CryptoApi.resetEncryption should always create a new key backup (#4648)

florianduros · web-flow · commit ed397d99ed9d · 2025-01-23T15:35:37.000Z
* fix(crypto api): `resetEncryption` always calls `resetKeyBackup`

* test(crypto api): update `resetEncryption` tests

* chore(crypto api): add logging in `resetEncryption`
diff --git a/spec/unit/rust-crypto/rust-crypto.spec.ts b/spec/unit/rust-crypto/rust-crypto.spec.ts
@@ -1896,22 +1896,6 @@ describe("RustCrypto", () => {
         });
 
         it("reset should reset 4S, backup and cross-signing", async () => {
-            // We don't have a key backup
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", {});
-
-            const rustCrypto = await makeTestRustCrypto(makeMatrixHttpApi(), undefined, undefined, secretStorage);
-
-            const authUploadDeviceSigningKeys = jest.fn();
-            await rustCrypto.resetEncryption(authUploadDeviceSigningKeys);
-
-            // The default key id should be deleted
-            expect(secretStorage.setDefaultKeyId).toHaveBeenCalledWith(null);
-            expect(await rustCrypto.getActiveSessionBackupVersion()).toBeNull();
-            // The new cross signing keys should be uploaded
-            expect(authUploadDeviceSigningKeys).toHaveBeenCalledWith(expect.any(Function));
-        });
-
-        it("key backup should be re-enabled after reset", async () => {
             // When we will delete the key backup
             let backupIsDeleted = false;
             fetchMock.delete("path:/_matrix/client/v3/room_keys/version/1", () => {
@@ -1923,6 +1907,13 @@ describe("RustCrypto", () => {
                 return backupIsDeleted ? {} : testData.SIGNED_BACKUP_DATA;
             });
 
+            // A new key backup should be created after the reset
+            let newKeyBackupInfo!: KeyBackupInfo;
+            fetchMock.post("path:/_matrix/client/v3/room_keys/version", (res, options) => {
+                newKeyBackupInfo = JSON.parse(options.body as string);
+                return { version: "2" };
+            });
+
             // We consider the key backup as trusted
             jest.spyOn(RustBackupManager.prototype, "isKeyBackupTrusted").mockResolvedValue({
                 trusted: true,
@@ -1933,13 +1924,6 @@ describe("RustCrypto", () => {
             // We have a key backup
             expect(await rustCrypto.getActiveSessionBackupVersion()).not.toBeNull();
 
-            // A new key backup should be created after the reset
-            let newKeyBackupInfo!: KeyBackupInfo;
-            fetchMock.post("path:/_matrix/client/v3/room_keys/version", (res, options) => {
-                newKeyBackupInfo = JSON.parse(options.body as string);
-                return { version: "2" };
-            });
-
             const authUploadDeviceSigningKeys = jest.fn();
             await rustCrypto.resetEncryption(authUploadDeviceSigningKeys);
 
diff --git a/src/crypto-api/index.ts b/src/crypto-api/index.ts
@@ -401,7 +401,7 @@ export interface CryptoApi {
      * - Disable backing up room keys and delete any existing backups.
      * - Remove the default secret storage key from the account data (ie: the recovery key).
      * - Reset the cross-signing keys.
-     * - Re-enable backing up room keys if enabled before.
+     * - Create a new key backup.
      *
      * @param authUploadDeviceSigningKeys - Callback to authenticate the upload of device signing keys.
      *      Used when resetting the cross signing keys.
diff --git a/src/rust-crypto/rust-crypto.ts b/src/rust-crypto/rust-crypto.ts
@@ -1477,7 +1477,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
      * Implementation of {@link CryptoApi#resetEncryption}.
      */
     public async resetEncryption(authUploadDeviceSigningKeys: UIAuthCallback<void>): Promise<void> {
-        const backupEnabled = (await this.backupManager.getActiveBackupVersion()) !== null;
+        this.logger.debug("resetEncryption: resetting encryption");
 
         // Disable backup, and delete all the backups from the server
         await this.backupManager.deleteAllKeyBackupVersions();
@@ -1491,10 +1491,10 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
             authUploadDeviceSigningKeys,
         });
 
-        // If key backup was enabled, we create a new backup
-        if (backupEnabled) {
-            await this.resetKeyBackup();
-        }
+        // Create a new key backup
+        await this.resetKeyBackup();
+
+        this.logger.debug("resetEncryption: ended");
     }
 
     ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Original file line number	Diff line number	Diff line change
`@@ -401,7 +401,7 @@ export interface CryptoApi {`
`401`	`401`	`* - Disable backing up room keys and delete any existing backups.`
`402`	`402`	`* - Remove the default secret storage key from the account data (ie: the recovery key).`
`403`	`403`	`* - Reset the cross-signing keys.`
`404`		`- * - Re-enable backing up room keys if enabled before.`
	`404`	`+ * - Create a new key backup.`
`405`	`405`	`*`
`406`	`406`	`* @param authUploadDeviceSigningKeys - Callback to authenticate the upload of device signing keys.`
`407`	`407`	`* Used when resetting the cross signing keys.`