This migrates one bucket of files using some amount of Flow typing to mark them
as TypeScript instead. The remaining type errors are fixed in subsequent
commits.
Turns out a lot of the typescript warnings about improper warnings were correct. TypeScript appears to be pulling in two copies of the js-sdk when we do this, which can lead to type conflicts (or worse: the wrong code entirely). We fix this at the webpack level by explicitly importing from `src`, but some alternative build structures have broken tests because of this - jest ends up pulling in the "wrong" js-sdk, breaking things.
This adds various customisations point in the app for security related
decisions. By default, these do nothing, but would be customised at the
app level via module replacement (so that no changes are needed here in the
SDK).
Fixes https://github.com/vector-im/element-web/issues/15350
This adds support for the `secure_backup_setup_methods` key, which allows HS
admins to state that Element should simplify down to only one setup method,
rather than offering both.
Fixes https://github.com/vector-im/element-web/issues/15238
With this change, Element now creates cross-signing keys during auth flows for
password login. For other auth flows like token / SSO, it will not happen until
a cross-signing / secret storage dialog flow as before.
This adds set up and reset actions to each of cross-signing and secure backup
that do separate things, rather than mixing concerns together. (It's temporarily
still a bit of lie for backup, as more changes are needed to stop resetting
cross-signing as well.)
This supplies a cache callback to the JS SDK so that we can be notified if a new
storage key is created e.g. by resetting secret storage. This allows it to be
supplied automatically in case it's needed in the same user operation, as it is
when resetting both secret storage and cross-signing together.
This migrates to the new JS SDK APIs, which now use separate paths for
cross-signing and secret storage setup. There should be no functional change
here.
Part of https://github.com/vector-im/element-web/issues/13895
Although passphrase / passphrase confirm is still split between two
screens because that's more work to change and probably is not a pivotal
part of the UI that needs to change in step with everything else.
Like a5f3318f3b, this proves that the new dispatcher conversion works for fire-and-forget style dispatches too. This is another obvious-if-broken and generally safe conversion to make.
Other actions which can be dispatched this way have been excluded for reasons mentioned in the Action enum's comments.
Fixes https://github.com/vector-im/riot-web/issues/13562
We only initialize a new key backup if the user requested one. If they've requested new keys but have not asked for keys to be backed up, we simply delete the now-invalid backup.
This also adds some logging to identify in rageshakes when someone resets their cross-signing, and when their key backup is being deleted.
If we already have an account password to use during secret storage setup, then
it's highly likely that the homeserver accepts passwords for device signing key
upload as well. This change then assumes password auth will work without
checking to avoid a request when the server is under high load.
Fixes https://github.com/vector-im/riot-web/issues/13286
If we ask for the key backup key early in creating secret storage to ensure we
trust the backup, then we stash it to ensure it's available to bootstrap as well
without prompting again.
Fixes https://github.com/vector-im/riot-web/issues/12958
These TODO comments are expected to be fixed ASAP, but until that happens let's minimize the errors in the console for development.
For https://github.com/vector-im/riot-web/issues/12877
These all aren't using componentDidMount because they do something which causes application instability if componentDidMount were used. Much of these calls are expected to move into constructors once they are converted to real classes.
This fixes a common React warning we see. Most of these components should be using constructors instead, however componentDidMount is just as good (and doesn't require converting most of these).
Conversion to classes will be done in a later stage of React warning fixes.
For https://github.com/vector-im/riot-web/issues/12877
This passes the newly created secret storage key down to the bootstrap path for
temporary caching to avoid prompting the user for it again in the later stages
of bootstrapping.
Fixes https://github.com/vector-im/riot-web/issues/12867
This uses the latest backup status we just retrieved by returning from the
lookup path (instead of using it indirectly via state). This is important
because state updates are batched, so we can't rely on the value to be updated
immediately like we were.
Fixes https://github.com/vector-im/riot-web/issues/12562
This shows the account password variation of upgrade encryption first if it's
possible to do so. This ensures we match the logic that locks the next button.
Fixes https://github.com/vector-im/riot-web/issues/12560
This checks the homeserver to ensure it supports cross-signing (via the versions
feature flag) before attempting bootstrapping or offering user verification.
Fixes https://github.com/vector-im/riot-web/issues/11863
