Set up key backup using non-deprecated APIs (#12005)

2023-12-06 17:54:47 +00:00 · 2023-12-06 17:54:47 +00:00 · df11b90fd6
commit df11b90fd6
parent 1ce569bfc2
9 changed files with 198 additions and 34 deletions
--- a/playwright/e2e/crypto/backups.spec.ts
+++ b/playwright/e2e/crypto/backups.spec.ts
@ -0,0 +1,57 @@
 /*
 Copyright 2023 The Matrix.org Foundation C.I.C.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 import { test, expect } from "../../element-web-test";
 test.describe("Backups", () => {
    test.use({
        displayName: "Hanako",
    });
    test("Create, delete and recreate a keys backup", async ({ page, user, app }, workerInfo) => {
        // skipIfLegacyCrypto
        test.skip(
            workerInfo.project.name === "Legacy Crypto",
            "This test only works with Rust crypto. Deleting the backup seems to fail with legacy crypto.",
        );
        // Create a backup
        const tab = await app.settings.openUserSettings("Security & Privacy");
        await expect(tab.getByRole("heading", { name: "Secure Backup" })).toBeVisible();
        await tab.getByRole("button", { name: "Set up", exact: true }).click();
        const dialog = await app.getDialogByTitle("Set up Secure Backup", 60000);
        await dialog.getByRole("button", { name: "Continue", exact: true }).click();
        await expect(dialog.getByRole("heading", { name: "Save your Security Key" })).toBeVisible();
        await dialog.getByRole("button", { name: "Copy", exact: true }).click();
        const securityKey = await app.getClipboard();
        await dialog.getByRole("button", { name: "Continue", exact: true }).click();
        await expect(dialog.getByRole("heading", { name: "Secure Backup successful" })).toBeVisible();
        await dialog.getByRole("button", { name: "Done", exact: true }).click();
        // Delete it
        await app.settings.openUserSettings("Security & Privacy");
        await expect(tab.getByRole("heading", { name: "Secure Backup" })).toBeVisible();
        await tab.getByRole("button", { name: "Delete Backup", exact: true }).click();
        await dialog.getByTestId("dialog-primary-button").click(); // Click "Delete Backup"
        // Create another
        await tab.getByRole("button", { name: "Set up", exact: true }).click();
        dialog.getByLabel("Security Key").fill(securityKey);
        await dialog.getByRole("button", { name: "Continue", exact: true }).click();
        await expect(dialog.getByRole("heading", { name: "Success!" })).toBeVisible();
        await dialog.getByRole("button", { name: "OK", exact: true }).click();
    });
 });
--- a/playwright/element-web-test.ts
+++ b/playwright/element-web-test.ts
@ -238,3 +238,7 @@ export const expect = baseExpect.extend({
        return { pass: true, message: () => "", name: "toMatchScreenshot" };
    },
 });
 test.use({
    permissions: ["clipboard-read"],
 });
--- a/playwright/pages/ElementAppPage.ts
+++ b/playwright/pages/ElementAppPage.ts
@ -50,6 +50,19 @@ export class ElementAppPage {
        return this.settings.closeDialog();
    }
    public async getClipboard(): Promise<string> {
        return await this.page.evaluate(() => navigator.clipboard.readText());
    }
    /**
     * Find an open dialog by its title
     */
    public async getDialogByTitle(title: string, timeout = 5000): Promise<Locator> {
        const dialog = this.page.locator(".mx_Dialog");
        await dialog.getByRole("heading", { name: title }).waitFor({ timeout });
        return dialog;
    }
    /**
     * Opens the given room by name. The room must be visible in the
     * room list, but the room list may be folded horizontally, and the
--- a/src/SecurityManager.ts
+++ b/src/SecurityManager.ts
@ -319,8 +319,13 @@ export async function promptForBackupPassphrase(): Promise<Uint8Array> {
 * @param {Function} [func] An operation to perform once secret storage has been
 * bootstrapped. Optional.
