MSC: https://github.com/matrix-org/matrix-doc/pull/2918
Fixes https://github.com/vector-im/element-web/issues/18698
Fixes https://github.com/vector-im/element-web/issues/20648
**Requires https://github.com/matrix-org/matrix-js-sdk/pull/2178**
**Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date).
----
This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens.
If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again.
This additionally contains a change to fix soft logout not working, per the issue links above.
Of interest may be the IPC approach which was ultimately declined in favour of this change instead: https://github.com/matrix-org/matrix-react-sdk/pull/7803
* Add a new flag pseudonymousAnalyticsOptIn replacing analyticsOptIn, stored at account level, so people only need to opt in once.
* Show a toast in login to users that have analyticsOptIn set but not yet pseudonymousAnalyticsOptIn prompting them confirm the new method is okay. Update the copy of the existing opt-in toast. Don't notify users that previously opted out.
* Update the copy in settings
* Add a new learn more dialog
* Support a new config flag analyticsOwner which is used in these toasts when explaining which entity the data is sent to ("Help improve %(analyticsOwner)"). If unset, display brand. This allows deployments whose brand differs from the receiver of the analytics to explain the situation to their users (e.g. AcmeCorp badges their app, but explains the data is sent to Element, not them)
* The new opt-in and flags are only used when posthog is configured; prior to that there are no changes to UX or tracking behaviour.
* sharedInstance() -> instance
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Use CallState event instead of dispatching
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Simplifie some code
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Use a method to start a call instead of the dispatcher
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Use a method instead of place_conference_call
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Make terminateCallApp() and hangupCallApp() public
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Use hangupAllCalls() instead of the dispatcher
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Make dialNumber(), startTransferToMatrixID() and startTransferToPhoneNumber() public instead of using the dispatcher
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Use answerCall() instead of using the dispatcher
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Use hangupOrReject() instead of the dispatcher
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Update docs
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Improve TS
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Dispatch call_state, see https://github.com/vector-im/element-web/pull/18823#issuecomment-917377277
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Add missing import
Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Enable sentry global handlers if automaticErrorReporting is on
* Pass the exception through on session restore error
Passing the exception object itself through to the BugReportDialog means a stack trace can be correctly recorded in Sentry
Turns out a lot of the typescript warnings about improper warnings were correct. TypeScript appears to be pulling in two copies of the js-sdk when we do this, which can lead to type conflicts (or worse: the wrong code entirely). We fix this at the webpack level by explicitly importing from `src`, but some alternative build structures have broken tests because of this - jest ends up pulling in the "wrong" js-sdk, breaking things.
Use replaceState instead of a redirect to strip the loginToken
Put user into the same post-auth flows of E2ESetup
Skip UIA prompt in this post-auth flow, happy path is a server grace period
This will help specific deployments that need to do something custom here such
as redirect the user or call some API after Element has logged out and cleared
storage.
This adds various customisations point in the app for security related
decisions. By default, these do nothing, but would be customised at the
app level via module replacement (so that no changes are needed here in the
SDK).
Fixes https://github.com/vector-im/element-web/issues/15350
TypeScript helpfully pointed me towards this dead code, which has been floating
around unused for a while. If we want to bring back ILAG in the future, we can
always revive it from history.