crypto: Rotate the megolm session if a device gets blacklisted
Damir Jelić
parent
303ac513e5
commit
ef2f20eb97
|
|
@ -218,21 +218,37 @@ impl GroupSessionManager {
|
||||||
.collect::<HashSet<_>>()
|
.collect::<HashSet<_>>()
|
||||||
.is_empty();
|
.is_empty();
|
||||||
|
|
||||||
let mut device_got_deleted = false;
|
let mut device_got_deleted_or_blacklisted = false;
|
||||||
|
|
||||||
for user_id in users {
|
for user_id in users {
|
||||||
let user_devices = self.store.get_user_devices(&user_id).await?;
|
let user_devices = self.store.get_user_devices(&user_id).await?;
|
||||||
|
|
||||||
// If no device got deleted until now and no user left check if one
|
// If no device got deleted or blacklisted until now and no user
|
||||||
// got deleted for this user.
|
// left check if one got deleted or blacklisted for this user.
|
||||||
if !device_got_deleted && !user_left {
|
if !device_got_deleted_or_blacklisted && !user_left {
|
||||||
let device_ids: HashSet<&DeviceId> =
|
// Devices that should receive this session
|
||||||
user_devices.keys().map(|d| d.as_ref()).collect();
|
let device_ids: HashSet<&DeviceId> = user_devices
|
||||||
|
.keys()
|
||||||
|
.filter(|d| {
|
||||||
|
!user_devices
|
||||||
|
.get(d)
|
||||||
|
.map(|d| d.is_blacklisted())
|
||||||
|
.unwrap_or(false)
|
||||||
|
})
|
||||||
|
.map(|d| d.as_ref())
|
||||||
|
.collect();
|
||||||
|
|
||||||
device_got_deleted = if let Some(shared) = outbound.shared_with_set.get(user_id) {
|
device_got_deleted_or_blacklisted = if let Some(shared) =
|
||||||
|
outbound.shared_with_set.get(user_id)
|
||||||
|
{
|
||||||
#[allow(clippy::map_clone)]
|
#[allow(clippy::map_clone)]
|
||||||
|
// Devices that received this session
|
||||||
let shared: HashSet<DeviceIdBox> = shared.iter().map(|d| d.clone()).collect();
|
let shared: HashSet<DeviceIdBox> = shared.iter().map(|d| d.clone()).collect();
|
||||||
let shared: HashSet<&DeviceId> = shared.iter().map(|d| d.as_ref()).collect();
|
let shared: HashSet<&DeviceId> = shared.iter().map(|d| d.as_ref()).collect();
|
||||||
|
|
||||||
|
// The difference between the devices that received the
|
||||||
|
// session and devices that should receive the session are
|
||||||
|
// our deleted or newly blacklisted devices
|
||||||
!shared
|
!shared
|
||||||
.difference(&device_ids)
|
.difference(&device_ids)
|
||||||
.collect::<HashSet<_>>()
|
.collect::<HashSet<_>>()
|
||||||
|
|
@ -249,9 +265,9 @@ impl GroupSessionManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
// To protect the room history we need to rotate the session if a user
|
// To protect the room history we need to rotate the session if a user
|
||||||
// left or if a device got deleted, put differently if someone leaves
|
// left or if a device got deleted/blacklisted, put differently if
|
||||||
// the encrypted group.
|
// someone leaves or gets removed from the encrypted group.
|
||||||
let should_rotate = user_left || device_got_deleted;
|
let should_rotate = user_left || device_got_deleted_or_blacklisted;
|
||||||
|
|
||||||
Ok((should_rotate, devices))
|
Ok((should_rotate, devices))
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue