mirror of
https://github.com/Nheko-Reborn/nheko.git
synced 2024-11-26 21:18:48 +03:00
Updating keys of outdated encrypted users
This commit is contained in:
parent
1103cc15cf
commit
a2979c2df1
7 changed files with 89 additions and 32 deletions
|
@ -31,8 +31,10 @@
|
||||||
|
|
||||||
#include "Cache.h"
|
#include "Cache.h"
|
||||||
#include "Cache_p.h"
|
#include "Cache_p.h"
|
||||||
|
#include "ChatPage.h"
|
||||||
#include "EventAccessors.h"
|
#include "EventAccessors.h"
|
||||||
#include "Logging.h"
|
#include "Logging.h"
|
||||||
|
#include "MatrixClient.h"
|
||||||
#include "Utils.h"
|
#include "Utils.h"
|
||||||
|
|
||||||
//! Should be changed when a breaking change occurs in the cache format.
|
//! Should be changed when a breaking change occurs in the cache format.
|
||||||
|
@ -1009,6 +1011,8 @@ Cache::saveState(const mtx::responses::Sync &res)
|
||||||
|
|
||||||
savePresence(txn, res.presence);
|
savePresence(txn, res.presence);
|
||||||
|
|
||||||
|
updateUserCache(res.device_lists);
|
||||||
|
|
||||||
removeLeftRooms(txn, res.rooms.leave);
|
removeLeftRooms(txn, res.rooms.leave);
|
||||||
|
|
||||||
txn.commit();
|
txn.commit();
|
||||||
|
@ -2885,16 +2889,12 @@ Cache::statusMessage(const std::string &user_id)
|
||||||
void
|
void
|
||||||
to_json(json &j, const UserCache &info)
|
to_json(json &j, const UserCache &info)
|
||||||
{
|
{
|
||||||
j["is_user_verified"] = info.is_user_verified;
|
|
||||||
j["cross_verified"] = info.cross_verified;
|
|
||||||
j["keys"] = info.keys;
|
j["keys"] = info.keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
from_json(const json &j, UserCache &info)
|
from_json(const json &j, UserCache &info)
|
||||||
{
|
{
|
||||||
info.is_user_verified = j.at("is_user_verified");
|
|
||||||
info.cross_verified = j.at("cross_verified").get<std::vector<std::string>>();
|
|
||||||
info.keys = j.at("keys").get<mtx::responses::QueryKeys>();
|
info.keys = j.at("keys").get<mtx::responses::QueryKeys>();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2932,6 +2932,32 @@ Cache::setUserCache(const std::string &user_id, const UserCache &body)
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
Cache::updateUserCache(const mtx::responses::DeviceLists body)
|
||||||
|
{
|
||||||
|
for (auto user_id : body.changed) {
|
||||||
|
mtx::requests::QueryKeys req;
|
||||||
|
req.device_keys[user_id] = {};
|
||||||
|
|
||||||
|
http::client()->query_keys(
|
||||||
|
req,
|
||||||
|
[user_id, this](const mtx::responses::QueryKeys res, mtx::http::RequestErr err) {
|
||||||
|
if (err) {
|
||||||
|
nhlog::net()->warn("failed to query device keys: {},{}",
|
||||||
|
err->matrix_error.errcode,
|
||||||
|
static_cast<int>(err->status_code));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
setUserCache(user_id, UserCache{std::move(res)});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
for (std::string user_id : body.left) {
|
||||||
|
deleteUserCache(user_id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
Cache::deleteUserCache(const std::string &user_id)
|
Cache::deleteUserCache(const std::string &user_id)
|
||||||
{
|
{
|
||||||
|
@ -2947,6 +2973,8 @@ Cache::deleteUserCache(const std::string &user_id)
|
||||||
void
|
void
|
||||||
to_json(json &j, const DeviceVerifiedCache &info)
|
to_json(json &j, const DeviceVerifiedCache &info)
|
||||||
{
|
{
|
||||||
|
j["is_user_verified"] = info.is_user_verified;
|
||||||
|
j["cross_verified"] = info.cross_verified;
|
||||||
j["device_verified"] = info.device_verified;
|
j["device_verified"] = info.device_verified;
|
||||||
j["device_blocked"] = info.device_blocked;
|
j["device_blocked"] = info.device_blocked;
|
||||||
}
|
}
|
||||||
|
@ -2954,6 +2982,8 @@ to_json(json &j, const DeviceVerifiedCache &info)
|
||||||
void
|
void
|
||||||
from_json(const json &j, DeviceVerifiedCache &info)
|
from_json(const json &j, DeviceVerifiedCache &info)
|
||||||
{
|
{
|
||||||
|
info.is_user_verified = j.at("is_user_verified");
|
||||||
|
info.cross_verified = j.at("cross_verified").get<std::vector<std::string>>();
|
||||||
info.device_verified = j.at("device_verified").get<std::vector<std::string>>();
|
info.device_verified = j.at("device_verified").get<std::vector<std::string>>();
|
||||||
info.device_blocked = j.at("device_blocked").get<std::vector<std::string>>();
|
info.device_blocked = j.at("device_blocked").get<std::vector<std::string>>();
|
||||||
}
|
}
|
||||||
|
@ -3178,6 +3208,12 @@ getUserCache(const std::string &user_id)
|
||||||
return instance_->getUserCache(user_id);
|
return instance_->getUserCache(user_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
updateUserCache(const mtx::responses::DeviceLists body)
|
||||||
|
{
|
||||||
|
instance_->updateUserCache(body);
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
setUserCache(const std::string &user_id, const UserCache &body)
|
setUserCache(const std::string &user_id, const UserCache &body)
|
||||||
{
|
{
|
||||||
|
|
|
@ -64,6 +64,9 @@ statusMessage(const std::string &user_id);
|
||||||
std::optional<UserCache>
|
std::optional<UserCache>
|
||||||
getUserCache(const std::string &user_id);
|
getUserCache(const std::string &user_id);
|
||||||
|
|
||||||
|
void
|
||||||
|
updateUserCache(const mtx::responses::DeviceLists body);
|
||||||
|
|
||||||
int
|
int
|
||||||
setUserCache(const std::string &user_id, const UserCache &body);
|
setUserCache(const std::string &user_id, const UserCache &body);
|
||||||
|
|
||||||
|
|
|
@ -66,14 +66,16 @@ struct OlmSessionStorage
|
||||||
std::mutex group_inbound_mtx;
|
std::mutex group_inbound_mtx;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// this will store the keys of the user with whom a encrypted room is shared with
|
||||||
struct UserCache
|
struct UserCache
|
||||||
{
|
{
|
||||||
//! this stores if the user is verified (with cross-signing)
|
|
||||||
bool is_user_verified = false;
|
|
||||||
//! list of verified device_ids with cross-signing
|
|
||||||
std::vector<std::string> cross_verified;
|
|
||||||
//! map of public key key_ids and their public_key
|
//! map of public key key_ids and their public_key
|
||||||
mtx::responses::QueryKeys keys;
|
mtx::responses::QueryKeys keys;
|
||||||
|
|
||||||
|
UserCache(mtx::responses::QueryKeys res)
|
||||||
|
: keys(res)
|
||||||
|
{}
|
||||||
|
UserCache() {}
|
||||||
};
|
};
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -81,11 +83,30 @@ to_json(nlohmann::json &j, const UserCache &info);
|
||||||
void
|
void
|
||||||
from_json(const nlohmann::json &j, UserCache &info);
|
from_json(const nlohmann::json &j, UserCache &info);
|
||||||
|
|
||||||
|
// the reason these are stored in a seperate cache rather than storing it in the user cache is
|
||||||
|
// UserCache stores only keys of users with which encrypted room is shared
|
||||||
struct DeviceVerifiedCache
|
struct DeviceVerifiedCache
|
||||||
{
|
{
|
||||||
//! list of verified device_ids with device-verification
|
//! list of verified device_ids with device-verification
|
||||||
std::vector<std::string> device_verified;
|
std::vector<std::string> device_verified;
|
||||||
|
//! list of verified device_ids with cross-signing
|
||||||
|
std::vector<std::string> cross_verified;
|
||||||
|
//! list of devices the user blocks
|
||||||
std::vector<std::string> device_blocked;
|
std::vector<std::string> device_blocked;
|
||||||
|
//! this stores if the user is verified (with cross-signing)
|
||||||
|
bool is_user_verified = false;
|
||||||
|
|
||||||
|
DeviceVerifiedCache(std::vector<std::string> device_verified_,
|
||||||
|
std::vector<std::string> cross_verified_,
|
||||||
|
std::vector<std::string> device_blocked_,
|
||||||
|
bool is_user_verified_ = false)
|
||||||
|
: device_verified(device_verified_)
|
||||||
|
, cross_verified(cross_verified_)
|
||||||
|
, device_blocked(device_blocked_)
|
||||||
|
, is_user_verified(is_user_verified_)
|
||||||
|
{}
|
||||||
|
|
||||||
|
DeviceVerifiedCache() {}
|
||||||
};
|
};
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
|
@ -56,6 +56,7 @@ public:
|
||||||
|
|
||||||
// user cache stores user keys
|
// user cache stores user keys
|
||||||
std::optional<UserCache> getUserCache(const std::string &user_id);
|
std::optional<UserCache> getUserCache(const std::string &user_id);
|
||||||
|
void updateUserCache(const mtx::responses::DeviceLists body);
|
||||||
int setUserCache(const std::string &user_id, const UserCache &body);
|
int setUserCache(const std::string &user_id, const UserCache &body);
|
||||||
int deleteUserCache(const std::string &user_id);
|
int deleteUserCache(const std::string &user_id);
|
||||||
|
|
||||||
|
@ -521,12 +522,12 @@ private:
|
||||||
|
|
||||||
lmdb::dbi getUserCacheDb(lmdb::txn &txn)
|
lmdb::dbi getUserCacheDb(lmdb::txn &txn)
|
||||||
{
|
{
|
||||||
return lmdb::dbi::open(txn, std::string("user_cache").c_str(), MDB_CREATE);
|
return lmdb::dbi::open(txn, "user_cache", MDB_CREATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
lmdb::dbi getDeviceVerifiedDb(lmdb::txn &txn)
|
lmdb::dbi getDeviceVerifiedDb(lmdb::txn &txn)
|
||||||
{
|
{
|
||||||
return lmdb::dbi::open(txn, std::string("verified").c_str(), MDB_CREATE);
|
return lmdb::dbi::open(txn, "verified", MDB_CREATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
//! Retrieves or creates the database that stores the open OLM sessions between our device
|
//! Retrieves or creates the database that stores the open OLM sessions between our device
|
||||||
|
|
|
@ -477,7 +477,7 @@ DeviceVerificationFlow::cancelVerification(DeviceVerificationFlow::Error error_c
|
||||||
} else {
|
} else {
|
||||||
cache::setVerifiedCache(
|
cache::setVerifiedCache(
|
||||||
this->userId.toStdString(),
|
this->userId.toStdString(),
|
||||||
DeviceVerifiedCache{{}, {this->deviceId.toStdString()}});
|
DeviceVerifiedCache{{}, {}, {this->deviceId.toStdString()}});
|
||||||
}
|
}
|
||||||
this->deleteLater();
|
this->deleteLater();
|
||||||
});
|
});
|
||||||
|
@ -564,8 +564,9 @@ DeviceVerificationFlow::acceptDevice()
|
||||||
}
|
}
|
||||||
cache::setVerifiedCache(this->userId.toStdString(), verified_cache.value());
|
cache::setVerifiedCache(this->userId.toStdString(), verified_cache.value());
|
||||||
} else {
|
} else {
|
||||||
cache::setVerifiedCache(this->userId.toStdString(),
|
cache::setVerifiedCache(
|
||||||
DeviceVerifiedCache{{this->deviceId.toStdString()}, {}});
|
this->userId.toStdString(),
|
||||||
|
DeviceVerifiedCache{{this->deviceId.toStdString()}, {}, {}});
|
||||||
}
|
}
|
||||||
|
|
||||||
emit deviceVerified();
|
emit deviceVerified();
|
||||||
|
@ -616,5 +617,4 @@ DeviceVerificationFlow::unverify()
|
||||||
}
|
}
|
||||||
|
|
||||||
emit refreshProfile();
|
emit refreshProfile();
|
||||||
this->deleteLater();
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,8 +77,7 @@ UserProfile::avatarUrl()
|
||||||
void
|
void
|
||||||
UserProfile::callback_fn(const mtx::responses::QueryKeys &res,
|
UserProfile::callback_fn(const mtx::responses::QueryKeys &res,
|
||||||
mtx::http::RequestErr err,
|
mtx::http::RequestErr err,
|
||||||
std::string user_id,
|
std::string user_id)
|
||||||
std::optional<std::vector<std::string>> cross_verified)
|
|
||||||
{
|
{
|
||||||
if (err) {
|
if (err) {
|
||||||
nhlog::net()->warn("failed to query device keys: {},{}",
|
nhlog::net()->warn("failed to query device keys: {},{}",
|
||||||
|
@ -101,16 +100,15 @@ UserProfile::callback_fn(const mtx::responses::QueryKeys &res,
|
||||||
|
|
||||||
// TODO: Verify signatures and ignore those that don't pass.
|
// TODO: Verify signatures and ignore those that don't pass.
|
||||||
verification::Status verified = verification::Status::UNVERIFIED;
|
verification::Status verified = verification::Status::UNVERIFIED;
|
||||||
if (cross_verified.has_value()) {
|
if (device_verified.has_value()) {
|
||||||
if (std::find(cross_verified->begin(), cross_verified->end(), d.first) !=
|
if (std::find(device_verified->cross_verified.begin(),
|
||||||
cross_verified->end())
|
device_verified->cross_verified.end(),
|
||||||
|
d.first) != device_verified->cross_verified.end())
|
||||||
verified = verification::Status::VERIFIED;
|
verified = verification::Status::VERIFIED;
|
||||||
} else if (device_verified.has_value()) {
|
|
||||||
if (std::find(device_verified->device_verified.begin(),
|
if (std::find(device_verified->device_verified.begin(),
|
||||||
device_verified->device_verified.end(),
|
device_verified->device_verified.end(),
|
||||||
d.first) != device_verified->device_verified.end())
|
d.first) != device_verified->device_verified.end())
|
||||||
verified = verification::Status::VERIFIED;
|
verified = verification::Status::VERIFIED;
|
||||||
} else if (device_verified.has_value()) {
|
|
||||||
if (std::find(device_verified->device_blocked.begin(),
|
if (std::find(device_verified->device_blocked.begin(),
|
||||||
device_verified->device_blocked.end(),
|
device_verified->device_blocked.end(),
|
||||||
d.first) != device_verified->device_blocked.end())
|
d.first) != device_verified->device_blocked.end())
|
||||||
|
@ -138,8 +136,7 @@ UserProfile::fetchDeviceList(const QString &userID)
|
||||||
auto user_cache = cache::getUserCache(userID.toStdString());
|
auto user_cache = cache::getUserCache(userID.toStdString());
|
||||||
|
|
||||||
if (user_cache.has_value()) {
|
if (user_cache.has_value()) {
|
||||||
this->callback_fn(
|
this->callback_fn(user_cache->keys, {}, userID.toStdString());
|
||||||
user_cache->keys, {}, userID.toStdString(), user_cache->cross_verified);
|
|
||||||
} else {
|
} else {
|
||||||
mtx::requests::QueryKeys req;
|
mtx::requests::QueryKeys req;
|
||||||
req.device_keys[userID.toStdString()] = {};
|
req.device_keys[userID.toStdString()] = {};
|
||||||
|
@ -147,7 +144,7 @@ UserProfile::fetchDeviceList(const QString &userID)
|
||||||
req,
|
req,
|
||||||
[user_id = userID.toStdString(), this](const mtx::responses::QueryKeys &res,
|
[user_id = userID.toStdString(), this](const mtx::responses::QueryKeys &res,
|
||||||
mtx::http::RequestErr err) {
|
mtx::http::RequestErr err) {
|
||||||
this->callback_fn(res, err, user_id, {});
|
this->callback_fn(res, err, user_id);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -103,6 +103,5 @@ private:
|
||||||
|
|
||||||
void callback_fn(const mtx::responses::QueryKeys &res,
|
void callback_fn(const mtx::responses::QueryKeys &res,
|
||||||
mtx::http::RequestErr err,
|
mtx::http::RequestErr err,
|
||||||
std::string user_id,
|
std::string user_id);
|
||||||
std::optional<std::vector<std::string>> cross_verified);
|
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue