char/matrix-rust-sdk
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

crypto: Make sure we request secrets only if the user became trusted

Browse source
This commit is contained in:
Damir Jelić 2021-08-10 16:00:43 +02:00
parent 315e77ebf2
commit f9de77a75d
1 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
matrix_sdk_crypto/src/verification/mod.rs
View file

@ -406,7 +406,8 @@ impl IdentitiesBeingVerified {
verified_identities: Option<&[ReadOnlyUserIdentities]>, verified_identities: Option<&[ReadOnlyUserIdentities]>,
) -> Result<VerificationResult, CryptoStoreError> { ) -> Result<VerificationResult, CryptoStoreError> {
let device = self.mark_device_as_verified(verified_devices).await?; let device = self.mark_device_as_verified(verified_devices).await?;
let identity = self.mark_identity_as_verified(verified_identities).await?; let (identity, should_request_secrets) =
self.mark_identity_as_verified(verified_identities).await?;
if device.is_none() && identity.is_none() { if device.is_none() && identity.is_none() {
// Something wen't wrong if nothing was verified, we use key // Something wen't wrong if nothing was verified, we use key
@ -414,10 +415,6 @@ impl IdentitiesBeingVerified {
return Ok(VerificationResult::Cancel(CancelCode::KeyMismatch)); return Ok(VerificationResult::Cancel(CancelCode::KeyMismatch));
} }
let is_self_verification =
device.as_ref().map(|d| d.user_id() == self.user_id()).unwrap_or_default()
|| identity.as_ref().map(|i| i.own().is_some()).unwrap_or_default();
let mut changes = Changes::default(); let mut changes = Changes::default();
let signature_request = if let Some(device) = device { let signature_request = if let Some(device) = device {
@ -504,7 +501,7 @@ impl IdentitiesBeingVerified {
identity_signature_request identity_signature_request
}; };
if is_self_verification { if should_request_secrets {
let secret_requests = self.request_missing_secrets().await; let secret_requests = self.request_missing_secrets().await;
changes.key_requests = secret_requests; changes.key_requests = secret_requests;
} }
@ -525,16 +522,16 @@ impl IdentitiesBeingVerified {
async fn mark_identity_as_verified( async fn mark_identity_as_verified(
&self, &self,
verified_identities: Option<&[ReadOnlyUserIdentities]>, verified_identities: Option<&[ReadOnlyUserIdentities]>,
) -> Result<Option<ReadOnlyUserIdentities>, CryptoStoreError> { ) -> Result<(Option<ReadOnlyUserIdentities>, bool), CryptoStoreError> {
// If there wasn't an identity available during the verification flow // If there wasn't an identity available during the verification flow
// return early as there's nothing to do. // return early as there's nothing to do.
if self.identity_being_verified.is_none() { if self.identity_being_verified.is_none() {
return Ok(None); return Ok((None, false));
} }
let identity = self.store.get_user_identity(self.other_user_id()).await?; let identity = self.store.get_user_identity(self.other_user_id()).await?;
if let Some(identity) = identity { Ok(if let Some(identity) = identity {
if self if self
.identity_being_verified .identity_being_verified
.as_ref() .as_ref()
@ -546,11 +543,14 @@ impl IdentitiesBeingVerified {
"Marking the user identity of as verified." "Marking the user identity of as verified."
); );
if let ReadOnlyUserIdentities::Own(i) = &identity { let should_request_secrets = if let ReadOnlyUserIdentities::Own(i) = &identity {
i.mark_as_verified(); i.mark_as_verified();
} true
} else {
false
};
Ok(Some(identity)) (Some(identity), should_request_secrets)
} else { } else {
info!( info!(
user_id = self.other_user_id().as_str(), user_id = self.other_user_id().as_str(),
@ -559,7 +559,7 @@ impl IdentitiesBeingVerified {
the interactive verification", the interactive verification",
); );
Ok(None) (None, false)
} }
} else { } else {
warn!( warn!(
@ -568,7 +568,7 @@ impl IdentitiesBeingVerified {
verification was going on, not marking the identity as verified.", verification was going on, not marking the identity as verified.",
); );
Ok(None) (None, false)
} }
} else { } else {
info!( info!(
@ -576,8 +576,8 @@ impl IdentitiesBeingVerified {
"The identity of the user was deleted while an interactive \ "The identity of the user was deleted while an interactive \
verification was going on.", verification was going on.",
); );
Ok(None) (None, false)
} })
} }
async fn mark_device_as_verified( async fn mark_device_as_verified(