Key storage out of sync: reset key backup when needed (#31279)
* add function to pause device listener * add function to check if key backup key missing both locally and in 4s * reset backup if backup key missing both locally and in 4s * fixup! add function to check if key backup key missing both locally and in 4s * Drop KEY_STORAGE_OUT_OF_SYNC_STORE in favour of checking cross-signing Check if cross-signing needs resetting, because that seems to be what KEY_STORAGE_OUT_OF_SYNC_STORE is actually trying to do. * add a function for resetting key backup and waiting until it's ready * trigger key storage out of sync toast when missing backup key locally and fetch it when user enters their recovery key * reset backup when needed if user forgets recovery key * rename function as suggested in code review
This commit is contained in:
Hubert Chathi
GitHub
@@ -195,6 +195,7 @@ export function createTestClient(): MatrixClient {
|
||||
content: {},
|
||||
});
|
||||
}),
|
||||
getAccountDataFromServer: jest.fn(),
|
||||
mxcUrlToHttp: jest.fn().mockImplementation((mxc: string) => `http://this.is.a.url/${mxc.substring(6)}`),
|
||||
setAccountData: jest.fn(),
|
||||
deleteAccountData: jest.fn(),
|
||||
|
||||
@@ -126,6 +126,7 @@ describe("DeviceListener", () => {
|
||||
getRooms: jest.fn().mockReturnValue([]),
|
||||
isVersionSupported: jest.fn().mockResolvedValue(true),
|
||||
isInitialSyncComplete: jest.fn().mockReturnValue(true),
|
||||
isKeyBackupKeyStored: jest.fn(),
|
||||
waitForClientWellKnown: jest.fn(),
|
||||
getClientWellKnown: jest.fn(),
|
||||
getDeviceId: jest.fn().mockReturnValue(deviceId),
|
||||
@@ -446,7 +447,7 @@ describe("DeviceListener", () => {
|
||||
await createAndStart();
|
||||
|
||||
expect(SetupEncryptionToast.showToast).toHaveBeenCalledWith(
|
||||
SetupEncryptionToast.Kind.KEY_STORAGE_OUT_OF_SYNC_STORE,
|
||||
SetupEncryptionToast.Kind.KEY_STORAGE_OUT_OF_SYNC,
|
||||
);
|
||||
});
|
||||
});
|
||||
@@ -1217,4 +1218,134 @@ describe("DeviceListener", () => {
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("key storage out of sync", () => {
|
||||
describe("needs backup reset", () => {
|
||||
it("should not need resetting if backup disabled", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockClient.getAccountDataFromServer.mockResolvedValue({
|
||||
disabled: true,
|
||||
});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsBackupReset(false)).toBe(false);
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsBackupReset(true)).toBe(false);
|
||||
});
|
||||
|
||||
it("should not need resetting if backup key is present locally or in 4S, and user has 4S key", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockClient.getAccountDataFromServer.mockResolvedValue({
|
||||
disabled: false,
|
||||
});
|
||||
|
||||
mockCrypto.getSessionBackupPrivateKey.mockResolvedValue(null);
|
||||
mockClient.isKeyBackupKeyStored.mockResolvedValue({});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsBackupReset(false)).toBe(false);
|
||||
|
||||
mockCrypto.getSessionBackupPrivateKey.mockResolvedValue(new Uint8Array());
|
||||
mockClient.isKeyBackupKeyStored.mockResolvedValue(null);
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsBackupReset(false)).toBe(false);
|
||||
});
|
||||
|
||||
it("should not need resetting if backup key is present locally and user forgot 4S key", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockClient.getAccountDataFromServer.mockResolvedValue({
|
||||
disabled: false,
|
||||
});
|
||||
|
||||
mockCrypto.getSessionBackupPrivateKey.mockResolvedValue(new Uint8Array());
|
||||
mockClient.isKeyBackupKeyStored.mockResolvedValue(null);
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsBackupReset(true)).toBe(false);
|
||||
});
|
||||
|
||||
it("should need resetting if backup key is missing locally and user forgot 4S key", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockClient.getAccountDataFromServer.mockResolvedValue({
|
||||
disabled: false,
|
||||
});
|
||||
|
||||
mockCrypto.getSessionBackupPrivateKey.mockResolvedValue(null);
|
||||
mockClient.isKeyBackupKeyStored.mockResolvedValue({});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsBackupReset(true)).toBe(true);
|
||||
});
|
||||
|
||||
it("should need resetting if backup key is missing locally and in 4s", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockClient.getAccountDataFromServer.mockResolvedValue({
|
||||
disabled: false,
|
||||
});
|
||||
|
||||
mockCrypto.getSessionBackupPrivateKey.mockResolvedValue(null);
|
||||
mockClient.isKeyBackupKeyStored.mockResolvedValue(null);
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsBackupReset(false)).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe("needs cross-signing reset", () => {
|
||||
it("should not need resetting if cross-signing keys are present locally or in 4S, and user has 4S key", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockCrypto.getCrossSigningStatus.mockResolvedValue({
|
||||
publicKeysOnDevice: true,
|
||||
privateKeysInSecretStorage: false,
|
||||
privateKeysCachedLocally: {
|
||||
masterKey: true,
|
||||
selfSigningKey: true,
|
||||
userSigningKey: true,
|
||||
},
|
||||
});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsCrossSigningReset(false)).toBe(false);
|
||||
|
||||
mockCrypto.getCrossSigningStatus.mockResolvedValue({
|
||||
publicKeysOnDevice: true,
|
||||
privateKeysInSecretStorage: true,
|
||||
privateKeysCachedLocally: {
|
||||
masterKey: false,
|
||||
selfSigningKey: false,
|
||||
userSigningKey: false,
|
||||
},
|
||||
});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsCrossSigningReset(false)).toBe(false);
|
||||
});
|
||||
|
||||
it("should not need resetting if cross-signing keys are present locally and user forgot 4S key", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockCrypto.getCrossSigningStatus.mockResolvedValue({
|
||||
publicKeysOnDevice: true,
|
||||
privateKeysInSecretStorage: false,
|
||||
privateKeysCachedLocally: {
|
||||
masterKey: true,
|
||||
selfSigningKey: true,
|
||||
userSigningKey: true,
|
||||
},
|
||||
});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsCrossSigningReset(true)).toBe(false);
|
||||
});
|
||||
|
||||
it("should need resetting if cross-signing keys are missing locally and user forgot 4S key", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockCrypto.getCrossSigningStatus.mockResolvedValue({
|
||||
publicKeysOnDevice: true,
|
||||
privateKeysInSecretStorage: true,
|
||||
privateKeysCachedLocally: {
|
||||
masterKey: false,
|
||||
selfSigningKey: false,
|
||||
userSigningKey: false,
|
||||
},
|
||||
});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsCrossSigningReset(true)).toBe(true);
|
||||
});
|
||||
|
||||
it("should need resetting if cross-signing keys are missing locally and in 4S key", async () => {
|
||||
const deviceListener = await createAndStart();
|
||||
mockCrypto.getCrossSigningStatus.mockResolvedValue({
|
||||
publicKeysOnDevice: true,
|
||||
privateKeysInSecretStorage: false,
|
||||
privateKeysCachedLocally: {
|
||||
masterKey: false,
|
||||
selfSigningKey: false,
|
||||
userSigningKey: false,
|
||||
},
|
||||
});
|
||||
expect(await deviceListener.keyStorageOutOfSyncNeedsCrossSigningReset(false)).toBe(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -16,6 +16,7 @@ import { createTestClient, withClientContextRenderOptions } from "../../../../..
|
||||
import { copyPlaintext } from "../../../../../../src/utils/strings";
|
||||
import Modal from "../../../../../../src/Modal";
|
||||
import ErrorDialog from "../../../../../../src/components/views/dialogs/ErrorDialog";
|
||||
import DeviceListener from "../../../../../../src/DeviceListener";
|
||||
|
||||
jest.mock("../../../../../../src/utils/strings", () => ({
|
||||
copyPlaintext: jest.fn(),
|
||||
@@ -82,6 +83,8 @@ describe("<ChangeRecoveryKey />", () => {
|
||||
});
|
||||
|
||||
it("should ask the user to enter the recovery key", async () => {
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsBackupReset").mockResolvedValue(false);
|
||||
|
||||
const user = userEvent.setup();
|
||||
|
||||
const onFinish = jest.fn();
|
||||
@@ -117,6 +120,56 @@ describe("<ChangeRecoveryKey />", () => {
|
||||
expect(onFinish).toHaveBeenCalledWith();
|
||||
});
|
||||
|
||||
it("should reset key backup if needed", async () => {
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsBackupReset").mockResolvedValue(true);
|
||||
|
||||
const user = userEvent.setup();
|
||||
|
||||
const onFinish = jest.fn();
|
||||
renderComponent(false, onFinish);
|
||||
// Display the recovery key to save
|
||||
await waitFor(() => user.click(screen.getByRole("button", { name: "Continue" })));
|
||||
// Display the form to confirm the recovery key
|
||||
await waitFor(() => user.click(screen.getByRole("button", { name: "Continue" })));
|
||||
|
||||
await waitFor(() => expect(screen.getByText("Enter your recovery key to confirm")).toBeInTheDocument());
|
||||
|
||||
const finishButton = screen.getByRole("button", { name: "Finish set up" });
|
||||
|
||||
const input = screen.getByTitle("Enter recovery key");
|
||||
|
||||
// If the user enters the correct recovery key, the finish button should be enabled
|
||||
await userEvent.type(input, "encoded private key");
|
||||
|
||||
await user.click(finishButton);
|
||||
