Merge pull request #6703 from vector-im/feature/bca/crosssigning_reset_warning
warn on cross signing reset
This commit is contained in:
commit
005e712396
1
changelog.d/6702.bugfix
Normal file
1
changelog.d/6702.bugfix
Normal file
@ -0,0 +1 @@
|
||||
Add Warning shield when a user previously verified rotated their cross signing keys
|
@ -167,7 +167,8 @@ ext.libs = [
|
||||
tests : [
|
||||
'kluent' : "org.amshove.kluent:kluent-android:1.68",
|
||||
'timberJunitRule' : "net.lachlanmckee:timber-junit-rule:1.0.1",
|
||||
'junit' : "junit:junit:4.13.2"
|
||||
'junit' : "junit:junit:4.13.2",
|
||||
'robolectric' : "org.robolectric:robolectric:4.8",
|
||||
]
|
||||
]
|
||||
|
||||
|
@ -365,7 +365,7 @@ class CryptoTestHelper(val testHelper: CommonTestHelper) {
|
||||
}
|
||||
|
||||
testHelper.retryPeriodically {
|
||||
alice.cryptoService().crossSigningService().isUserTrusted(bob.myUserId)
|
||||
bob.cryptoService().crossSigningService().isUserTrusted(alice.myUserId)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -25,7 +25,6 @@ import org.junit.Assert.assertNull
|
||||
import org.junit.Assert.assertTrue
|
||||
import org.junit.Assert.fail
|
||||
import org.junit.FixMethodOrder
|
||||
import org.junit.Ignore
|
||||
import org.junit.Test
|
||||
import org.junit.runner.RunWith
|
||||
import org.junit.runners.MethodSorters
|
||||
@ -42,13 +41,13 @@ import org.matrix.android.sdk.common.CommonTestHelper.Companion.runCryptoTest
|
||||
import org.matrix.android.sdk.common.CommonTestHelper.Companion.runSessionTest
|
||||
import org.matrix.android.sdk.common.SessionTestParams
|
||||
import org.matrix.android.sdk.common.TestConstants
|
||||
import timber.log.Timber
|
||||
import kotlin.coroutines.Continuation
|
||||
import kotlin.coroutines.resume
|
||||
|
||||
@RunWith(AndroidJUnit4::class)
|
||||
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
|
||||
@LargeTest
|
||||
@Ignore
|
||||
class XSigningTest : InstrumentedTest {
|
||||
|
||||
@Test
|
||||
@ -214,4 +213,104 @@ class XSigningTest : InstrumentedTest {
|
||||
val result = aliceSession.cryptoService().crossSigningService().checkDeviceTrust(bobUserId, bobSecondDeviceId, null)
|
||||
assertTrue("Bob second device should be trusted from alice POV", result.isCrossSignedVerified())
|
||||
}
|
||||
|
||||
@Test
|
||||
fun testWarnOnCrossSigningReset() = runCryptoTest(context()) { cryptoTestHelper, testHelper ->
|
||||
val cryptoTestData = cryptoTestHelper.doE2ETestWithAliceAndBobInARoom()
|
||||
|
||||
val aliceSession = cryptoTestData.firstSession
|
||||
val bobSession = cryptoTestData.secondSession
|
||||
|
||||
val aliceAuthParams = UserPasswordAuth(
|
||||
user = aliceSession.myUserId,
|
||||
password = TestConstants.PASSWORD
|
||||
)
|
||||
val bobAuthParams = UserPasswordAuth(
|
||||
user = bobSession!!.myUserId,
|
||||
password = TestConstants.PASSWORD
|
||||
)
|
||||
|
||||
testHelper.waitForCallback<Unit> {
|
||||
aliceSession.cryptoService().crossSigningService().initializeCrossSigning(object : UserInteractiveAuthInterceptor {
|
||||
override fun performStage(flowResponse: RegistrationFlowResponse, errCode: String?, promise: Continuation<UIABaseAuth>) {
|
||||
promise.resume(aliceAuthParams)
|
||||
}
|
||||
}, it)
|
||||
}
|
||||
testHelper.waitForCallback<Unit> {
|
||||
bobSession.cryptoService().crossSigningService().initializeCrossSigning(object : UserInteractiveAuthInterceptor {
|
||||
override fun performStage(flowResponse: RegistrationFlowResponse, errCode: String?, promise: Continuation<UIABaseAuth>) {
|
||||
promise.resume(bobAuthParams)
|
||||
}
|
||||
}, it)
|
||||
}
|
||||
|
||||
cryptoTestHelper.verifySASCrossSign(aliceSession, bobSession, cryptoTestData.roomId)
|
||||
|
||||
testHelper.retryPeriodically {
|
||||
aliceSession.cryptoService().crossSigningService().isUserTrusted(bobSession.myUserId)
|
||||
}
|
||||
|
||||
testHelper.retryPeriodically {
|
||||
aliceSession.cryptoService().crossSigningService().checkUserTrust(bobSession.myUserId).isVerified()
|
||||
}
|
||||
|
||||
aliceSession.cryptoService()
|
||||
// Ensure also that bob device is trusted
|
||||
testHelper.retryPeriodically {
|
||||
val deviceInfo = aliceSession.cryptoService().getUserDevices(bobSession.myUserId).firstOrNull()
|
||||
Timber.v("#TEST device:${deviceInfo?.shortDebugString()} trust ${deviceInfo?.trustLevel}")
|
||||
deviceInfo?.trustLevel?.crossSigningVerified == true
|
||||
}
|
||||
|
||||
val currentBobMSK = aliceSession.cryptoService().crossSigningService()
|
||||
.getUserCrossSigningKeys(bobSession.myUserId)!!
|
||||
.masterKey()!!.unpaddedBase64PublicKey!!
|
||||
|
||||
testHelper.waitForCallback<Unit> {
|
||||
bobSession.cryptoService().crossSigningService().initializeCrossSigning(object : UserInteractiveAuthInterceptor {
|
||||
override fun performStage(flowResponse: RegistrationFlowResponse, errCode: String?, promise: Continuation<UIABaseAuth>) {
|
||||
promise.resume(bobAuthParams)
|
||||
}
|
||||
}, it)
|
||||
}
|
||||
|
||||
testHelper.retryPeriodically {
|
||||
val newBobMsk = aliceSession.cryptoService().crossSigningService()
|
||||
.getUserCrossSigningKeys(bobSession.myUserId)
|
||||
?.masterKey()?.unpaddedBase64PublicKey
|
||||
newBobMsk != null && newBobMsk != currentBobMSK
|
||||
}
|
||||
|
||||
// trick to force event to sync
|
||||
bobSession.roomService().getRoom(cryptoTestData.roomId)!!.typingService().userIsTyping()
|
||||
|
||||
// assert that bob is not trusted anymore from alice s
|
||||
testHelper.retryPeriodically {
|
||||
val trust = aliceSession.cryptoService().crossSigningService().checkUserTrust(bobSession.myUserId)
|
||||
!trust.isVerified()
|
||||
}
|
||||
|
||||
// trick to force event to sync
|
||||
bobSession.roomService().getRoom(cryptoTestData.roomId)!!.typingService().userStopsTyping()
|
||||
bobSession.roomService().getRoom(cryptoTestData.roomId)!!.typingService().userIsTyping()
|
||||
|
||||
testHelper.retryPeriodically {
|
||||
val info = aliceSession.cryptoService().crossSigningService().getUserCrossSigningKeys(bobSession.myUserId)
|
||||
info?.wasTrustedOnce == true
|
||||
}
|
||||
|
||||
// trick to force event to sync
|
||||
bobSession.roomService().getRoom(cryptoTestData.roomId)!!.typingService().userStopsTyping()
|
||||
bobSession.roomService().getRoom(cryptoTestData.roomId)!!.typingService().userIsTyping()
|
||||
|
||||
testHelper.retryPeriodically {
|
||||
!aliceSession.cryptoService().crossSigningService().isUserTrusted(bobSession.myUserId)
|
||||
}
|
||||
|
||||
// Ensure also that bob device are not trusted
|
||||
testHelper.retryPeriodically {
|
||||
aliceSession.cryptoService().getUserDevices(bobSession.myUserId).first().trustLevel?.crossSigningVerified != true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -18,7 +18,8 @@ package org.matrix.android.sdk.api.session.crypto.crosssigning
|
||||
|
||||
data class MXCrossSigningInfo(
|
||||
val userId: String,
|
||||
val crossSigningKeys: List<CryptoCrossSigningKey>
|
||||
val crossSigningKeys: List<CryptoCrossSigningKey>,
|
||||
val wasTrustedOnce: Boolean
|
||||
) {
|
||||
|
||||
fun isTrusted(): Boolean = masterKey()?.trustLevel?.isVerified() == true &&
|
||||
|
@ -0,0 +1,28 @@
|
||||
/*
|
||||
* Copyright 2022 The Matrix.org Foundation C.I.C.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.matrix.android.sdk.api.session.crypto.model
|
||||
|
||||
enum class UserVerificationLevel {
|
||||
|
||||
VERIFIED_ALL_DEVICES_TRUSTED,
|
||||
|
||||
VERIFIED_WITH_DEVICES_UNTRUSTED,
|
||||
|
||||
UNVERIFIED_BUT_WAS_PREVIOUSLY,
|
||||
|
||||
WAS_NEVER_VERIFIED,
|
||||
}
|
@ -60,7 +60,7 @@ import javax.inject.Inject
|
||||
|
||||
@SessionScope
|
||||
internal class DefaultCrossSigningService @Inject constructor(
|
||||
@UserId private val userId: String,
|
||||
@UserId private val myUserId: String,
|
||||
@SessionId private val sessionId: String,
|
||||
private val cryptoStore: IMXCryptoStore,
|
||||
private val deviceListManager: DeviceListManager,
|
||||
@ -127,7 +127,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
}
|
||||
|
||||
// Recover local trust in case private key are there?
|
||||
setUserKeysAsTrusted(userId, checkUserTrust(userId).isVerified())
|
||||
setUserKeysAsTrusted(myUserId, checkUserTrust(myUserId).isVerified())
|
||||
}
|
||||
} catch (e: Throwable) {
|
||||
// Mmm this kind of a big issue
|
||||
@ -167,9 +167,13 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
}
|
||||
|
||||
override fun onSuccess(data: InitializeCrossSigningTask.Result) {
|
||||
val crossSigningInfo = MXCrossSigningInfo(userId, listOf(data.masterKeyInfo, data.userKeyInfo, data.selfSignedKeyInfo))
|
||||
val crossSigningInfo = MXCrossSigningInfo(
|
||||
myUserId,
|
||||
listOf(data.masterKeyInfo, data.userKeyInfo, data.selfSignedKeyInfo),
|
||||
true
|
||||
)
|
||||
cryptoStore.setMyCrossSigningInfo(crossSigningInfo)
|
||||
setUserKeysAsTrusted(userId, true)
|
||||
setUserKeysAsTrusted(myUserId, true)
|
||||
cryptoStore.storePrivateKeysInfo(data.masterKeyPK, data.userKeyPK, data.selfSigningKeyPK)
|
||||
crossSigningOlm.masterPkSigning = OlmPkSigning().apply { initWithSeed(data.masterKeyPK.fromBase64()) }
|
||||
crossSigningOlm.userPkSigning = OlmPkSigning().apply { initWithSeed(data.userKeyPK.fromBase64()) }
|
||||
@ -266,7 +270,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
uskKeyPrivateKey: String?,
|
||||
sskPrivateKey: String?
|
||||
): UserTrustResult {
|
||||
val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return UserTrustResult.CrossSigningNotConfigured(userId)
|
||||
val mxCrossSigningInfo = getMyCrossSigningKeys() ?: return UserTrustResult.CrossSigningNotConfigured(myUserId)
|
||||
|
||||
var masterKeyIsTrusted = false
|
||||
var userKeyIsTrusted = false
|
||||
@ -330,7 +334,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
val checkSelfTrust = checkSelfTrust()
|
||||
if (checkSelfTrust.isVerified()) {
|
||||
cryptoStore.storePrivateKeysInfo(masterKeyPrivateKey, uskKeyPrivateKey, sskPrivateKey)
|
||||
setUserKeysAsTrusted(userId, true)
|
||||
setUserKeysAsTrusted(myUserId, true)
|
||||
}
|
||||
return checkSelfTrust
|
||||
}
|
||||
@ -351,7 +355,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
* .
|
||||
*/
|
||||
override fun isUserTrusted(otherUserId: String): Boolean {
|
||||
return cryptoStore.getCrossSigningInfo(userId)?.isTrusted() == true
|
||||
return cryptoStore.getCrossSigningInfo(otherUserId)?.isTrusted() == true
|
||||
}
|
||||
|
||||
override fun isCrossSigningVerified(): Boolean {
|
||||
@ -363,7 +367,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
*/
|
||||
override fun checkUserTrust(otherUserId: String): UserTrustResult {
|
||||
Timber.v("## CrossSigning checkUserTrust for $otherUserId")
|
||||
if (otherUserId == userId) {
|
||||
if (otherUserId == myUserId) {
|
||||
return checkSelfTrust()
|
||||
}
|
||||
// I trust a user if I trust his master key
|
||||
@ -371,16 +375,14 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
// TODO what if the master key is signed by a device key that i have verified
|
||||
|
||||
// First let's get my user key
|
||||
val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(userId)
|
||||
val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(myUserId)
|
||||
|
||||
checkOtherMSKTrusted(myCrossSigningInfo, cryptoStore.getCrossSigningInfo(otherUserId))
|
||||
|
||||
return UserTrustResult.Success
|
||||
return checkOtherMSKTrusted(myCrossSigningInfo, cryptoStore.getCrossSigningInfo(otherUserId))
|
||||
}
|
||||
|
||||
fun checkOtherMSKTrusted(myCrossSigningInfo: MXCrossSigningInfo?, otherInfo: MXCrossSigningInfo?): UserTrustResult {
|
||||
val myUserKey = myCrossSigningInfo?.userKey()
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(userId)
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(myUserId)
|
||||
|
||||
if (!myCrossSigningInfo.isTrusted()) {
|
||||
return UserTrustResult.KeysNotTrusted(myCrossSigningInfo)
|
||||
@ -391,7 +393,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
?: return UserTrustResult.UnknownCrossSignatureInfo(otherInfo?.userId ?: "")
|
||||
|
||||
val masterKeySignaturesMadeByMyUserKey = otherMasterKey.signatures
|
||||
?.get(userId) // Signatures made by me
|
||||
?.get(myUserId) // Signatures made by me
|
||||
?.get("ed25519:${myUserKey.unpaddedBase64PublicKey}")
|
||||
|
||||
if (masterKeySignaturesMadeByMyUserKey.isNullOrBlank()) {
|
||||
@ -417,9 +419,9 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
// Special case when it's me,
|
||||
// I have to check that MSK -> USK -> SSK
|
||||
// and that MSK is trusted (i know the private key, or is signed by a trusted device)
|
||||
val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(userId)
|
||||
val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(myUserId)
|
||||
|
||||
return checkSelfTrust(myCrossSigningInfo, cryptoStore.getUserDeviceList(userId))
|
||||
return checkSelfTrust(myCrossSigningInfo, cryptoStore.getUserDeviceList(myUserId))
|
||||
}
|
||||
|
||||
fun checkSelfTrust(myCrossSigningInfo: MXCrossSigningInfo?, myDevices: List<CryptoDeviceInfo>?): UserTrustResult {
|
||||
@ -429,7 +431,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
// val myCrossSigningInfo = cryptoStore.getCrossSigningInfo(userId)
|
||||
|
||||
val myMasterKey = myCrossSigningInfo?.masterKey()
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(userId)
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(myUserId)
|
||||
|
||||
// Is the master key trusted
|
||||
// 1) check if I know the private key
|
||||
@ -453,7 +455,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
olmPkSigning?.releaseSigning()
|
||||
} else {
|
||||
// Maybe it's signed by a locally trusted device?
|
||||
myMasterKey.signatures?.get(userId)?.forEach { (key, value) ->
|
||||
myMasterKey.signatures?.get(myUserId)?.forEach { (key, value) ->
|
||||
val potentialDeviceId = key.removePrefix("ed25519:")
|
||||
val potentialDevice = myDevices?.firstOrNull { it.deviceId == potentialDeviceId } // cryptoStore.getUserDevice(userId, potentialDeviceId)
|
||||
if (potentialDevice != null && potentialDevice.isVerified) {
|
||||
@ -475,14 +477,14 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
}
|
||||
|
||||
val myUserKey = myCrossSigningInfo.userKey()
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(userId)
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(myUserId)
|
||||
|
||||
val userKeySignaturesMadeByMyMasterKey = myUserKey.signatures
|
||||
?.get(userId) // Signatures made by me
|
||||
?.get(myUserId) // Signatures made by me
|
||||
?.get("ed25519:${myMasterKey.unpaddedBase64PublicKey}")
|
||||
|
||||
if (userKeySignaturesMadeByMyMasterKey.isNullOrBlank()) {
|
||||
Timber.d("## CrossSigning checkUserTrust false for $userId, USK not signed by MSK")
|
||||
Timber.d("## CrossSigning checkUserTrust false for $myUserId, USK not signed by MSK")
|
||||
return UserTrustResult.KeyNotSigned(myUserKey)
|
||||
}
|
||||
|
||||
@ -498,14 +500,14 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
}
|
||||
|
||||
val mySSKey = myCrossSigningInfo.selfSigningKey()
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(userId)
|
||||
?: return UserTrustResult.CrossSigningNotConfigured(myUserId)
|
||||
|
||||
val ssKeySignaturesMadeByMyMasterKey = mySSKey.signatures
|
||||
?.get(userId) // Signatures made by me
|
||||
?.get(myUserId) // Signatures made by me
|
||||
?.get("ed25519:${myMasterKey.unpaddedBase64PublicKey}")
|
||||
|
||||
if (ssKeySignaturesMadeByMyMasterKey.isNullOrBlank()) {
|
||||
Timber.d("## CrossSigning checkUserTrust false for $userId, SSK not signed by MSK")
|
||||
Timber.d("## CrossSigning checkUserTrust false for $myUserId, SSK not signed by MSK")
|
||||
return UserTrustResult.KeyNotSigned(mySSKey)
|
||||
}
|
||||
|
||||
@ -555,14 +557,14 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
|
||||
override fun trustUser(otherUserId: String, callback: MatrixCallback<Unit>) {
|
||||
cryptoCoroutineScope.launch(coroutineDispatchers.crypto) {
|
||||
Timber.d("## CrossSigning - Mark user $userId as trusted ")
|
||||
Timber.d("## CrossSigning - Mark user $otherUserId as trusted ")
|
||||
// We should have this user keys
|
||||
val otherMasterKeys = getUserCrossSigningKeys(otherUserId)?.masterKey()
|
||||
if (otherMasterKeys == null) {
|
||||
callback.onFailure(Throwable("## CrossSigning - Other master signing key is not known"))
|
||||
return@launch
|
||||
}
|
||||
val myKeys = getUserCrossSigningKeys(userId)
|
||||
val myKeys = getUserCrossSigningKeys(myUserId)
|
||||
if (myKeys == null) {
|
||||
callback.onFailure(Throwable("## CrossSigning - CrossSigning is not setup for this account"))
|
||||
return@launch
|
||||
@ -586,16 +588,22 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
}
|
||||
|
||||
cryptoStore.setUserKeysAsTrusted(otherUserId, true)
|
||||
// TODO update local copy with new signature directly here? kind of local echo of trust?
|
||||
|
||||
Timber.d("## CrossSigning - Upload signature of $userId MSK signed by USK")
|
||||
Timber.d("## CrossSigning - Upload signature of $otherUserId MSK signed by USK")
|
||||
val uploadQuery = UploadSignatureQueryBuilder()
|
||||
.withSigningKeyInfo(otherMasterKeys.copyForSignature(userId, userPubKey, newSignature))
|
||||
.withSigningKeyInfo(otherMasterKeys.copyForSignature(myUserId, userPubKey, newSignature))
|
||||
.build()
|
||||
uploadSignaturesTask.configureWith(UploadSignaturesTask.Params(uploadQuery)) {
|
||||
this.executionThread = TaskThread.CRYPTO
|
||||
this.callback = callback
|
||||
}.executeBy(taskExecutor)
|
||||
|
||||
// Local echo for device cross trust, to avoid having to wait for a notification of key change
|
||||
cryptoStore.getUserDeviceList(otherUserId)?.forEach { device ->
|
||||
val updatedTrust = checkDeviceTrust(device.userId, device.deviceId, device.trustLevel?.isLocallyVerified() ?: false)
|
||||
Timber.v("## CrossSigning - update trust for device ${device.deviceId} of user $otherUserId , verified=$updatedTrust")
|
||||
cryptoStore.setDeviceTrust(device.userId, device.deviceId, updatedTrust.isCrossSignedVerified(), updatedTrust.isLocallyVerified())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -604,20 +612,20 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
cryptoStore.markMyMasterKeyAsLocallyTrusted(true)
|
||||
checkSelfTrust()
|
||||
// re-verify all trusts
|
||||
onUsersDeviceUpdate(listOf(userId))
|
||||
onUsersDeviceUpdate(listOf(myUserId))
|
||||
}
|
||||
}
|
||||
|
||||
override fun trustDevice(deviceId: String, callback: MatrixCallback<Unit>) {
|
||||
cryptoCoroutineScope.launch(coroutineDispatchers.crypto) {
|
||||
// This device should be yours
|
||||
val device = cryptoStore.getUserDevice(userId, deviceId)
|
||||
val device = cryptoStore.getUserDevice(myUserId, deviceId)
|
||||
if (device == null) {
|
||||
callback.onFailure(IllegalArgumentException("This device [$deviceId] is not known, or not yours"))
|
||||
return@launch
|
||||
}
|
||||
|
||||
val myKeys = getUserCrossSigningKeys(userId)
|
||||
val myKeys = getUserCrossSigningKeys(myUserId)
|
||||
if (myKeys == null) {
|
||||
callback.onFailure(Throwable("CrossSigning is not setup for this account"))
|
||||
return@launch
|
||||
@ -639,7 +647,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
}
|
||||
val toUpload = device.copy(
|
||||
signatures = mapOf(
|
||||
userId
|
||||
myUserId
|
||||
to
|
||||
mapOf(
|
||||
"ed25519:$ssPubKey" to newSignature
|
||||
@ -661,8 +669,8 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
val otherDevice = cryptoStore.getUserDevice(otherUserId, otherDeviceId)
|
||||
?: return DeviceTrustResult.UnknownDevice(otherDeviceId)
|
||||
|
||||
val myKeys = getUserCrossSigningKeys(userId)
|
||||
?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(userId))
|
||||
val myKeys = getUserCrossSigningKeys(myUserId)
|
||||
?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(myUserId))
|
||||
|
||||
if (!myKeys.isTrusted()) return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.KeysNotTrusted(myKeys))
|
||||
|
||||
@ -717,7 +725,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
|
||||
fun checkDeviceTrust(myKeys: MXCrossSigningInfo?, otherKeys: MXCrossSigningInfo?, otherDevice: CryptoDeviceInfo): DeviceTrustResult {
|
||||
val locallyTrusted = otherDevice.trustLevel?.isLocallyVerified()
|
||||
myKeys ?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(userId))
|
||||
myKeys ?: return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.CrossSigningNotConfigured(myUserId))
|
||||
|
||||
if (!myKeys.isTrusted()) return legacyFallbackTrust(locallyTrusted, DeviceTrustResult.KeysNotTrusted(myKeys))
|
||||
|
||||
@ -805,7 +813,7 @@ internal class DefaultCrossSigningService @Inject constructor(
|
||||
cryptoStore.setUserKeysAsTrusted(otherUserId, trusted)
|
||||
// If it's me, recheck trust of all users and devices?
|
||||
val users = ArrayList<String>()
|
||||
if (otherUserId == userId && currentTrust != trusted) {
|
||||
if (otherUserId == myUserId && currentTrust != trusted) {
|
||||
// notify key requester
|
||||
outgoingKeyRequestManager.onSelfCrossSigningTrustChanged(trusted)
|
||||
cryptoStore.updateUsersTrust {
|
||||
|
@ -161,6 +161,7 @@ internal class UpdateTrustWorker(context: Context, params: WorkerParameters, ses
|
||||
// i have all the new trusts, update DB
|
||||
trusts.forEach {
|
||||
val verified = it.value?.isVerified() == true
|
||||
Timber.v("[$myUserId] ## CrossSigning - Updating user trust: ${it.key} to $verified")
|
||||
updateCrossSigningKeysTrust(cryptoRealm, it.key, verified)
|
||||
}
|
||||
|
||||
@ -259,21 +260,27 @@ internal class UpdateTrustWorker(context: Context, params: WorkerParameters, ses
|
||||
cryptoRealm.where(CrossSigningInfoEntity::class.java)
|
||||
.equalTo(CrossSigningInfoEntityFields.USER_ID, userId)
|
||||
.findFirst()
|
||||
?.crossSigningKeys
|
||||
?.forEach { info ->
|
||||
// optimization to avoid trigger updates when there is no change..
|
||||
if (info.trustLevelEntity?.isVerified() != verified) {
|
||||
Timber.d("## CrossSigning - Trust change for $userId : $verified")
|
||||
val level = info.trustLevelEntity
|
||||
if (level == null) {
|
||||
info.trustLevelEntity = cryptoRealm.createObject(TrustLevelEntity::class.java).also {
|
||||
it.locallyVerified = verified
|
||||
it.crossSignedVerified = verified
|
||||
?.let { userKeyInfo ->
|
||||
userKeyInfo
|
||||
.crossSigningKeys
|
||||
.forEach { key ->
|
||||
// optimization to avoid trigger updates when there is no change..
|
||||
if (key.trustLevelEntity?.isVerified() != verified) {
|
||||
Timber.d("## CrossSigning - Trust change for $userId : $verified")
|
||||
val level = key.trustLevelEntity
|
||||
if (level == null) {
|
||||
key.trustLevelEntity = cryptoRealm.createObject(TrustLevelEntity::class.java).also {
|
||||
it.locallyVerified = verified
|
||||
it.crossSignedVerified = verified
|
||||
}
|
||||
} else {
|
||||
level.locallyVerified = verified
|
||||
level.crossSignedVerified = verified
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
level.locallyVerified = verified
|
||||
level.crossSignedVerified = verified
|
||||
}
|
||||
if (verified) {
|
||||
userKeyInfo.wasUserVerifiedOnce = true
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -299,8 +306,18 @@ internal class UpdateTrustWorker(context: Context, params: WorkerParameters, ses
|
||||
getCrossSigningInfo(cryptoRealm, userId)?.isTrusted() == true
|
||||
}
|
||||
|
||||
val resetTrust = listToCheck
|
||||
.filter { userId ->
|
||||
val crossSigningInfo = getCrossSigningInfo(cryptoRealm, userId)
|
||||
crossSigningInfo?.isTrusted() != true && crossSigningInfo?.wasTrustedOnce == true
|
||||
}
|
||||
|
||||
return if (allTrustedUserIds.isEmpty()) {
|
||||
RoomEncryptionTrustLevel.Default
|
||||
if (resetTrust.isEmpty()) {
|
||||
RoomEncryptionTrustLevel.Default
|
||||
} else {
|
||||
RoomEncryptionTrustLevel.Warning
|
||||
}
|
||||
} else {
|
||||
// If one of the verified user as an untrusted device -> warning
|
||||
// If all devices of all verified users are trusted -> green
|
||||
@ -327,11 +344,15 @@ internal class UpdateTrustWorker(context: Context, params: WorkerParameters, ses
|
||||
if (hasWarning) {
|
||||
RoomEncryptionTrustLevel.Warning
|
||||
} else {
|
||||
if (listToCheck.size == allTrustedUserIds.size) {
|
||||
// all users are trusted and all devices are verified
|
||||
RoomEncryptionTrustLevel.Trusted
|
||||
if (resetTrust.isEmpty()) {
|
||||
if (listToCheck.size == allTrustedUserIds.size) {
|
||||
// all users are trusted and all devices are verified
|
||||
RoomEncryptionTrustLevel.Trusted
|
||||
} else {
|
||||
RoomEncryptionTrustLevel.Default
|
||||
}
|
||||
} else {
|
||||
RoomEncryptionTrustLevel.Default
|
||||
RoomEncryptionTrustLevel.Warning
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -344,7 +365,8 @@ internal class UpdateTrustWorker(context: Context, params: WorkerParameters, ses
|
||||
userId = userId,
|
||||
crossSigningKeys = xsignInfo.crossSigningKeys.mapNotNull {
|
||||
crossSigningKeysMapper.map(userId, it)
|
||||
}
|
||||
},
|
||||
wasTrustedOnce = xsignInfo.wasUserVerifiedOnce
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -1611,7 +1611,8 @@ internal class RealmCryptoStore @Inject constructor(
|
||||
userId = userId,
|
||||
crossSigningKeys = xsignInfo.crossSigningKeys.mapNotNull {
|
||||
crossSigningKeysMapper.map(userId, it)
|
||||
}
|
||||
},
|
||||
wasTrustedOnce = xsignInfo.wasUserVerifiedOnce
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -35,6 +35,7 @@ import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo
|
||||
import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo016
|
||||
import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo017
|
||||
import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo018
|
||||
import org.matrix.android.sdk.internal.crypto.store.db.migration.MigrateCryptoTo019
|
||||
import org.matrix.android.sdk.internal.util.database.MatrixRealmMigration
|
||||
import org.matrix.android.sdk.internal.util.time.Clock
|
||||
import javax.inject.Inject
|
||||
@ -49,7 +50,7 @@ internal class RealmCryptoStoreMigration @Inject constructor(
|
||||
private val clock: Clock,
|
||||
) : MatrixRealmMigration(
|
||||
dbName = "Crypto",
|
||||
schemaVersion = 18L,
|
||||
schemaVersion = 19L,
|
||||
) {
|
||||
/**
|
||||
* Forces all RealmCryptoStoreMigration instances to be equal.
|
||||
@ -77,5 +78,6 @@ internal class RealmCryptoStoreMigration @Inject constructor(
|
||||
if (oldVersion < 16) MigrateCryptoTo016(realm).perform()
|
||||
if (oldVersion < 17) MigrateCryptoTo017(realm).perform()
|
||||
if (oldVersion < 18) MigrateCryptoTo018(realm).perform()
|
||||
if (oldVersion < 19) MigrateCryptoTo019(realm).perform()
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,59 @@
|
||||
/*
|
||||
* Copyright (c) 2022 The Matrix.org Foundation C.I.C.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.matrix.android.sdk.internal.crypto.store.db.migration
|
||||
|
||||
import io.realm.DynamicRealm
|
||||
import io.realm.DynamicRealmObject
|
||||
import org.matrix.android.sdk.api.session.crypto.crosssigning.KeyUsage
|
||||
import org.matrix.android.sdk.internal.crypto.store.db.model.CrossSigningInfoEntityFields
|
||||
import org.matrix.android.sdk.internal.crypto.store.db.model.KeyInfoEntityFields
|
||||
import org.matrix.android.sdk.internal.crypto.store.db.model.TrustLevelEntityFields
|
||||
import org.matrix.android.sdk.internal.util.database.RealmMigrator
|
||||
|
||||
/**
|
||||
* This migration is adding support for trusted flags on megolm sessions.
|
||||
* We can't really assert the trust of existing keys, so for the sake of simplicity we are going to
|
||||
* mark existing keys as safe.
|
||||
* This migration can take long depending on the account
|
||||
*/
|
||||
internal class MigrateCryptoTo019(realm: DynamicRealm) : RealmMigrator(realm, 18) {
|
||||
|
||||
override fun doMigrate(realm: DynamicRealm) {
|
||||
realm.schema.get("CrossSigningInfoEntity")
|
||||
?.addField(CrossSigningInfoEntityFields.WAS_USER_VERIFIED_ONCE, Boolean::class.java)
|
||||
?.transform { dynamicObject ->
|
||||
|
||||
val knowKeys = dynamicObject.getList(CrossSigningInfoEntityFields.CROSS_SIGNING_KEYS.`$`)
|
||||
val msk = knowKeys.firstOrNull {
|
||||
it.getList(KeyInfoEntityFields.USAGES.`$`, String::class.java).orEmpty().contains(KeyUsage.MASTER.value)
|
||||
}
|
||||
val ssk = knowKeys.firstOrNull {
|
||||
it.getList(KeyInfoEntityFields.USAGES.`$`, String::class.java).orEmpty().contains(KeyUsage.SELF_SIGNING.value)
|
||||
}
|
||||
val isTrusted = isDynamicKeyInfoTrusted(msk?.get<DynamicRealmObject>(KeyInfoEntityFields.TRUST_LEVEL_ENTITY.`$`)) &&
|
||||
isDynamicKeyInfoTrusted(ssk?.get<DynamicRealmObject>(KeyInfoEntityFields.TRUST_LEVEL_ENTITY.`$`))
|
||||
|
||||
dynamicObject.setBoolean(CrossSigningInfoEntityFields.WAS_USER_VERIFIED_ONCE, isTrusted)
|
||||
}
|
||||
}
|
||||
|
||||
private fun isDynamicKeyInfoTrusted(keyInfo: DynamicRealmObject?): Boolean {
|
||||
if (keyInfo == null) return false
|
||||
return !keyInfo.isNull(TrustLevelEntityFields.CROSS_SIGNED_VERIFIED) && keyInfo.getBoolean(TrustLevelEntityFields.CROSS_SIGNED_VERIFIED) &&
|
||||
!keyInfo.isNull(TrustLevelEntityFields.LOCALLY_VERIFIED) && keyInfo.getBoolean(TrustLevelEntityFields.LOCALLY_VERIFIED)
|
||||
}
|
||||
}
|
@ -25,6 +25,7 @@ import org.matrix.android.sdk.internal.extensions.clearWith
|
||||
internal open class CrossSigningInfoEntity(
|
||||
@PrimaryKey
|
||||
var userId: String? = null,
|
||||
var wasUserVerifiedOnce: Boolean = false,
|
||||
var crossSigningKeys: RealmList<KeyInfoEntity> = RealmList()
|
||||
) : RealmObject() {
|
||||
|
||||
|
@ -289,6 +289,8 @@ dependencies {
|
||||
testImplementation libs.tests.junit
|
||||
testImplementation libs.tests.kluent
|
||||
testImplementation libs.mockk.mockk
|
||||
testImplementation libs.androidx.coreTesting
|
||||
testImplementation libs.tests.robolectric
|
||||
// Plant Timber tree for test
|
||||
testImplementation libs.tests.timberJunitRule
|
||||
testImplementation libs.airbnb.mavericksTesting
|
||||
|
@ -26,7 +26,7 @@ import im.vector.app.core.epoxy.onClick
|
||||
import im.vector.app.core.extensions.setTextOrHide
|
||||
import im.vector.app.features.displayname.getBestName
|
||||
import im.vector.app.features.home.AvatarRenderer
|
||||
import org.matrix.android.sdk.api.session.crypto.model.RoomEncryptionTrustLevel
|
||||
import org.matrix.android.sdk.api.session.crypto.model.UserVerificationLevel
|
||||
import org.matrix.android.sdk.api.util.MatrixItem
|
||||
|
||||
abstract class BaseProfileMatrixItem<T : ProfileMatrixItem.Holder>(@LayoutRes layoutId: Int) : VectorEpoxyModel<T>(layoutId) {
|
||||
@ -35,7 +35,7 @@ abstract class BaseProfileMatrixItem<T : ProfileMatrixItem.Holder>(@LayoutRes la
|
||||
@EpoxyAttribute var editable: Boolean = true
|
||||
|
||||
@EpoxyAttribute
|
||||
var userEncryptionTrustLevel: RoomEncryptionTrustLevel? = null
|
||||
var userVerificationLevel: UserVerificationLevel? = null
|
||||
|
||||
@EpoxyAttribute(EpoxyAttribute.Option.DoNotHash)
|
||||
var clickListener: ClickListener? = null
|
||||
@ -53,6 +53,6 @@ abstract class BaseProfileMatrixItem<T : ProfileMatrixItem.Holder>(@LayoutRes la
|
||||
holder.subtitleView.setTextOrHide(matrixId)
|
||||
holder.editableView.isVisible = editable
|
||||
avatarRenderer.render(matrixItem, holder.avatarImageView)
|
||||
holder.avatarDecorationImageView.render(userEncryptionTrustLevel)
|
||||
holder.avatarDecorationImageView.renderUser(userVerificationLevel)
|
||||
}
|
||||
}
|
||||
|
@ -24,6 +24,7 @@ import androidx.core.view.isVisible
|
||||
import im.vector.app.R
|
||||
import im.vector.app.features.home.room.detail.timeline.item.E2EDecoration
|
||||
import org.matrix.android.sdk.api.session.crypto.model.RoomEncryptionTrustLevel
|
||||
import org.matrix.android.sdk.api.session.crypto.model.UserVerificationLevel
|
||||
|
||||
class ShieldImageView @JvmOverloads constructor(
|
||||
context: Context,
|
||||
@ -102,6 +103,35 @@ class ShieldImageView @JvmOverloads constructor(
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fun renderUser(userVerificationLevel: UserVerificationLevel?, borderLess: Boolean = false) {
|
||||
isVisible = userVerificationLevel != null
|
||||
when (userVerificationLevel) {
|
||||
UserVerificationLevel.VERIFIED_ALL_DEVICES_TRUSTED -> {
|
||||
contentDescription = context.getString(R.string.a11y_trust_level_trusted)
|
||||
setImageResource(
|
||||
if (borderLess) R.drawable.ic_shield_trusted_no_border
|
||||
else R.drawable.ic_shield_trusted
|
||||
)
|
||||
}
|
||||
UserVerificationLevel.UNVERIFIED_BUT_WAS_PREVIOUSLY,
|
||||
UserVerificationLevel.VERIFIED_WITH_DEVICES_UNTRUSTED -> {
|
||||
contentDescription = context.getString(R.string.a11y_trust_level_warning)
|
||||
setImageResource(
|
||||
if (borderLess) R.drawable.ic_shield_warning_no_border
|
||||
else R.drawable.ic_shield_warning
|
||||
)
|
||||
}
|
||||
UserVerificationLevel.WAS_NEVER_VERIFIED -> {
|
||||
contentDescription = context.getString(R.string.a11y_trust_level_default)
|
||||
setImageResource(
|
||||
if (borderLess) R.drawable.ic_shield_black_no_border
|
||||
else R.drawable.ic_shield_black
|
||||
)
|
||||
}
|
||||
null -> Unit
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@DrawableRes
|
||||
|
@ -59,7 +59,7 @@ import im.vector.app.features.home.room.detail.timeline.helper.MatrixItemColorPr
|
||||
import im.vector.app.features.roommemberprofile.devices.DeviceListBottomSheet
|
||||
import im.vector.app.features.roommemberprofile.powerlevel.EditPowerLevelDialogs
|
||||
import kotlinx.parcelize.Parcelize
|
||||
import org.matrix.android.sdk.api.session.crypto.model.RoomEncryptionTrustLevel
|
||||
import org.matrix.android.sdk.api.session.crypto.model.UserVerificationLevel
|
||||
import org.matrix.android.sdk.api.session.room.powerlevels.Role
|
||||
import org.matrix.android.sdk.api.util.MatrixItem
|
||||
import javax.inject.Inject
|
||||
@ -235,23 +235,27 @@ class RoomMemberProfileFragment :
|
||||
if (state.userMXCrossSigningInfo.isTrusted()) {
|
||||
// User is trusted
|
||||
if (state.allDevicesAreCrossSignedTrusted) {
|
||||
RoomEncryptionTrustLevel.Trusted
|
||||
UserVerificationLevel.VERIFIED_ALL_DEVICES_TRUSTED
|
||||
} else {
|
||||
RoomEncryptionTrustLevel.Warning
|
||||
UserVerificationLevel.VERIFIED_WITH_DEVICES_UNTRUSTED
|
||||
}
|
||||
} else {
|
||||
RoomEncryptionTrustLevel.Default
|
||||
if (state.userMXCrossSigningInfo.wasTrustedOnce) {
|
||||
UserVerificationLevel.UNVERIFIED_BUT_WAS_PREVIOUSLY
|
||||
} else {
|
||||
UserVerificationLevel.WAS_NEVER_VERIFIED
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Legacy
|
||||
if (state.allDevicesAreTrusted) {
|
||||
RoomEncryptionTrustLevel.Trusted
|
||||
UserVerificationLevel.VERIFIED_ALL_DEVICES_TRUSTED
|
||||
} else {
|
||||
RoomEncryptionTrustLevel.Warning
|
||||
UserVerificationLevel.VERIFIED_WITH_DEVICES_UNTRUSTED
|
||||
}
|
||||
}
|
||||
headerViews.memberProfileDecorationImageView.render(trustLevel)
|
||||
views.matrixProfileDecorationToolbarAvatarImageView.render(trustLevel)
|
||||
headerViews.memberProfileDecorationImageView.renderUser(trustLevel)
|
||||
views.matrixProfileDecorationToolbarAvatarImageView.renderUser(trustLevel)
|
||||
} else {
|
||||
headerViews.memberProfileDecorationImageView.isVisible = false
|
||||
}
|
||||
|
@ -129,7 +129,7 @@ class RoomMemberListController @Inject constructor(
|
||||
id(roomMember.userId)
|
||||
matrixItem(roomMember.toMatrixItem())
|
||||
avatarRenderer(host.avatarRenderer)
|
||||
userEncryptionTrustLevel(data.trustLevelMap.invoke()?.get(roomMember.userId))
|
||||
userVerificationLevel(data.trustLevelMap.invoke()?.get(roomMember.userId))
|
||||
clickListener {
|
||||
host.callback?.onRoomMemberClicked(roomMember)
|
||||
}
|
||||
|
@ -37,7 +37,8 @@ import kotlinx.coroutines.launch
|
||||
import org.matrix.android.sdk.api.extensions.orFalse
|
||||
import org.matrix.android.sdk.api.query.QueryStringValue
|
||||
import org.matrix.android.sdk.api.session.Session
|
||||
import org.matrix.android.sdk.api.session.crypto.model.RoomEncryptionTrustLevel
|
||||
import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo
|
||||
import org.matrix.android.sdk.api.session.crypto.model.UserVerificationLevel
|
||||
import org.matrix.android.sdk.api.session.events.model.EventType
|
||||
import org.matrix.android.sdk.api.session.events.model.toModel
|
||||
import org.matrix.android.sdk.api.session.getRoom
|
||||
@ -116,14 +117,7 @@ class RoomMemberListViewModel @AssistedInject constructor(
|
||||
.map { deviceList ->
|
||||
// If any key change, emit the userIds list
|
||||
deviceList.groupBy { it.userId }.mapValues {
|
||||
val allDeviceTrusted = it.value.fold(it.value.isNotEmpty()) { prev, next ->
|
||||
prev && next.trustLevel?.isCrossSigningVerified().orFalse()
|
||||
}
|
||||
if (session.cryptoService().crossSigningService().getUserCrossSigningKeys(it.key)?.isTrusted().orFalse()) {
|
||||
if (allDeviceTrusted) RoomEncryptionTrustLevel.Trusted else RoomEncryptionTrustLevel.Warning
|
||||
} else {
|
||||
RoomEncryptionTrustLevel.Default
|
||||
}
|
||||
getUserTrustLevel(it.key, it.value)
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -133,6 +127,29 @@ class RoomMemberListViewModel @AssistedInject constructor(
|
||||
}
|
||||
}
|
||||
|
||||
private fun getUserTrustLevel(userId: String, devices: List<CryptoDeviceInfo>): UserVerificationLevel {
|
||||
val allDeviceTrusted = devices.fold(devices.isNotEmpty()) { prev, next ->
|
||||
prev && next.trustLevel?.isCrossSigningVerified().orFalse()
|
||||
}
|
||||
val mxCrossSigningInfo = session.cryptoService().crossSigningService().getUserCrossSigningKeys(userId)
|
||||
return when {
|
||||
mxCrossSigningInfo == null -> {
|
||||
UserVerificationLevel.WAS_NEVER_VERIFIED
|
||||
}
|
||||
mxCrossSigningInfo.isTrusted() -> {
|
||||
if (allDeviceTrusted) UserVerificationLevel.VERIFIED_ALL_DEVICES_TRUSTED
|
||||
else UserVerificationLevel.VERIFIED_WITH_DEVICES_UNTRUSTED
|
||||
}
|
||||
else -> {
|
||||
if (mxCrossSigningInfo.wasTrustedOnce) {
|
||||
UserVerificationLevel.UNVERIFIED_BUT_WAS_PREVIOUSLY
|
||||
} else {
|
||||
UserVerificationLevel.WAS_NEVER_VERIFIED
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private fun observePowerLevel() {
|
||||
PowerLevelsFlowFactory(room).createFlow()
|
||||
.onEach {
|
||||
|
@ -23,7 +23,7 @@ import com.airbnb.mvrx.Uninitialized
|
||||
import im.vector.app.R
|
||||
import im.vector.app.core.platform.GenericIdArgs
|
||||
import im.vector.app.features.roomprofile.RoomProfileArgs
|
||||
import org.matrix.android.sdk.api.session.crypto.model.RoomEncryptionTrustLevel
|
||||
import org.matrix.android.sdk.api.session.crypto.model.UserVerificationLevel
|
||||
import org.matrix.android.sdk.api.session.events.model.Event
|
||||
import org.matrix.android.sdk.api.session.room.model.RoomMemberSummary
|
||||
import org.matrix.android.sdk.api.session.room.model.RoomSummary
|
||||
@ -36,7 +36,7 @@ data class RoomMemberListViewState(
|
||||
val ignoredUserIds: List<String> = emptyList(),
|
||||
val filter: String = "",
|
||||
val threePidInvites: Async<List<Event>> = Uninitialized,
|
||||
val trustLevelMap: Async<Map<String, RoomEncryptionTrustLevel?>> = Uninitialized,
|
||||
val trustLevelMap: Async<Map<String, UserVerificationLevel>> = Uninitialized,
|
||||
val actionsPermissions: ActionPermissions = ActionPermissions()
|
||||
) : MavericksState {
|
||||
|
||||
|
@ -77,7 +77,7 @@ class SpacePeopleListController @Inject constructor(
|
||||
id(roomMember.userId)
|
||||
matrixItem(roomMember.toMatrixItem())
|
||||
avatarRenderer(host.avatarRenderer)
|
||||
userEncryptionTrustLevel(data.trustLevelMap.invoke()?.get(roomMember.userId))
|
||||
userVerificationLevel(data.trustLevelMap.invoke()?.get(roomMember.userId))
|
||||
.apply {
|
||||
val pl = host.toPowerLevelLabel(memberEntry.first)
|
||||
if (memberEntry.first == RoomMemberListCategories.INVITE) {
|
||||
|
@ -0,0 +1,282 @@
|
||||
/*
|
||||
* Copyright (c) 2022 New Vector Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package im.vector.app.features
|
||||
|
||||
import androidx.arch.core.executor.testing.InstantTaskExecutorRule
|
||||
import androidx.lifecycle.MutableLiveData
|
||||
import com.airbnb.mvrx.test.MvRxTestRule
|
||||
import im.vector.app.features.roomprofile.RoomProfileArgs
|
||||
import im.vector.app.features.roomprofile.members.RoomMemberListViewModel
|
||||
import im.vector.app.features.roomprofile.members.RoomMemberListViewState
|
||||
import im.vector.app.features.roomprofile.members.RoomMemberSummaryComparator
|
||||
import im.vector.app.test.test
|
||||
import im.vector.app.test.testCoroutineDispatchers
|
||||
import io.mockk.coEvery
|
||||
import io.mockk.every
|
||||
import io.mockk.mockk
|
||||
import org.junit.Rule
|
||||
import org.junit.Test
|
||||
import org.matrix.android.sdk.api.session.Session
|
||||
import org.matrix.android.sdk.api.session.crypto.CryptoService
|
||||
import org.matrix.android.sdk.api.session.crypto.crosssigning.CrossSigningService
|
||||
import org.matrix.android.sdk.api.session.crypto.crosssigning.CryptoCrossSigningKey
|
||||
import org.matrix.android.sdk.api.session.crypto.crosssigning.DeviceTrustLevel
|
||||
import org.matrix.android.sdk.api.session.crypto.crosssigning.MXCrossSigningInfo
|
||||
import org.matrix.android.sdk.api.session.crypto.model.CryptoDeviceInfo
|
||||
import org.matrix.android.sdk.api.session.crypto.model.UserVerificationLevel
|
||||
import org.matrix.android.sdk.api.session.room.Room
|
||||
import org.matrix.android.sdk.api.session.room.RoomService
|
||||
import org.matrix.android.sdk.api.session.room.crypto.RoomCryptoService
|
||||
import org.matrix.android.sdk.api.session.room.members.MembershipService
|
||||
import org.matrix.android.sdk.api.session.room.model.Membership
|
||||
import org.matrix.android.sdk.api.session.room.model.RoomMemberSummary
|
||||
import org.matrix.android.sdk.api.session.room.model.RoomSummary
|
||||
import org.matrix.android.sdk.api.session.room.state.StateService
|
||||
import org.matrix.android.sdk.api.session.user.UserService
|
||||
import org.matrix.android.sdk.api.util.Optional
|
||||
|
||||
class MemberListViewModelTest {
|
||||
|
||||
@get:Rule
|
||||
val mvrxTestRule = MvRxTestRule()
|
||||
|
||||
@get:Rule
|
||||
val instantExecutorRule = InstantTaskExecutorRule()
|
||||
|
||||
private val fakeRoomId = "!roomId"
|
||||
private val args = RoomProfileArgs(fakeRoomId)
|
||||
|
||||
private val aliceMxid = "@alice:example.com"
|
||||
private val bobMxid = "@bob:example.com"
|
||||
private val marcMxid = "@marc:example.com"
|
||||
|
||||
private val aliceDevice1 = CryptoDeviceInfo(
|
||||
deviceId = "ALICE_1",
|
||||
userId = aliceMxid,
|
||||
trustLevel = DeviceTrustLevel(true, true)
|
||||
)
|
||||
|
||||
private val aliceDevice2 = CryptoDeviceInfo(
|
||||
deviceId = "ALICE_2",
|
||||
userId = aliceMxid,
|
||||
trustLevel = DeviceTrustLevel(false, false)
|
||||
)
|
||||
|
||||
private val bobDevice1 = CryptoDeviceInfo(
|
||||
deviceId = "BOB_1",
|
||||
userId = bobMxid,
|
||||
trustLevel = DeviceTrustLevel(true, true)
|
||||
)
|
||||
|
||||
private val bobDevice2 = CryptoDeviceInfo(
|
||||
deviceId = "BOB_2",
|
||||
userId = bobMxid,
|
||||
trustLevel = DeviceTrustLevel(true, true)
|
||||
)
|
||||
|
||||
private val markDevice = CryptoDeviceInfo(
|
||||
deviceId = "MARK_1",
|
||||
userId = marcMxid,
|
||||
trustLevel = DeviceTrustLevel(false, true)
|
||||
)
|
||||
|
||||
private val fakeMembershipservice: MembershipService = mockk {
|
||||
|
||||
val memberList = mutableListOf<RoomMemberSummary>(
|
||||
RoomMemberSummary(Membership.JOIN, aliceMxid, displayName = "Alice"),
|
||||
RoomMemberSummary(Membership.JOIN, bobMxid, displayName = "Bob"),
|
||||
RoomMemberSummary(Membership.JOIN, marcMxid, displayName = "marc")
|
||||
)
|
||||
|
||||
every { getRoomMembers(any()) } returns memberList
|
||||
|
||||
every { getRoomMembersLive(any()) } returns MutableLiveData(memberList)
|
||||
|
||||
every { areAllMembersLoadedLive() } returns MutableLiveData(true)
|
||||
|
||||
coEvery { areAllMembersLoaded() } returns true
|
||||
}
|
||||
|
||||
private val fakeRoomCryptoService: RoomCryptoService = mockk {
|
||||
every { isEncrypted() } returns true
|
||||
}
|
||||
private val fakeRoom: Room = mockk {
|
||||
|
||||
val fakeStateService: StateService = mockk {
|
||||
every { getStateEventLive(any(), any()) } returns MutableLiveData()
|
||||
every { getStateEventsLive(any(), any()) } returns MutableLiveData()
|
||||
every { getStateEvent(any(), any()) } returns null
|
||||
}
|
||||
|
||||
every { stateService() } returns fakeStateService
|
||||
|
||||
every { coroutineDispatchers } returns testCoroutineDispatchers
|
||||
|
||||
every { getRoomSummaryLive() } returns MutableLiveData<Optional<RoomSummary>>(Optional(fakeRoomSummary))
|
||||
|
||||
every { membershipService() } returns fakeMembershipservice
|
||||
|
||||
every { roomCryptoService() } returns fakeRoomCryptoService
|
||||
|
||||
every { roomSummary() } returns fakeRoomSummary
|
||||
}
|
||||
|
||||
private val fakeUserService: UserService = mockk {
|
||||
every { getIgnoredUsersLive() } returns MutableLiveData()
|
||||
}
|
||||
|
||||
val fakeSession: Session = mockk {
|
||||
|
||||
val fakeCrossSigningService: CrossSigningService = mockk {
|
||||
every { isUserTrusted(aliceMxid) } returns true
|
||||
every { isUserTrusted(bobMxid) } returns true
|
||||
every { isUserTrusted(marcMxid) } returns false
|
||||
|
||||
every { getUserCrossSigningKeys(aliceMxid) } returns MXCrossSigningInfo(
|
||||
aliceMxid,
|
||||
crossSigningKeys = listOf(
|
||||
CryptoCrossSigningKey(
|
||||
aliceMxid,
|
||||
usages = listOf("master"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(true, true),
|
||||
signatures = emptyMap()
|
||||
),
|
||||
CryptoCrossSigningKey(
|
||||
aliceMxid,
|
||||
usages = listOf("self_signing"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(true, true),
|
||||
signatures = emptyMap()
|
||||
),
|
||||
CryptoCrossSigningKey(
|
||||
aliceMxid,
|
||||
usages = listOf("user_signing"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(true, true),
|
||||
signatures = emptyMap()
|
||||
)
|
||||
),
|
||||
true
|
||||
)
|
||||
every { getUserCrossSigningKeys(bobMxid) } returns MXCrossSigningInfo(
|
||||
aliceMxid,
|
||||
crossSigningKeys = listOf(
|
||||
CryptoCrossSigningKey(
|
||||
bobMxid,
|
||||
usages = listOf("master"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(true, true),
|
||||
signatures = emptyMap()
|
||||
),
|
||||
CryptoCrossSigningKey(
|
||||
bobMxid,
|
||||
usages = listOf("self_signing"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(true, true),
|
||||
signatures = emptyMap()
|
||||
),
|
||||
CryptoCrossSigningKey(
|
||||
bobMxid,
|
||||
usages = listOf("user_signing"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(true, true),
|
||||
signatures = emptyMap()
|
||||
)
|
||||
),
|
||||
true
|
||||
)
|
||||
every { getUserCrossSigningKeys(marcMxid) } returns MXCrossSigningInfo(
|
||||
aliceMxid,
|
||||
crossSigningKeys = listOf(
|
||||
CryptoCrossSigningKey(
|
||||
marcMxid,
|
||||
usages = listOf("master"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(false, false),
|
||||
