From f9de77a75db80d1bbbb26f3b25dae34151d1f173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Tue, 10 Aug 2021 16:00:43 +0200 Subject: [PATCH] crypto: Make sure we request secrets only if the user became trusted --- matrix_sdk_crypto/src/verification/mod.rs | 32 +++++++++++------------ 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/matrix_sdk_crypto/src/verification/mod.rs b/matrix_sdk_crypto/src/verification/mod.rs index fc96f83f..517e6001 100644 --- a/matrix_sdk_crypto/src/verification/mod.rs +++ b/matrix_sdk_crypto/src/verification/mod.rs @@ -406,7 +406,8 @@ impl IdentitiesBeingVerified { verified_identities: Option<&[ReadOnlyUserIdentities]>, ) -> Result { let device = self.mark_device_as_verified(verified_devices).await?; - let identity = self.mark_identity_as_verified(verified_identities).await?; + let (identity, should_request_secrets) = + self.mark_identity_as_verified(verified_identities).await?; if device.is_none() && identity.is_none() { // Something wen't wrong if nothing was verified, we use key @@ -414,10 +415,6 @@ impl IdentitiesBeingVerified { return Ok(VerificationResult::Cancel(CancelCode::KeyMismatch)); } - let is_self_verification = - device.as_ref().map(|d| d.user_id() == self.user_id()).unwrap_or_default() - || identity.as_ref().map(|i| i.own().is_some()).unwrap_or_default(); - let mut changes = Changes::default(); let signature_request = if let Some(device) = device { @@ -504,7 +501,7 @@ impl IdentitiesBeingVerified { identity_signature_request }; - if is_self_verification { + if should_request_secrets { let secret_requests = self.request_missing_secrets().await; changes.key_requests = secret_requests; } @@ -525,16 +522,16 @@ impl IdentitiesBeingVerified { async fn mark_identity_as_verified( &self, verified_identities: Option<&[ReadOnlyUserIdentities]>, - ) -> Result, CryptoStoreError> { + ) -> Result<(Option, bool), CryptoStoreError> { // If there wasn't an identity available during the verification flow // return early as there's nothing to do. if self.identity_being_verified.is_none() { - return Ok(None); + return Ok((None, false)); } let identity = self.store.get_user_identity(self.other_user_id()).await?; - if let Some(identity) = identity { + Ok(if let Some(identity) = identity { if self .identity_being_verified .as_ref() @@ -546,11 +543,14 @@ impl IdentitiesBeingVerified { "Marking the user identity of as verified." ); - if let ReadOnlyUserIdentities::Own(i) = &identity { + let should_request_secrets = if let ReadOnlyUserIdentities::Own(i) = &identity { i.mark_as_verified(); - } + true + } else { + false + }; - Ok(Some(identity)) + (Some(identity), should_request_secrets) } else { info!( user_id = self.other_user_id().as_str(), @@ -559,7 +559,7 @@ impl IdentitiesBeingVerified { the interactive verification", ); - Ok(None) + (None, false) } } else { warn!( @@ -568,7 +568,7 @@ impl IdentitiesBeingVerified { verification was going on, not marking the identity as verified.", ); - Ok(None) + (None, false) } } else { info!( @@ -576,8 +576,8 @@ impl IdentitiesBeingVerified { "The identity of the user was deleted while an interactive \ verification was going on.", ); - Ok(None) - } + (None, false) + }) } async fn mark_device_as_verified(