Commit graph

16 commits

Author SHA1 Message Date
Richard van der Hoff
433c14e5a9
Log clearer errors when picklekey goes missing (#27)
* tokens.ts: improve documentation

Improve variable naming and documentation on the methods in `tokens.ts`.

* rename restoreFromLocalStorage

Since the session data isn't actually stored in localstorage, this feels like a
misleading name.

* Lifecycle: bail out if picklekey is missing

Currently, if we have an accesstoken which is encrypted with a picklekey, but
the picklekey has gone missing, we carry on with no access token at all. This
is sure to blow up in some way or other later on, but in a rather cryptic way.

Instead, let's bail out early.

(This will produce a "can't restore session" error, but we normally see one of
those anyway because we can't initialise the crypto store.)
2024-09-11 15:13:04 +00:00
David Langley
491f0cd08a
Change license (#13)
* Copyright headers 1

* Licence headers 2

* Copyright Headers 3

* Copyright Headers 4

* Copyright Headers 5

* Copyright Headers 6

* Copyright headers 7

* Add copyright headers for html and config file

* Replace license files and update package.json

* Update with CLA

* lint
2024-09-09 13:57:16 +00:00
Richard van der Hoff
b2a89151e6
Remove redundant call to setCrypto (#12738)
Since matrix-org/matrix-js-sdk#4292, this thing is a no-op.
2024-07-08 10:57:54 +00:00
Richard van der Hoff
0a01320fca
Element-R: pass pickleKey in as raw key for indexeddb encryption (#12543)
* Element-R: pass pickleKey in as raw key for indexeddb encryption

Currently, we pass the `pickleKey` to the rust library for use as a passphrase
for encrypting its crypto store. The Rust libary then passes that passphrase
through 200000 rounds of PBKDF2 to generate an encryption key, which is
(deliberately) slow.

However, the pickleKey is actually 32 bytes of random data (base64-encoded). By
passing the raw key into the rust library, we can therefore save the PBKDF
operation.

Backwards-compatibility with existing sessions is maintained, because if the
rust library discovers that the store was previously encrypted with a key based
on a PBKDF, it will re-base64 and PBKDF the key we provide, thus reconstructing
the right key.

* Update src/Lifecycle.ts

Co-authored-by: Florian Duros <florianduros@element.io>

* Lifecycle-test: clean up test setup

Rely less on the unit under test for setting up the test preconditions -- not
least because we don't really want to fire up matrix clients and the like
during test setup.

* Factor out "encryptPickleKey" method

For a start it makes it easier to grok what's going on, but also I went to use
this in a test

* Improve tests for `Lifecycle.restoreFromLocalStorage`

---------

Co-authored-by: Florian Duros <florianduros@element.io>
2024-06-05 08:52:28 +00:00
Michael Telatynski
580bb5537d
OIDC: pass id_token via id_token_hint on Manage Account interaction (#12499)
* Store id_token rather than just id_token_claims

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Pass id_token via `id_token_hint` on `Manage Account` interaction

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Fix tests

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-05-07 11:27:37 +00:00
Travis Ralston
d25d529e86
Extract functions for service worker usage, and add initial MSC3916 playwright test (when supported) (#12414)
* Send user credentials to service worker for MSC3916 authentication

* appease linter

* Add initial test

The test fails, seemingly because the service worker isn't being installed or because the network mock can't reach that far.

* Remove unsafe access token code

* Split out base IDB operations to avoid importing `document` in serviceworkers

* Use safe crypto access for service workers

* Fix tests/unsafe access

* Remove backwards compatibility layer & appease linter

* Add docs

* Fix tests

* Appease the linter

* Iterate tests

* Factor out pickle key handling for service workers

* Enable everything we can about service workers

* Appease the linter

* Add docs

* Rename win32 image to linux in hopes of it just working

* Use actual image

* Apply suggestions from code review

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Improve documentation

* Document `??` not working

* Try to appease the tests

* Add some notes

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-05-02 22:19:55 +00:00
David Baker
1403cd851a
Fix spurious session corruption error (#12280)
* Fix spurious session corruption error

Move the server versions check to each time we reconnect to the server
rather than the first time,although, as per comment it will still only
trigger the first time, but it will avoid us awaiting and mean we know
we're connected to the server when we try, and get automatic retries.