signatures = emptyMap()
|
||||
),
|
||||
CryptoCrossSigningKey(
|
||||
marcMxid,
|
||||
usages = listOf("self_signing"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(false, false),
|
||||
signatures = emptyMap()
|
||||
),
|
||||
CryptoCrossSigningKey(
|
||||
marcMxid,
|
||||
usages = listOf("user_signing"),
|
||||
keys = emptyMap(),
|
||||
trustLevel = DeviceTrustLevel(false, false),
|
||||
signatures = emptyMap()
|
||||
)
|
||||
),
|
||||
true
|
||||
)
|
||||
}
|
||||
|
||||
val fakeCryptoService: CryptoService = mockk {
|
||||
every { crossSigningService() } returns fakeCrossSigningService
|
||||
|
||||
every {
|
||||
getLiveCryptoDeviceInfo(listOf(aliceMxid, bobMxid, marcMxid))
|
||||
} returns MutableLiveData(
|
||||
listOf(
|
||||
aliceDevice1, aliceDevice2, bobDevice1, bobDevice2, markDevice
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
val fakeRoomService: RoomService = mockk {
|
||||
every { getRoom(any()) } returns fakeRoom
|
||||
}
|
||||
every { roomService() } returns fakeRoomService
|
||||
every { userService() } returns fakeUserService
|
||||
every { cryptoService() } returns fakeCryptoService
|
||||
}
|
||||
|
||||
private val fakeRoomSummary = RoomSummary(
|
||||
roomId = fakeRoomId,
|
||||
displayName = "Fake Room",
|
||||
topic = "A topic",
|
||||
isEncrypted = true,
|
||||
encryptionEventTs = 0,
|
||||
typingUsers = emptyList(),
|
||||
)
|
||||
|
||||
@Test
|
||||
fun testBasicUserVerificationLevels() {
|
||||
val viewModel = createViewModel()
|
||||
viewModel
|
||||
.test()
|
||||
.assertLatestState {
|
||||
val trustMap = it.trustLevelMap.invoke() ?: return@assertLatestState false
|
||||
trustMap[aliceMxid] == UserVerificationLevel.VERIFIED_WITH_DEVICES_UNTRUSTED &&
|
||||
trustMap[bobMxid] == UserVerificationLevel.VERIFIED_ALL_DEVICES_TRUSTED &&
|
||||
trustMap[marcMxid] == UserVerificationLevel.UNVERIFIED_BUT_WAS_PREVIOUSLY
|
||||
}
|
||||
.finish()
|
||||
}
|
||||
|
||||
private fun createViewModel(): RoomMemberListViewModel {
|
||||
return RoomMemberListViewModel(
|
||||
RoomMemberListViewState(args),
|
||||
RoomMemberSummaryComparator(),
|
||||
fakeSession,
|
||||
)
|
||||
}
|
||||
}
|
@ -0,0 +1,132 @@
|
||||
/*
|
||||
* Copyright (c) 2022 New Vector Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package im.vector.app.features
|
||||
|
||||
import androidx.arch.core.executor.testing.InstantTaskExecutorRule
|
||||
import com.airbnb.mvrx.Success
|
||||
import com.airbnb.mvrx.test.MvRxTestRule
|
||||
import im.vector.app.core.epoxy.profiles.ProfileMatrixItemWithPowerLevelWithPresence
|
||||
import im.vector.app.features.roomprofile.members.RoomMemberListCategories
|
||||
import im.vector.app.features.roomprofile.members.RoomMemberListController
|
||||
import im.vector.app.features.roomprofile.members.RoomMemberListViewState
|
||||
import io.mockk.every
|
||||
import io.mockk.mockk
|
||||
import org.amshove.kluent.shouldBeEqualTo
|
||||
import org.junit.Rule
|
||||
import org.junit.Test
|
||||
import org.junit.runner.RunWith
|
||||
import org.matrix.android.sdk.api.session.crypto.model.UserVerificationLevel
|
||||
import org.matrix.android.sdk.api.session.room.model.Membership
|
||||
import org.matrix.android.sdk.api.session.room.model.RoomMemberSummary
|
||||
import org.matrix.android.sdk.api.session.room.model.RoomSummary
|
||||
import org.robolectric.RobolectricTestRunner
|
||||
|
||||
@RunWith(RobolectricTestRunner::class)
|
||||
class RoomMemberListControllerTest {
|
||||
|
||||
@get:Rule
|
||||
val mvrxTestRule = MvRxTestRule()
|
||||
|
||||
@get:Rule
|
||||
val instantExecutorRule = InstantTaskExecutorRule()
|
||||
|
||||
@Test
|
||||
fun testControllerUserVerificationLevel() {
|
||||
val roomListController = RoomMemberListController(
|
||||
avatarRenderer = mockk {
|
||||
},
|
||||
stringProvider = mockk {
|
||||
every { getString(any()) } answers {
|
||||
this.args[0].toString()
|
||||
}
|
||||
},
|
||||
colorProvider = mockk {
|
||||
every { getColorFromAttribute(any()) } returns 0x0
|
||||
},
|
||||
roomMemberSummaryFilter = mockk(relaxed = true) {
|
||||
every { test(any()) } returns true
|
||||
}
|
||||
)
|
||||
|
||||
val fakeRoomSummary = RoomSummary(
|
||||
roomId = "!roomId",
|
||||
displayName = "Fake Room",
|
||||
topic = "A topic",
|
||||
isEncrypted = true,
|
||||
encryptionEventTs = 0,
|
||||
typingUsers = emptyList(),
|
||||
)
|
||||
|
||||
val state = RoomMemberListViewState(
|
||||
roomId = "!roomId",
|
||||
roomSummary = Success(fakeRoomSummary),
|
||||
areAllMembersLoaded = true,
|
||||
roomMemberSummaries = Success(
|
||||
listOf(
|
||||
RoomMemberListCategories.USER to listOf(
|
||||
RoomMemberSummary(
|
||||
membership = Membership.JOIN,
|
||||
userId = "@alice:example.com"
|
||||
),
|
||||
RoomMemberSummary(
|
||||
membership = Membership.JOIN,
|
||||
userId = "@bob:example.com"
|
||||
),
|
||||
RoomMemberSummary(
|
||||
membership = Membership.JOIN,
|
||||
userId = "@carl:example.com"
|
||||
),
|
||||
RoomMemberSummary(
|
||||
membership = Membership.JOIN,
|
||||
userId = "@massy:example.com"
|
||||
)
|
||||
)
|
||||
)
|
||||
),
|
||||
trustLevelMap = Success(
|
||||
mapOf(
|
||||
"@alice:example.com" to UserVerificationLevel.UNVERIFIED_BUT_WAS_PREVIOUSLY,
|
||||
"@bob:example.com" to UserVerificationLevel.VERIFIED_ALL_DEVICES_TRUSTED,
|
||||
"@carl:example.com" to UserVerificationLevel.WAS_NEVER_VERIFIED,
|
||||
"@massy:example.com" to UserVerificationLevel.VERIFIED_WITH_DEVICES_UNTRUSTED,
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
roomListController.setData(state)
|
||||
|
||||
val models = roomListController.adapter.copyOfModels
|
||||
|
||||
val profileItems = models.filterIsInstance<ProfileMatrixItemWithPowerLevelWithPresence>()
|
||||
|
||||
profileItems.firstOrNull {
|
||||
it.matrixItem.id == "@alice:example.com"
|
||||
}!!.userVerificationLevel shouldBeEqualTo UserVerificationLevel.UNVERIFIED_BUT_WAS_PREVIOUSLY
|
||||
|
||||
profileItems.firstOrNull {
|
||||
it.matrixItem.id == "@bob:example.com"
|
||||
}!!.userVerificationLevel shouldBeEqualTo UserVerificationLevel.VERIFIED_ALL_DEVICES_TRUSTED
|
||||
|
||||
profileItems.firstOrNull {
|
||||
it.matrixItem.id == "@carl:example.com"
|
||||
}!!.userVerificationLevel shouldBeEqualTo UserVerificationLevel.WAS_NEVER_VERIFIED
|
||||
|
||||
profileItems.firstOrNull {
|
||||
it.matrixItem.id == "@massy:example.com"
|
||||
}!!.userVerificationLevel shouldBeEqualTo UserVerificationLevel.VERIFIED_WITH_DEVICES_UNTRUSTED
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user