34:00 +02:00 committed by GitHub
parent e887c6d71f
commit 579b0dd10a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 33 additions and 31 deletions

View file

@ -259,7 +259,7 @@ describe("Cryptography", function () {
}
it("creating a DM should work, being e2e-encrypted / user verification", function (this: CryptoTestContext) {
skipIfRustCrypto();
skipIfRustCrypto(); // needs working event shields
cy.bootstrapCrossSigning(aliceCredentials);
startDMWithBob.call(this);
// send first message
@ -281,7 +281,6 @@ describe("Cryptography", function () {
});
it("should allow verification when there is no existing DM", function (this: CryptoTestContext) {
skipIfRustCrypto();
cy.bootstrapCrossSigning(aliceCredentials);
autoJoin(this.bob);

View file

@ -307,7 +307,7 @@ export default class DeviceListener {
// cross signing isn't enabled - nag to enable it
// There are 3 different toasts for:
if (!(await crypto.getCrossSigningKeyId()) && cli.getStoredCrossSigningForUser(cli.getSafeUserId())) {
if (!(await crypto.getCrossSigningKeyId()) && (await crypto.userHasCrossSigningKeys())) {
// Cross-signing on account but this device doesn't trust the master key (verify this session)
showSetupEncryptionToast(SetupKind.VERIFY_THIS_SESSION);
this.checkKeyBackupStatus();

View file

@ -110,7 +110,7 @@ const EncryptionPanel: React.FC<IProps> = (props: IProps) => {
if (!roomId) {
throw new Error("Unable to create Room for verification");
}
verificationRequest_ = await cli.requestVerificationDM(member.userId, roomId);
verificationRequest_ = await cli.getCrypto()!.requestVerificationDM(member.userId, roomId);
} catch (e) {
console.error("Error starting verification", e);
setRequesting(false);

View file

@ -105,9 +105,15 @@ export const disambiguateDevices = (devices: IDevice[]): void => {
}
};
export const getE2EStatus = async (cli: MatrixClient, userId: string, devices: IDevice[]): Promise<E2EStatus> => {
export const getE2EStatus = async (
cli: MatrixClient,
userId: string,
devices: IDevice[],
): Promise<E2EStatus | undefined> => {
const crypto = cli.getCrypto();
if (!crypto) return undefined;
const isMe = userId === cli.getUserId();
const userTrust = cli.checkUserTrust(userId);
const userTrust = await crypto.getUserVerificationStatus(userId);
if (!userTrust.isCrossSigningVerified()) {
return userTrust.wasCrossSigningVerified() ? E2EStatus.Warning : E2EStatus.Normal;
}
@ -119,7 +125,7 @@ export const getE2EStatus = async (cli: MatrixClient, userId: string, devices: I
// cross-signing so that other users can then safely trust you.
// For other people's devices, the more general verified check that
// includes locally verified devices can be used.
const deviceTrust = await cli.getCrypto()?.getDeviceVerificationStatus(userId, deviceId);
const deviceTrust = await crypto.getDeviceVerificationStatus(userId, deviceId);
return isMe ? !deviceTrust?.crossSigningVerified : !deviceTrust?.isVerified();
});
return anyDeviceUnverified ? E2EStatus.Warning : E2EStatus.Verified;
@ -152,11 +158,7 @@ function useHasCrossSigningKeys(
}
setUpdating(true);
try {
// We call it to populate the user keys and devices
await cli.getCrypto()?.getUserDeviceInfo([member.userId], true);
const xsi = cli.getStoredCrossSigningForUser(member.userId);
const key = xsi && xsi.getId();
return !!key;
return await cli.getCrypto()?.userHasCrossSigningKeys(member.userId, true);
} finally {
setUpdating(false);
}

View file

@ -37,17 +37,15 @@ export async function shieldStatusForRoom(client: MatrixClient, room: Room): Pro
const verified: string[] = [];
const unverified: string[] = [];
members
.filter((userId) => userId !== client.getUserId())
.forEach((userId) => {
(client.checkUserTrust(userId).isCrossSigningVerified() ? verified : unverified).push(userId);
});
for (const userId of members) {
if (userId === client.getUserId()) continue;
const userTrust = await crypto.getUserVerificationStatus(userId);
/* Alarm if any unverified users were verified before. */
for (const userId of unverified) {
if (client.checkUserTrust(userId).wasCrossSigningVerified()) {
/* Alarm if any unverified users were verified before. */
if (userTrust.wasCrossSigningVerified() && !userTrust.isCrossSigningVerified()) {
return E2EStatus.Warning;
}
(userTrust.isCrossSigningVerified() ? verified : unverified).push(userId);
}
/* Check all verified user devices. */

View file

@ -25,7 +25,6 @@ import {
ClientStoppedError,
} from "matrix-js-sdk/src/matrix";
import { logger } from "matrix-js-sdk/src/logger";
import { CrossSigningInfo } from "matrix-js-sdk/src/crypto/CrossSigning";
import { CryptoEvent } from "matrix-js-sdk/src/crypto";
import { IKeyBackupInfo } from "matrix-js-sdk/src/crypto/keybackup";
@ -92,6 +91,7 @@ describe("DeviceListener", () => {
getUserDeviceInfo: jest.fn().mockResolvedValue(new Map()),
isCrossSigningReady: jest.fn().mockResolvedValue(true),
isSecretStorageReady: jest.fn().mockResolvedValue(true),
userHasCrossSigningKeys: jest.fn(),
} as unknown as Mocked<CryptoApi>;
mockClient = getMockClientWithEventEmitter({
isGuest: jest.fn(),
@ -102,7 +102,6 @@ describe("DeviceListener", () => {
isVersionSupported: jest.fn().mockResolvedValue(true),
isInitialSyncComplete: jest.fn().mockReturnValue(true),
getKeyBackupEnabled: jest.fn(),
getStoredCrossSigningForUser: jest.fn(),
waitForClientWellKnown: jest.fn(),
isRoomEncrypted: jest.fn(),
getClientWellKnown: jest.fn(),
@ -324,7 +323,7 @@ describe("DeviceListener", () => {
});
it("shows verify session toast when account has cross signing", async () => {
mockClient!.getStoredCrossSigningForUser.mockReturnValue(new CrossSigningInfo(userId));
mockCrypto!.userHasCrossSigningKeys.mockResolvedValue(true);
await createAndStart();
expect(mockCrypto!.getUserDeviceInfo).toHaveBeenCalled();
@ -335,7 +334,7 @@ describe("DeviceListener", () => {
it("checks key backup status when when account has cross signing", async () => {
mockCrypto!.getCrossSigningKeyId.mockResolvedValue(null);
mockClient!.getStoredCrossSigningForUser.mockReturnValue(new CrossSigningInfo(userId));
mockCrypto!.userHasCrossSigningKeys.mockResolvedValue(true);
await createAndStart();
expect(mockClient!.getKeyBackupEnabled).toHaveBeenCalled();

View file

@ -37,6 +37,7 @@ import {
import { UserTrustLevel } from "matrix-js-sdk/src/crypto/CrossSigning";
import { defer } from "matrix-js-sdk/src/utils";
import { EventEmitter } from "events";
import { UserVerificationStatus } from "matrix-js-sdk/src/crypto-api";
import UserInfo, {
BanToggleButton,
@ -134,6 +135,8 @@ beforeEach(() => {
mockCrypto = mocked({
getDeviceVerificationStatus: jest.fn(),
getUserDeviceInfo: jest.fn(),
userHasCrossSigningKeys: jest.fn().mockResolvedValue(false),
getUserVerificationStatus: jest.fn(),
} as unknown as CryptoApi);
mockClient = mocked({
@ -161,7 +164,6 @@ beforeEach(() => {
setPowerLevel: jest.fn(),
downloadKeys: jest.fn(),
getCrypto: jest.fn().mockReturnValue(mockCrypto),
getStoredCrossSigningForUser: jest.fn(),
} as unknown as MatrixClient);
jest.spyOn(MatrixClientPeg, "get").mockReturnValue(mockClient);
@ -378,6 +380,7 @@ describe("<UserInfo />", () => {
it("renders unverified user info", async () => {
mockClient.checkUserTrust.mockReturnValue(new UserTrustLevel(false, false, false));
mockCrypto.getUserVerificationStatus.mockResolvedValue(new UserVerificationStatus(false, false, false));
renderComponent({ room: mockRoom });
await act(flushPromises);
@ -389,6 +392,7 @@ describe("<UserInfo />", () => {
it("renders verified user info", async () => {
mockClient.checkUserTrust.mockReturnValue(new UserTrustLevel(true, false, false));
mockCrypto.getUserVerificationStatus.mockResolvedValue(new UserVerificationStatus(true, false, false));
renderComponent({ room: mockRoom });
await act(flushPromises);

View file

@ -15,6 +15,7 @@ limitations under the License.
*/
import { MatrixClient, Room } from "matrix-js-sdk/src/matrix";
import { UserVerificationStatus } from "matrix-js-sdk/src/crypto-api";
import { shieldStatusForRoom } from "../../src/utils/ShieldUtils";
import DMRoomMap from "../../src/utils/DMRoomMap";
@ -30,10 +31,8 @@ function mkClient(selfTrust = false) {
getUserDeviceInfo: async (userIds: string[]) => {
return new Map(userIds.map((u) => [u, new Map([["DEVICE", {}]])]));
},
}),
checkUserTrust: (userId: string) => ({
isCrossSigningVerified: () => userId[1] == "T",
wasCrossSigningVerified: () => userId[1] == "T" || userId[1] == "W",
getUserVerificationStatus: async (userId: string): Promise<UserVerificationStatus> =>
new UserVerificationStatus(userId[1] == "T", userId[1] == "T" || userId[1] == "W", false),
}),
} as unknown as MatrixClient;
}
@ -50,8 +49,9 @@ describe("mkClient self-test", function () {
["@TF:h", true],
["@FT:h", false],
["@FF:h", false],
])("behaves well for user trust %s", (userId, trust) => {
expect(mkClient().checkUserTrust(userId).isCrossSigningVerified()).toBe(trust);
])("behaves well for user trust %s", async (userId, trust) => {
const status = await mkClient().getCrypto()?.getUserVerificationStatus(userId);
expect(status!.isCrossSigningVerified()).toBe(trust);
});
test.each([