From ef2f20eb973c9e31a5cc4ffecc8c7f85afbb6154 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Thu, 21 Jan 2021 12:19:02 +0100
Subject: [PATCH] crypto: Rotate the megolm session if a device gets
 blacklisted

---
 .../src/session_manager/group_sessions.rs     | 36 +++++++++++++------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/matrix_sdk_crypto/src/session_manager/group_sessions.rs b/matrix_sdk_crypto/src/session_manager/group_sessions.rs
index c0d66e57..d2e2cd23 100644
--- a/matrix_sdk_crypto/src/session_manager/group_sessions.rs
+++ b/matrix_sdk_crypto/src/session_manager/group_sessions.rs
@@ -218,21 +218,37 @@ impl GroupSessionManager {
             .collect::<HashSet<_>>()
             .is_empty();
 
-        let mut device_got_deleted = false;
+        let mut device_got_deleted_or_blacklisted = false;
 
         for user_id in users {
             let user_devices = self.store.get_user_devices(&user_id).await?;
 
-            // If no device got deleted until now and no user left check if one
-            // got deleted for this user.
-            if !device_got_deleted && !user_left {
-                let device_ids: HashSet<&DeviceId> =
-                    user_devices.keys().map(|d| d.as_ref()).collect();
+            // If no device got deleted or blacklisted until now and no user
+            // left check if one got deleted or blacklisted for this user.
+            if !device_got_deleted_or_blacklisted && !user_left {
+                // Devices that should receive this session
+                let device_ids: HashSet<&DeviceId> = user_devices
+                    .keys()
+                    .filter(|d| {
+                        !user_devices
+                            .get(d)
+                            .map(|d| d.is_blacklisted())
+                            .unwrap_or(false)
+                    })
+                    .map(|d| d.as_ref())
+                    .collect();
 
-                device_got_deleted = if let Some(shared) = outbound.shared_with_set.get(user_id) {
+                device_got_deleted_or_blacklisted = if let Some(shared) =
+                    outbound.shared_with_set.get(user_id)
+                {
                     #[allow(clippy::map_clone)]
+                    // Devices that received this session
                     let shared: HashSet<DeviceIdBox> = shared.iter().map(|d| d.clone()).collect();
                     let shared: HashSet<&DeviceId> = shared.iter().map(|d| d.as_ref()).collect();
+
+                    // The difference between the devices that received the
+                    // session and devices that should receive the session are
+                    // our deleted or newly blacklisted devices
                     !shared
                         .difference(&device_ids)
                         .collect::<HashSet<_>>()
@@ -249,9 +265,9 @@ impl GroupSessionManager {
         }
 
         // To protect the room history we need to rotate the session if a user
-        // left or if a device got deleted, put differently if someone leaves
-        // the encrypted group.
-        let should_rotate = user_left || device_got_deleted;
+        // left or if a device got deleted/blacklisted, put differently if
+        // someone leaves or gets removed from the encrypted group.
+        let should_rotate = user_left || device_got_deleted_or_blacklisted;
 
         Ok((should_rotate, devices))
     }