Fixes https://github.com/element-hq/element-web/issues/26967

* Move test & add regression test

* Write some more tests

* More comments & catch exceptions in server versions check

* Note caching behaviour

* Typo

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* Remove the bit of the comment that might be wrong

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-26 15:30:32 +00:00
Michael Telatynski
7b1e8e3d2f
Update MSC2965 OIDC Discovery implementation (#12245)
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2024-02-23 16:43:14 +00:00
Valere
8a70260c81
ModuleAPI: overwrite_login action was not stopping the existing client resulting in the action failing with rust-sdk (#12272)
* Fix overwrite login action not stopping client

* remove unneeded fixture for overwrite login test

* Fix playwrite bad import of app sources

* revert uneeded change on fore OnLoggedIn causing side effects

* Add unit test for overwrite login action

* remove un needed ts-ignore
2024-02-22 15:41:21 +00:00
Richard van der Hoff
a8cc6cc207
Broaden support for matrix spec versions (#12154)
Something of a compainion to
https://github.com/matrix-org/matrix-js-sdk/pull/4014, but also covering the
issues discussed at
https://github.com/matrix-org/matrix-js-sdk/issues/3915#issuecomment-1865221366.

In short: we should not reject servers which only implement recent versions of
the spec. Doing so holds back the ecosystem by requiring all new servers to
implement features that nobody actually uses any more.
2024-01-19 10:00:22 +00:00
Kerry
84ca519b3f
OIDC: revoke tokens on logout (#11718)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* extract token persisting code into function, persist refresh token

* store has_refresh_token too

* pass refreshToken from oidcAuthGrant into credentials

* rest restore session with pickle key

* retreive stored refresh token and add to credentials

* extract token decryption into function

* remove TODO

* very messy poc

* utils to persist clientId and issuer after oidc authentication

* add dep oidc-client-ts

* persist issuer and clientId after successful oidc auth

* add OidcClientStore

* comments and tidy

* expose getters for stored refresh and access tokens in Lifecycle

* revoke tokens with oidc provider

* test logout action in MatrixChat

* comments

* prettier

* test OidcClientStore.revokeTokens

* put pickle key destruction back

* comment pedantry

* working refresh without persistence

* extract token persistence functions to utils

* add sugar

* implement TokenRefresher class with persistence

* tidying

* persist idTokenClaims

* persist idTokenClaims

* tests

* remove unused cde

* create token refresher during doSetLoggedIn

* tidying

* also tidying

* OidcClientStore.initClient use stored issuer when client well known unavailable

* test Lifecycle.logout

* update Lifecycle test replaceUsingCreds calls

* fix test

* tidy

* test tokenrefresher creation in login flow

* test token refresher

* Update src/utils/oidc/TokenRefresher.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* use literal value for m.authentication

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* improve comments

* fix test mock, comment

* typo

* add sdkContext to SoftLogout, pass oidcClientStore to logout

* fullstops

* comments

* fussy comment formatting

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-15 21:35:25 +00:00
Kerry
3a025c4b21
OIDC: refresh tokens (#11699)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* extract token persisting code into function, persist refresh token

* store has_refresh_token too

* pass refreshToken from oidcAuthGrant into credentials

* rest restore session with pickle key

* retreive stored refresh token and add to credentials

* extract token decryption into function

* remove TODO

* very messy poc

* comments

* prettier

* comment pedantry

* working refresh without persistence

* extract token persistence functions to utils

* add sugar

* implement TokenRefresher class with persistence

* tidying

* persist idTokenClaims

* persist idTokenClaims

* tests

* remove unused cde

* create token refresher during doSetLoggedIn

* tidying

* also tidying

* update Lifecycle test replaceUsingCreds calls

* tidy

* test tokenrefresher creation in login flow

* test token refresher

* Update src/utils/oidc/TokenRefresher.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* use literal value for m.authentication

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* improve comments

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-10-12 00:49:07 +00:00
Kerry
ef5a93b702
OIDC: retrieve refreshToken from storage (#11250)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* extract token persisting code into function, persist refresh token

* store has_refresh_token too

* pass refreshToken from oidcAuthGrant into credentials

* rest restore session with pickle key

* retreive stored refresh token and add to credentials

* extract token decryption into function

* remove TODO

* comments

* prettier

* comment pedantry

* fix code smell - nullish coalesce instead of ||

* more comments
2023-09-28 04:38:31 +00:00
Kerry
46072caa3a
OIDC: persist refresh token (#11249)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* extract token persisting code into function, persist refresh token

* store has_refresh_token too

* pass refreshToken from oidcAuthGrant into credentials

* rest restore session with pickle key

* comments

* prettier

* Update src/Lifecycle.ts

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

* comments

---------

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2023-09-19 00:06:19 +00:00
Travis Ralston
180fcaa70f
Support Matrix 1.1 (drop legacy r0 versions) (#9819)
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
2023-08-14 09:25:13 +01:00
Kerry
689089d9e6
Jest test coverage for Lifecycle.persistCredentials (#11243)
* test persistCredentials without a pickle key

* test setLoggedIn with pickle key

* lint

* type error

* rest restore session with pickle key
2023-07-19 07:40:40 +00:00