-
-
Notifications
You must be signed in to change notification settings - Fork 11
Improve error display for messages sent from insecure devices #50
Changes from all commits
bff059a
2a132a6
b6fd430
4940648
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
/* | ||
Copyright 2024 New Vector Ltd. | ||
|
||
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only | ||
Please see LICENSE files in the repository root for full details. | ||
*/ | ||
|
||
import { expect, test } from "../../element-web-test"; | ||
import { autoJoin, createSecondBotDevice, createSharedRoomWithUser, verify } from "./utils"; | ||
import { bootstrapCrossSigningForClient } from "../../pages/client.ts"; | ||
|
||
/** Tests for the "invisible crypto" behaviour -- i.e., when the "exclude insecure devices" setting is enabled */ | ||
test.describe("Invisible cryptography", () => { | ||
test.use({ | ||
displayName: "Alice", | ||
botCreateOpts: { displayName: "Bob" }, | ||
labsFlags: ["feature_exclude_insecure_devices"], | ||
}); | ||
|
||
test("Messages fail to decrypt when sender is previously verified", async ({ | ||
page, | ||
bot: bob, | ||
user: aliceCredentials, | ||
app, | ||
homeserver, | ||
}) => { | ||
await app.client.bootstrapCrossSigning(aliceCredentials); | ||
await autoJoin(bob); | ||
|
||
// create an encrypted room | ||
const testRoomId = await createSharedRoomWithUser(app, bob.credentials.userId, { | ||
name: "TestRoom", | ||
initial_state: [ | ||
{ | ||
type: "m.room.encryption", | ||
state_key: "", | ||
content: { | ||
algorithm: "m.megolm.v1.aes-sha2", | ||
}, | ||
}, | ||
], | ||
}); | ||
|
||
// Verify Bob | ||
await verify(app, bob); | ||
|
||
// Bob logs in a new device and resets cross-signing | ||
const bobSecondDevice = await createSecondBotDevice(page, homeserver, bob); | ||
await bootstrapCrossSigningForClient(await bobSecondDevice.prepareClient(), bob.credentials, true); | ||
|
||
/* should show an error for a message from a previously verified device */ | ||
await bobSecondDevice.sendMessage(testRoomId, "test encrypted from user that was previously verified"); | ||
const lastTile = page.locator(".mx_EventTile_last"); | ||
await expect(lastTile).toContainText("Verified identity has changed"); | ||
}); | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
Copyright 2024 New Vector Ltd. | ||
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only | ||
Please see LICENSE files in the repository root for full details. | ||
*/ | ||
|
||
import { AllDevicesIsolationMode, OnlySignedDevicesIsolationMode } from "matrix-js-sdk/src/crypto-api"; | ||
Check failure on line 7 in src/settings/controllers/DeviceIsolationModeController.ts
|
||
import { MatrixClient } from "matrix-js-sdk/src/matrix"; | ||
|
||
import SettingController from "./SettingController"; | ||
import { MatrixClientPeg } from "../../MatrixClientPeg"; | ||
import { SettingLevel } from "../SettingLevel"; | ||
|
||
/** | ||
* A controller for the "exclude_insecure_devices" setting, which will | ||
* update the crypto stack's device isolation mode on change. | ||
*/ | ||
export default class DeviceIsolationModeController extends SettingController { | ||
public onChange(level: SettingLevel, roomId: string, newValue: any): void { | ||
setDeviceIsolationMode(MatrixClientPeg.safeGet(), newValue); | ||
} | ||
} | ||
|
||
/** | ||
* Set the crypto stack's device isolation mode based on the current value of the | ||
* "exclude_insecure_devices" setting. | ||
* | ||
* @param client - MatrixClient to update to the new setting. | ||
* @param settingValue - value of the "exclude_insecure_devices" setting. | ||
*/ | ||
export function setDeviceIsolationMode(client: MatrixClient, settingValue: boolean): void { | ||
client | ||
.getCrypto() | ||
?.setDeviceIsolationMode( | ||
settingValue ? new OnlySignedDevicesIsolationMode() : new AllDevicesIsolationMode(true), | ||
Check failure on line 35 in src/settings/controllers/DeviceIsolationModeController.ts
|
||
); | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/* | ||
Copyright 2024 New Vector Ltd. | ||
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only | ||
Please see LICENSE files in the repository root for full details. | ||
*/ | ||
|
||
import { AllDevicesIsolationMode, OnlySignedDevicesIsolationMode } from "matrix-js-sdk/src/crypto-api"; | ||
Check failure on line 7 in test/settings/controllers/DeviceIsolationModeController-test.ts
|
||
|
||
import { stubClient } from "../../test-utils"; | ||
import DeviceIsolationModeController from "../../../src/settings/controllers/DeviceIsolationModeController.ts"; | ||
import { SettingLevel } from "../../../src/settings/SettingLevel"; | ||
|
||
describe("DeviceIsolationModeController", () => { | ||
afterEach(() => { | ||
jest.resetAllMocks(); | ||
}); | ||
|
||
describe("tracks enabling and disabling", () => { | ||
it("on sets signed device isolation mode", () => { | ||
const cli = stubClient(); | ||
const controller = new DeviceIsolationModeController(); | ||
controller.onChange(SettingLevel.DEVICE, "", true); | ||
expect(cli.getCrypto()?.setDeviceIsolationMode).toHaveBeenCalledWith(new OnlySignedDevicesIsolationMode()); | ||
}); | ||
|
||
it("off sets all device isolation mode", () => { | ||
const cli = stubClient(); | ||
const controller = new DeviceIsolationModeController(); | ||
controller.onChange(SettingLevel.DEVICE, "", false); | ||
expect(cli.getCrypto()?.setDeviceIsolationMode).toHaveBeenCalledWith(new AllDevicesIsolationMode(true)); | ||
}); | ||
}); | ||
}); |
Uh oh!
There was an error while loading. Please reload this page.