Use cross-signing verification only for own devices
The device verification checks are slightly more nuanced: we want to use stricter cross-signing checks for your own devices to encourage everyone to trust their devices via cross-signing so that other users can in turn trust them. However, for other users, it's okay to use the looser verification check that also includes locally verified devices.
This commit is contained in:
parent
a7231d7336
commit
b3d56b378e
1 changed files with 22 additions and 3 deletions
|
@ -64,10 +64,17 @@ const _getE2EStatus = (cli, userId, devices) => {
|
||||||
const hasUnverifiedDevice = devices.some((device) => device.isUnverified());
|
const hasUnverifiedDevice = devices.some((device) => device.isUnverified());
|
||||||
return hasUnverifiedDevice ? "warning" : "verified";
|
return hasUnverifiedDevice ? "warning" : "verified";
|
||||||
}
|
}
|
||||||
|
const isMe = userId === cli.getUserId();
|
||||||
const userVerified = cli.checkUserTrust(userId).isCrossSigningVerified();
|
const userVerified = cli.checkUserTrust(userId).isCrossSigningVerified();
|
||||||
const allDevicesVerified = devices.every(device => {
|
const allDevicesVerified = devices.every(device => {
|
||||||
const { deviceId } = device;
|
const { deviceId } = device;
|
||||||
return cli.checkDeviceTrust(userId, deviceId).isCrossSigningVerified();
|
// For your own devices, we use the stricter check of cross-signing
|
||||||
|
// verification to encourage everyone to trust their own devices via
|
||||||
|
// cross-signing so that other users can then safely trust you.
|
||||||
|
// For other people's devices, the more general verified check that
|
||||||
|
// includes locally verified devices can be used.
|
||||||
|
const deviceTrust = cli.checkDeviceTrust(userId, deviceId);
|
||||||
|
return isMe ? deviceTrust.isCrossSigningVerified() : deviceTrust.isVerified();
|
||||||
});
|
});
|
||||||
if (allDevicesVerified) {
|
if (allDevicesVerified) {
|
||||||
return userVerified ? "verified" : "normal";
|
return userVerified ? "verified" : "normal";
|
||||||
|
@ -128,8 +135,14 @@ function verifyUser(user) {
|
||||||
|
|
||||||
function DeviceItem({userId, device}) {
|
function DeviceItem({userId, device}) {
|
||||||
const cli = useContext(MatrixClientContext);
|
const cli = useContext(MatrixClientContext);
|
||||||
|
const isMe = userId === cli.getUserId();
|
||||||
const deviceTrust = cli.checkDeviceTrust(userId, device.deviceId);
|
const deviceTrust = cli.checkDeviceTrust(userId, device.deviceId);
|
||||||
const isVerified = SettingsStore.isFeatureEnabled("feature_cross_signing") ?
|
// For your own devices, we use the stricter check of cross-signing
|
||||||
|
// verification to encourage everyone to trust their own devices via
|
||||||
|
// cross-signing so that other users can then safely trust you.
|
||||||
|
// For other people's devices, the more general verified check that
|
||||||
|
// includes locally verified devices can be used.
|
||||||
|
const isVerified = (isMe && SettingsStore.isFeatureEnabled("feature_cross_signing")) ?
|
||||||
deviceTrust.isCrossSigningVerified() :
|
deviceTrust.isCrossSigningVerified() :
|
||||||
deviceTrust.isVerified();
|
deviceTrust.isVerified();
|
||||||
|
|
||||||
|
@ -172,6 +185,7 @@ function DevicesSection({devices, userId, loading}) {
|
||||||
if (devices === null) {
|
if (devices === null) {
|
||||||
return _t("Unable to load device list");
|
return _t("Unable to load device list");
|
||||||
}
|
}
|
||||||
|
const isMe = userId === cli.getUserId();
|
||||||
const deviceTrusts = devices.map(d => cli.checkDeviceTrust(userId, d.deviceId));
|
const deviceTrusts = devices.map(d => cli.checkDeviceTrust(userId, d.deviceId));
|
||||||
|
|
||||||
const unverifiedDevices = [];
|
const unverifiedDevices = [];
|
||||||
|
@ -180,7 +194,12 @@ function DevicesSection({devices, userId, loading}) {
|
||||||
for (let i = 0; i < devices.length; ++i) {
|
for (let i = 0; i < devices.length; ++i) {
|
||||||
const device = devices[i];
|
const device = devices[i];
|
||||||
const deviceTrust = deviceTrusts[i];
|
const deviceTrust = deviceTrusts[i];
|
||||||
const isVerified = SettingsStore.isFeatureEnabled("feature_cross_signing") ?
|
// For your own devices, we use the stricter check of cross-signing
|
||||||
|
// verification to encourage everyone to trust their own devices via
|
||||||
|
// cross-signing so that other users can then safely trust you.
|
||||||
|
// For other people's devices, the more general verified check that
|
||||||
|
// includes locally verified devices can be used.
|
||||||
|
const isVerified = (isMe && SettingsStore.isFeatureEnabled("feature_cross_signing")) ?
|
||||||
deviceTrust.isCrossSigningVerified() :
|
deviceTrust.isCrossSigningVerified() :
|
||||||
deviceTrust.isVerified();
|
deviceTrust.isVerified();
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue