crypto: Allow only a identity to be verified when the verification finishes
QR code based verification doesn't verify a device when users are verifying each other, generalize the logic that marks stuff as verified so we can verify either only a device or an user identity or both.master
Damir Jelić
parent
ada71586ac
commit
7f364fd615
|
|
@ -43,7 +43,7 @@ use tracing::{error, info, trace, warn};
|
||||||
use crate::{
|
use crate::{
|
||||||
error::SignatureError,
|
error::SignatureError,
|
||||||
olm::PrivateCrossSigningIdentity,
|
olm::PrivateCrossSigningIdentity,
|
||||||
store::{Changes, CryptoStore, DeviceChanges},
|
store::{Changes, CryptoStore},
|
||||||
CryptoStoreError, LocalTrust, ReadOnlyDevice, UserIdentities,
|
CryptoStoreError, LocalTrust, ReadOnlyDevice, UserIdentities,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -257,9 +257,18 @@ impl IdentitiesBeingVerified {
|
||||||
verified_devices: Option<&[ReadOnlyDevice]>,
|
verified_devices: Option<&[ReadOnlyDevice]>,
|
||||||
verified_identities: Option<&[UserIdentities]>,
|
verified_identities: Option<&[UserIdentities]>,
|
||||||
) -> Result<VerificationResult, CryptoStoreError> {
|
) -> Result<VerificationResult, CryptoStoreError> {
|
||||||
if let Some(device) = self.mark_device_as_verified(verified_devices).await? {
|
let device = self.mark_device_as_verified(verified_devices).await?;
|
||||||
let identity = self.mark_identity_as_verified(verified_identities).await?;
|
let identity = self.mark_identity_as_verified(verified_identities).await?;
|
||||||
|
|
||||||
|
if device.is_none() && identity.is_none() {
|
||||||
|
// Something wen't wrong if nothing was verified, we use key
|
||||||
|
// mismatch here, since it's the closest to nothing was verified
|
||||||
|
return Ok(VerificationResult::Cancel(CancelCode::KeyMismatch));
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut changes = Changes::default();
|
||||||
|
|
||||||
|
let signature_request = if let Some(device) = device {
|
||||||
// We only sign devices of our own user here.
|
// We only sign devices of our own user here.
|
||||||
let signature_request = if device.user_id() == self.user_id() {
|
let signature_request = if device.user_id() == self.user_id() {
|
||||||
match self.private_identity.sign_device(&device).await {
|
match self.private_identity.sign_device(&device).await {
|
||||||
|
|
@ -288,9 +297,10 @@ impl IdentitiesBeingVerified {
|
||||||
None
|
None
|
||||||
};
|
};
|
||||||
|
|
||||||
let mut changes = Changes {
|
changes.devices.changed.push(device);
|
||||||
devices: DeviceChanges { changed: vec![device], ..Default::default() },
|
signature_request
|
||||||
..Default::default()
|
} else {
|
||||||
|
None
|
||||||
};
|
};
|
||||||
|
|
||||||
let identity_signature_request = if let Some(i) = identity {
|
let identity_signature_request = if let Some(i) = identity {
|
||||||
|
|
@ -321,7 +331,6 @@ impl IdentitiesBeingVerified {
|
||||||
};
|
};
|
||||||
|
|
||||||
changes.identities.changed.push(i);
|
changes.identities.changed.push(i);
|
||||||
|
|
||||||
request
|
request
|
||||||
} else {
|
} else {
|
||||||
None
|
None
|
||||||
|
|
@ -345,12 +354,10 @@ impl IdentitiesBeingVerified {
|
||||||
|
|
||||||
// TODO store the signature upload request as well.
|
// TODO store the signature upload request as well.
|
||||||
self.store.save_changes(changes).await?;
|
self.store.save_changes(changes).await?;
|
||||||
|
|
||||||
Ok(merged_request
|
Ok(merged_request
|
||||||
.map(VerificationResult::SignatureUpload)
|
.map(VerificationResult::SignatureUpload)
|
||||||
.unwrap_or(VerificationResult::Ok))
|
.unwrap_or(VerificationResult::Ok))
|
||||||
} else {
|
|
||||||
Ok(VerificationResult::Cancel(CancelCode::UserMismatch))
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn mark_identity_as_verified(
|
async fn mark_identity_as_verified(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue