* Force verification even for refreshed cients
Set a flag on login to remember that the device needs to be verified
so that we don't forget if the user refreshes the page, but still allow
user with an existing unverified session to stay logged in.
* Hopefully make matrixchat tests pass?
Much, much tweaking to make the matrixchat tests pass again. Should
hopefully make them a bit more solid in general with judicious use of
waitFor rather than flushPromises(). Also lots of fun to stop the state
bleeding between tests.
* Manual yarn.lock manipulation
to hopefully resolve infinite package sadness
* Make final test pass(?)
Mock out the createClient method to return the same client, because
we've mocked the peg to always return that client, so if we let the
code make another one having still overridden the peg, everything becomes
cursed.
Also mock out the autodiscovery stuff rather than relying on fetch-mock.
* another waitFor
* death to flushPromises
* Put the logged in dispatch back
Actually it breaks all sorts of other things too, having fixed all the
MatrixChat tests (although this is useful anyway).
* Try displaying the screen in onClientStarted instead
* Put post login screen back in logged in
but move ready transition to avoid flash of main UI
* Rejig more in the hope it does the right thing
* Make hook work before push rules are fetched
* Add test for unskippable verification
* Add test for use case selection
* Fix test
* Add playwright test for unskippable verification
* Remove console log
* Add log message to log line
* Add tsdoc
* Use useTypedEventEmitter
* Remove commented code
* Use catch instead of empty then on unawaited promises
or in one case just await it because the caller was async anyway
* Add new mock
* tokens.ts: improve documentation
Improve variable naming and documentation on the methods in `tokens.ts`.
* rename restoreFromLocalStorage
Since the session data isn't actually stored in localstorage, this feels like a
misleading name.
* Lifecycle: bail out if picklekey is missing
Currently, if we have an accesstoken which is encrypted with a picklekey, but
the picklekey has gone missing, we carry on with no access token at all. This
is sure to blow up in some way or other later on, but in a rather cryptic way.
Instead, let's bail out early.
(This will produce a "can't restore session" error, but we normally see one of
those anyway because we can't initialise the crypto store.)
* Warn users on unsupported browsers before they lack features
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update Learn more link
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add comments
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
And clear it in the widget layout store test, also fixing the tests
which didn't actually individually as they actually relied on the state
bleeding between tests.
* Element-R: pass pickleKey in as raw key for indexeddb encryption
Currently, we pass the `pickleKey` to the rust library for use as a passphrase
for encrypting its crypto store. The Rust libary then passes that passphrase
through 200000 rounds of PBKDF2 to generate an encryption key, which is
(deliberately) slow.
However, the pickleKey is actually 32 bytes of random data (base64-encoded). By
passing the raw key into the rust library, we can therefore save the PBKDF
operation.
Backwards-compatibility with existing sessions is maintained, because if the
rust library discovers that the store was previously encrypted with a key based
on a PBKDF, it will re-base64 and PBKDF the key we provide, thus reconstructing
the right key.
* Update src/Lifecycle.ts
Co-authored-by: Florian Duros <florianduros@element.io>
* Lifecycle-test: clean up test setup
Rely less on the unit under test for setting up the test preconditions -- not
least because we don't really want to fire up matrix clients and the like
during test setup.
* Factor out "encryptPickleKey" method
For a start it makes it easier to grok what's going on, but also I went to use
this in a test
* Improve tests for `Lifecycle.restoreFromLocalStorage`
---------
Co-authored-by: Florian Duros <florianduros@element.io>
* Fix `element-desktop-ssoid being` included in OIDC Authorization call
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Split out oidc callback url into its own method
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix unexpected hash on oidc callback url
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update src/BasePlatform.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Store id_token rather than just id_token_claims
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Pass id_token via `id_token_hint` on `Manage Account` interaction
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Send user credentials to service worker for MSC3916 authentication
* appease linter
* Add initial test
The test fails, seemingly because the service worker isn't being installed or because the network mock can't reach that far.
* Remove unsafe access token code
* Split out base IDB operations to avoid importing `document` in serviceworkers
* Use safe crypto access for service workers
* Fix tests/unsafe access
* Remove backwards compatibility layer & appease linter
* Add docs
* Fix tests
* Appease the linter
* Iterate tests
* Factor out pickle key handling for service workers
* Enable everything we can about service workers
* Appease the linter
* Add docs
* Rename win32 image to linux in hopes of it just working
* Use actual image
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Improve documentation
* Document `??` not working
* Try to appease the tests
* Add some notes
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Changed call sites from customisations/security to ModuleRunner.extensions
* Updated depenndecy and added tests
* Fixed style and formatting with prettier
* Fix according to Element PR comments
* Fixing issues raised in PR review
* Removed commented code. Improved encapsulation. Removed noisy logging
* Improved language of comment about calling the factory
* Refactor to get better encapsulation
* Find a better name. Provide explicit reset function. Provide more TSDoc
* Simplify mock for cryptoSetup, and add assertion for exception message.
* Remove unused className property. Adjust TSDoc comments
* Fix linting and code style issues
* Added test to ensure we canregister anduse experimental extensions
* Fix linting and code-style issues
* Added test to ensure only on registration of experimental extensions
* Added test toensure call to getDehydratedDeviceCallback()
* Test what happens when there is no implementation
* Iterating cryptoSetup tests
* Lint/prettier fix
* Assert both branches when checking for dehydrationkey callback
* Update src/modules/ModuleRunner.ts
Language and formatting
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Reset by setting a fresh ExtensionsManager
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Use regular comment instead of TSDoc style comment
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update test/MatrixClientPeg-test.ts
No need to extend the base class
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Fix spelling
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Fix spelling
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Fix TSDoc formatting
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Simplify mock setup
* Simplified mock and cleaned up a bit
* Keeping track of extensions is an implementation detail internal to ExtensionsManager. Language and punctuation
* Addressed issues and comments from PR review
* Update src/modules/ModuleRunner.ts
Keep the flags to track implementations as direct properties
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix flattening of implementation map
* Update src/modules/ModuleRunner.ts
Fix whitespace
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix spurious session corruption error
Move the server versions check to each time we reconnect to the server
rather than the first time,although, as per comment it will still only
trigger the first time, but it will avoid us awaiting and mean we know
we're connected to the server when we try, and get automatic retries.
Fixes https://github.com/element-hq/element-web/issues/26967
* Move test & add regression test
* Write some more tests
* More comments & catch exceptions in server versions check
* Note caching behaviour
* Typo
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Remove the bit of the comment that might be wrong
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix overwrite login action not stopping client
* remove unneeded fixture for overwrite login test
* Fix playwrite bad import of app sources
* revert uneeded change on fore OnLoggedIn causing side effects
* Add unit test for overwrite login action
* remove un needed ts-ignore
* Reuse exported common type
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve client metadata used for OIDC dynamic registration
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix Native OIDC for Element Desktop by including ssoid in the url_state of the /auth call
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Reuse exported common type
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve client metadata used for OIDC dynamic registration
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix typo
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix test
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Mock PlatformPeg
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Mock platform
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add comment
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve comment
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update src/BasePlatform.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Do not remove the language when clearing local storage
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
* Revised comment on getting the defined language from settings
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
* Explicitly checking for language set at the device level
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
* Add test that checks if device language setting is kept after a successfull delegated authentication flow
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
* Adds test for unhappy path and adjusts to use the SettingsStore instead of going directly to localStorage
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
* Removing unnecessary variable after test refactor
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
---------
Signed-off-by: Milton Moura <miltonmoura@gmail.com>
* add delegatedauthentication to validated server config
* dynamic client registration functions
* test OP registration functions
* add stubbed nativeOidc flow setup in Login
* cover more error cases in Login
* tidy
* test dynamic client registration in Login
* comment oidc_static_clients
* register oidc inside Login.getFlows
* strict fixes
* remove unused code
* and imports
* comments
* comments 2
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* OidcRegistrationClientMetadata type
* navigate to oidc authorize url
* exchange code for token
* navigate to oidc authorize url
* navigate to oidc authorize url
* test
* adjust for js-sdk code
* login with oidc native flow: messy version
* tidy
* update test for response_mode query
* tidy up some TODOs
* use new types
* add identityServerUrl to stored params
* unit test completeOidcLogin
* test tokenlogin
* strict
* whitespace
* tidy
* unit test oidc login flow in MatrixChat
* strict
* tidy
* extract success/failure handlers from token login function
* typo
* use for no homeserver error dialog too
* reuse post-token login functions, test
* shuffle testing utils around
* shuffle testing utils around
* i18n
* tidy
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* tidy
* comment
* update tests for id token validation
* move try again responsibility
* prettier
* add friendly error messages for oidc authorization failures
* i18n
* update for new translations, tidy
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* very messy poc
* utils to persist clientId and issuer after oidc authentication
* add dep oidc-client-ts
* persist issuer and clientId after successful oidc auth
* add OidcClientStore
* comments and tidy
* expose getters for stored refresh and access tokens in Lifecycle
* revoke tokens with oidc provider
* test logout action in MatrixChat
* comments
* prettier
* test OidcClientStore.revokeTokens
* put pickle key destruction back
* comment pedantry
* working refresh without persistence
* extract token persistence functions to utils
* add sugar
* implement TokenRefresher class with persistence
* tidying
* persist idTokenClaims
* persist idTokenClaims
* tests
* remove unused cde
* create token refresher during doSetLoggedIn
* tidying
* also tidying
* OidcClientStore.initClient use stored issuer when client well known unavailable
* test Lifecycle.logout
* update Lifecycle test replaceUsingCreds calls
* fix test
* tidy
* test tokenrefresher creation in login flow
* test token refresher
* Update src/utils/oidc/TokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use literal value for m.authentication
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* improve comments
* fix test mock, comment
* typo
* add sdkContext to SoftLogout, pass oidcClientStore to logout
* fullstops
* comments
* fussy comment formatting
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* very messy poc
* comments
* prettier
* comment pedantry
* working refresh without persistence
* extract token persistence functions to utils
* add sugar
* implement TokenRefresher class with persistence
* tidying
* persist idTokenClaims
* persist idTokenClaims
* tests
* remove unused cde
* create token refresher during doSetLoggedIn
* tidying
* also tidying
* update Lifecycle test replaceUsingCreds calls
* tidy
* test tokenrefresher creation in login flow
* test token refresher
* Update src/utils/oidc/TokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use literal value for m.authentication
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* improve comments
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* comments
* prettier
* comment pedantry
* fix code smell - nullish coalesce instead of ||
* more comments
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* comments
* prettier
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* comments
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* utils to persist clientId and issuer after oidc authentication
* add dep oidc-client-ts
* persist issuer and clientId after successful oidc auth
* add OidcClientStore
* comments and tidy
* format
* add delegatedauthentication to validated server config
* dynamic client registration functions
* test OP registration functions
* add stubbed nativeOidc flow setup in Login
* cover more error cases in Login
* tidy
* test dynamic client registration in Login
* comment oidc_static_clients
* register oidc inside Login.getFlows
* strict fixes
* remove unused code
* and imports
* comments
* comments 2
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* OidcRegistrationClientMetadata type
* navigate to oidc authorize url
* exchange code for token
* navigate to oidc authorize url
* navigate to oidc authorize url
* test
* adjust for js-sdk code
* login with oidc native flow: messy version
* tidy
* update test for response_mode query
* tidy up some TODOs
* use new types
* add identityServerUrl to stored params
* unit test completeOidcLogin
* test tokenlogin
* strict
* whitespace
* tidy
* unit test oidc login flow in MatrixChat
* strict
* tidy
* extract success/failure handlers from token login function
* typo
* use for no homeserver error dialog too
* reuse post-token login functions, test
* shuffle testing utils around
* shuffle testing utils around
* i18n
* tidy
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* tidy
* comment
* update tests for id token validation
* move try again responsibility
* prettier
* use more future proof config for static clients
* test util for oidcclientconfigs
* rename type and lint
* correct oidc test util
* store issuer and clientId pre auth navigation
* adjust for js-sdk changes
* update for js-sdk userstate, tidy
* update MatrixChat tests
* update tests
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* extract success/failure handlers from token login function
* typo
* use for no homeserver error dialog too
* i18n
* tidy
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* move try again responsibility
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
