crypto: Make sure we request secrets only if the user became trusted
This commit is contained in:
parent
315e77ebf2
commit
f9de77a75d
1 changed files with 16 additions and 16 deletions
|
@ -406,7 +406,8 @@ impl IdentitiesBeingVerified {
|
|||
verified_identities: Option<&[ReadOnlyUserIdentities]>,
|
||||
) -> Result<VerificationResult, CryptoStoreError> {
|
||||
let device = self.mark_device_as_verified(verified_devices).await?;
|
||||
let identity = self.mark_identity_as_verified(verified_identities).await?;
|
||||
let (identity, should_request_secrets) =
|
||||
self.mark_identity_as_verified(verified_identities).await?;
|
||||
|
||||
if device.is_none() && identity.is_none() {
|
||||
// Something wen't wrong if nothing was verified, we use key
|
||||
|
@ -414,10 +415,6 @@ impl IdentitiesBeingVerified {
|
|||
return Ok(VerificationResult::Cancel(CancelCode::KeyMismatch));
|
||||
}
|
||||
|
||||
let is_self_verification =
|
||||
device.as_ref().map(|d| d.user_id() == self.user_id()).unwrap_or_default()
|
||||
|| identity.as_ref().map(|i| i.own().is_some()).unwrap_or_default();
|
||||
|
||||
let mut changes = Changes::default();
|
||||
|
||||
let signature_request = if let Some(device) = device {
|
||||
|
@ -504,7 +501,7 @@ impl IdentitiesBeingVerified {
|
|||
identity_signature_request
|
||||
};
|
||||
|
||||
if is_self_verification {
|
||||
if should_request_secrets {
|
||||
let secret_requests = self.request_missing_secrets().await;
|
||||
changes.key_requests = secret_requests;
|
||||
}
|
||||
|
@ -525,16 +522,16 @@ impl IdentitiesBeingVerified {
|
|||
async fn mark_identity_as_verified(
|
||||
&self,
|
||||
verified_identities: Option<&[ReadOnlyUserIdentities]>,
|
||||
) -> Result<Option<ReadOnlyUserIdentities>, CryptoStoreError> {
|
||||
) -> Result<(Option<ReadOnlyUserIdentities>, bool), CryptoStoreError> {
|
||||
// If there wasn't an identity available during the verification flow
|
||||
// return early as there's nothing to do.
|
||||
if self.identity_being_verified.is_none() {
|
||||
return Ok(None);
|
||||
return Ok((None, false));
|
||||
}
|
||||
|
||||
let identity = self.store.get_user_identity(self.other_user_id()).await?;
|
||||
|
||||
if let Some(identity) = identity {
|
||||
Ok(if let Some(identity) = identity {
|
||||
if self
|
||||
.identity_being_verified
|
||||
.as_ref()
|
||||
|
@ -546,11 +543,14 @@ impl IdentitiesBeingVerified {
|
|||
"Marking the user identity of as verified."
|
||||
);
|
||||
|
||||
if let ReadOnlyUserIdentities::Own(i) = &identity {
|
||||
let should_request_secrets = if let ReadOnlyUserIdentities::Own(i) = &identity {
|
||||
i.mark_as_verified();
|
||||
}
|
||||
true
|
||||
} else {
|
||||
false
|
||||
};
|
||||
|
||||
Ok(Some(identity))
|
||||
(Some(identity), should_request_secrets)
|
||||
} else {
|
||||
info!(
|
||||
user_id = self.other_user_id().as_str(),
|
||||
|
@ -559,7 +559,7 @@ impl IdentitiesBeingVerified {
|
|||
the interactive verification",
|
||||
);
|
||||
|
||||
Ok(None)
|
||||
(None, false)
|
||||
}
|
||||
} else {
|
||||
warn!(
|
||||
|
@ -568,7 +568,7 @@ impl IdentitiesBeingVerified {
|
|||
verification was going on, not marking the identity as verified.",
|
||||
);
|
||||
|
||||
Ok(None)
|
||||
(None, false)
|
||||
}
|
||||
} else {
|
||||
info!(
|
||||
|
@ -576,8 +576,8 @@ impl IdentitiesBeingVerified {
|
|||
"The identity of the user was deleted while an interactive \
|
||||
verification was going on.",
|
||||
);
|
||||
Ok(None)
|
||||
}
|
||||
(None, false)
|
||||
})
|
||||
}
|
||||
|
||||
async fn mark_device_as_verified(
|
||||
|
|
Loading…
Reference in a new issue