 * @param {bool} [forceReset] Reset secret storage even if it's already set up
 * @param {bool} [setupNewKeyBackup] Reset secret storage even if it's already set up
 */
-export async function accessSecretStorage(func = async (): Promise<void> => {}, forceReset = false): Promise<void> {
+export async function accessSecretStorage(
    func = async (): Promise<void> => {},
    forceReset = false,
    setupNewKeyBackup = true,
 ): Promise<void> {
    secretStorageBeingAccessed = true;
    try {
        const cli = MatrixClientPeg.safeGet();
@ -352,7 +357,12 @@ export async function accessSecretStorage(func = async (): Promise<void> => {},
                throw new Error("Secret storage creation canceled");
            }
        } else {
-            await cli.bootstrapCrossSigning({
+            const crypto = cli.getCrypto();
            if (!crypto) {
                throw new Error("End-to-end encryption is disabled - unable to access secret storage.");
            }
            await crypto.bootstrapCrossSigning({
                authUploadDeviceSigningKeys: async (makeRequest): Promise<void> => {
                    const { finished } = Modal.createDialog(InteractiveAuthDialog, {
                        title: _t("encryption|bootstrap_title"),
@ -365,8 +375,9 @@ export async function accessSecretStorage(func = async (): Promise<void> => {},
                    }
                },
            });
-            await cli.bootstrapSecretStorage({
+            await crypto.bootstrapSecretStorage({
                getKeyBackupPassphrase: promptForBackupPassphrase,
                setupNewKeyBackup,
            });
            const keyId = Object.keys(secretStorageKeys)[0];
--- a/src/async-components/views/dialogs/security/CreateKeyBackupDialog.tsx
+++ b/src/async-components/views/dialogs/security/CreateKeyBackupDialog.tsx
@ -17,7 +17,6 @@ limitations under the License.
 import React from "react";
 import { logger } from "matrix-js-sdk/src/logger";
 import { IKeyBackupInfo } from "matrix-js-sdk/src/crypto/keybackup";
 import { MatrixClientPeg } from "../../../../MatrixClientPeg";
 import { _t } from "../../../../languageHandler";
@ -75,24 +74,25 @@ export default class CreateKeyBackupDialog extends React.PureComponent<IProps, I
        this.setState({
            error: undefined,
        });
        let info: IKeyBackupInfo | undefined;
        const cli = MatrixClientPeg.safeGet();
        try {
-            await accessSecretStorage(async (): Promise<void> => {
+            // We don't want accessSecretStorage to create a backup for us - we
-                // `accessSecretStorage` will have bootstrapped secret storage if necessary, so we can now
+            // will create one ourselves in the closure we pass in by calling
-                // set up key backup.
+            // resetKeyBackup.
-                //
+            const setupNewKeyBackup = false;
-                // XXX: `bootstrapSecretStorage` also sets up key backup as a side effect, so there is a 90% chance
+            const forceReset = false;
-                // this is actually redundant.
+
-                //
+            await accessSecretStorage(
-                // The only time it would *not* be redundant would be if, for some reason, we had working 4S but no
+                async (): Promise<void> => {
-                // working key backup. (For example, if the user clicked "Delete Backup".)
+                    const crypto = cli.getCrypto();
-                info = await cli.prepareKeyBackupVersion(null /* random key */, {
+                    if (!crypto) {
-                    secureSecretStorage: true,
+                        throw new Error("End-to-end encryption is disabled - unable to create backup.");
-                });
+                    }
-                info = await cli.createKeyBackupVersion(info);
+                    await crypto.resetKeyBackup();
-            });
+                },
-            await cli.scheduleAllGroupSessionsForBackup();
+                forceReset,
                setupNewKeyBackup,
            );
            this.setState({
                phase: Phase.Done,
            });
@ -102,9 +102,6 @@ export default class CreateKeyBackupDialog extends React.PureComponent<IProps, I
            // delete the version, disable backup, or do nothing?  If we just
            // disable without deleting, we'll enable on next app reload since
            // it is trusted.
            if (info?.version) {
                cli.deleteKeyBackupVersion(info.version);
            }
            this.setState({
                error: true,
            });
--- a/test/SecurityManager-test.ts
+++ b/test/SecurityManager-test.ts
@ -0,0 +1,62 @@
 /*
 Copyright 2023 The Matrix.org Foundation C.I.C.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 import { mocked } from "jest-mock";
 import { CryptoApi } from "matrix-js-sdk/src/crypto-api";
 import { accessSecretStorage } from "../src/SecurityManager";
 import { filterConsole, stubClient } from "./test-utils";
 describe("SecurityManager", () => {
    describe("accessSecretStorage", () => {
        filterConsole("Not setting dehydration key: no SSSS key found");
        it("runs the function passed in", async () => {
            // Given a client
            const crypto = {
                bootstrapCrossSigning: () => {},
                bootstrapSecretStorage: () => {},
            } as unknown as CryptoApi;
            const client = stubClient();
            mocked(client.hasSecretStorageKey).mockResolvedValue(true);
            mocked(client.getCrypto).mockReturnValue(crypto);
            // When I run accessSecretStorage
            const func = jest.fn();
            await accessSecretStorage(func);
            // Then we call the passed-in function
            expect(func).toHaveBeenCalledTimes(1);
        });
        describe("expecting errors", () => {
            filterConsole("End-to-end encryption is disabled - unable to access secret storage");
            it("throws if crypto is unavailable", async () => {
                // Given a client with no crypto
                const client = stubClient();
                mocked(client.hasSecretStorageKey).mockResolvedValue(true);
                mocked(client.getCrypto).mockReturnValue(undefined);
                // When I run accessSecretStorage
                // Then we throw an error
                await expect(async () => {
                    await accessSecretStorage(jest.fn());
                }).rejects.toThrow("End-to-end encryption is disabled - unable to access secret storage");
            });
        });
    });
 });
--- a/test/components/views/dialogs/security/CreateKeyBackupDialog-test.tsx
+++ b/test/components/views/dialogs/security/CreateKeyBackupDialog-test.tsx
@ -19,11 +19,13 @@ import React from "react";
 import { mocked } from "jest-mock";
 import CreateKeyBackupDialog from "../../../../../src/async-components/views/dialogs/security/CreateKeyBackupDialog";
-import { createTestClient } from "../../../../test-utils";
+import { createTestClient, filterConsole } from "../../../../test-utils";
 import { MatrixClientPeg } from "../../../../../src/MatrixClientPeg";
 jest.mock("../../../../../src/SecurityManager", () => ({
-    accessSecretStorage: jest.fn().mockResolvedValue(undefined),
+    accessSecretStorage: async (func = async () => Promise<void>) => {
        await func();
    },
 }));
 describe("CreateKeyBackupDialog", () => {
@ -39,16 +41,33 @@ describe("CreateKeyBackupDialog", () => {
        expect(asFragment()).toMatchSnapshot();
    });
-    it("should display the error message when backup creation failed", async () => {
+    describe("expecting failure", () => {
-        const matrixClient = createTestClient();
+        filterConsole("Error creating key backup");
        mocked(matrixClient.scheduleAllGroupSessionsForBackup).mockRejectedValue("my error");
        MatrixClientPeg.safeGet = MatrixClientPeg.get = () => matrixClient;
-        const { asFragment } = render(<CreateKeyBackupDialog onFinished={jest.fn()} />);
+        it("should display an error message when backup creation failed", async () => {
            const matrixClient = createTestClient();
            mocked(matrixClient.getCrypto()!.resetKeyBackup).mockImplementation(() => {
                throw new Error("failed");
            });
            MatrixClientPeg.safeGet = MatrixClientPeg.get = () => matrixClient;
-        // Check if the error message is displayed
+            const { asFragment } = render(<CreateKeyBackupDialog onFinished={jest.fn()} />);
-        await waitFor(() => expect(screen.getByText("Unable to create key backup")).toBeDefined());
+
-        expect(asFragment()).toMatchSnapshot();
+            // Check if the error message is displayed
            await waitFor(() => expect(screen.getByText("Unable to create key backup")).toBeDefined());
            expect(asFragment()).toMatchSnapshot();
        });
        it("should display an error message when there is no Crypto available", async () => {
            const matrixClient = createTestClient();
            mocked(matrixClient.getCrypto).mockReturnValue(undefined);
            MatrixClientPeg.safeGet = MatrixClientPeg.get = () => matrixClient;
            render(<CreateKeyBackupDialog onFinished={jest.fn()} />);
            // Check if the error message is displayed
            await waitFor(() => expect(screen.getByText("Unable to create key backup")).toBeDefined());
        });
    });
    it("should display the success dialog when the key backup is finished", async () => {
--- a/test/components/views/dialogs/security/snapshots/CreateKeyBackupDialog-test.tsx.snap
+++ b/test/components/views/dialogs/security/snapshots/CreateKeyBackupDialog-test.tsx.snap
@ -1,6 +1,6 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-exports[`CreateKeyBackupDialog should display the error message when backup creation failed 1`] = `
+exports[`CreateKeyBackupDialog expecting failure should display an error message when backup creation failed 1`] = `
 <DocumentFragment>
  <div
    data-focus-guard="true"
--- a/test/test-utils/test-utils.ts
+++ b/test/test-utils/test-utils.ts
@ -132,6 +132,7 @@ export function createTestClient(): MatrixClient {
            getUserDeviceInfo: jest.fn(),
            getUserVerificationStatus: jest.fn(),
            getDeviceVerificationStatus: jest.fn(),
            resetKeyBackup: jest.fn(),
        }),
        getPushActionsForEvent: jest.fn(),