expect(matrixClient.getCrypto()!.resetKeyBackup).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("should not reset key backup if not needed", async () => {
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsBackupReset").mockResolvedValue(false);
|
||||
|
||||
const user = userEvent.setup();
|
||||
|
||||
const onFinish = jest.fn();
|
||||
renderComponent(false, onFinish);
|
||||
// Display the recovery key to save
|
||||
await waitFor(() => user.click(screen.getByRole("button", { name: "Continue" })));
|
||||
// Display the form to confirm the recovery key
|
||||
await waitFor(() => user.click(screen.getByRole("button", { name: "Continue" })));
|
||||
|
||||
await waitFor(() => expect(screen.getByText("Enter your recovery key to confirm")).toBeInTheDocument());
|
||||
|
||||
const finishButton = screen.getByRole("button", { name: "Finish set up" });
|
||||
|
||||
const input = screen.getByTitle("Enter recovery key");
|
||||
|
||||
// If the user enters the correct recovery key, the finish button should be enabled
|
||||
await userEvent.type(input, "encoded private key");
|
||||
|
||||
await user.click(finishButton);
|
||||
expect(matrixClient.getCrypto()!.resetKeyBackup).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("should display errors from bootstrapSecretStorage", async () => {
|
||||
const consoleErrorSpy = jest.spyOn(console, "error").mockReturnValue(undefined);
|
||||
mocked(matrixClient.getCrypto()!).bootstrapSecretStorage.mockRejectedValue(new Error("can't bootstrap"));
|
||||
@@ -156,6 +209,8 @@ describe("<ChangeRecoveryKey />", () => {
|
||||
});
|
||||
|
||||
it("should disallow repeated attempts to change the recovery key", async () => {
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsBackupReset").mockResolvedValue(false);
|
||||
|
||||
const mockFn = mocked(matrixClient.getCrypto()!).bootstrapSecretStorage.mockImplementation(() => {
|
||||
// Pretend to do some work.
|
||||
return new Promise((r) => setTimeout(r, 200));
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
/*
|
||||
Copyright 2025 Element Creations Ltd.
|
||||
Copyright 2024 New Vector Ltd.
|
||||
|
||||
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
|
||||
@@ -7,7 +8,10 @@ Please see LICENSE files in the repository root for full details.
|
||||
|
||||
import React from "react";
|
||||
import { act, render, screen } from "jest-matrix-react";
|
||||
import { mocked, type Mocked } from "jest-mock";
|
||||
import userEvent from "@testing-library/user-event";
|
||||
import { type MatrixClient } from "matrix-js-sdk/src/matrix";
|
||||
import { type CryptoApi } from "matrix-js-sdk/src/crypto-api";
|
||||
|
||||
import * as SecurityManager from "../../../src/SecurityManager";
|
||||
import ToastContainer from "../../../src/components/structures/ToastContainer";
|
||||
@@ -16,6 +20,7 @@ import dis from "../../../src/dispatcher/dispatcher";
|
||||
import DeviceListener from "../../../src/DeviceListener";
|
||||
import Modal from "../../../src/Modal";
|
||||
import ConfirmKeyStorageOffDialog from "../../../src/components/views/dialogs/ConfirmKeyStorageOffDialog";
|
||||
import { stubClient } from "../../test-utils";
|
||||
|
||||
jest.mock("../../../src/dispatcher/dispatcher", () => ({
|
||||
dispatch: jest.fn(),
|
||||
@@ -50,16 +55,71 @@ describe("SetupEncryptionToast", () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe("Key storage out of sync (retrieve secrets)", () => {
|
||||
describe("Key storage out of sync", () => {
|
||||
let client: Mocked<MatrixClient>;
|
||||
|
||||
beforeEach(() => {
|
||||
client = mocked(stubClient());
|
||||
mocked(client.getCrypto).mockReturnValue({
|
||||
getSessionBackupPrivateKey: jest.fn().mockResolvedValue(null),
|
||||
resetKeyBackup: jest.fn(),
|
||||
checkKeyBackupAndEnable: jest.fn(),
|
||||
loadSessionBackupPrivateKeyFromSecretStorage: jest.fn(),
|
||||
} as unknown as CryptoApi);
|
||||
});
|
||||
|
||||
it("should render the toast", async () => {
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC));
|
||||
|
||||
await expect(screen.findByText("Your key storage is out of sync.")).resolves.toBeInTheDocument();
|
||||
});
|
||||
|
||||
it("should open settings to the reset flow when 'forgot recovery key' clicked", async () => {
|
||||
it("should reset key backup if needed", async () => {
|
||||
showToast(Kind.KEY_STORAGE_OUT_OF_SYNC);
|
||||
|
||||
jest.spyOn(SecurityManager, "accessSecretStorage").mockImplementation(
|
||||
async (func = async (): Promise<void> => {}) => {
|
||||
return await func();
|
||||
},
|
||||
);
|
||||
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsBackupReset").mockResolvedValue(true);
|
||||
|
||||
const user = userEvent.setup();
|
||||
await user.click(await screen.findByText("Enter recovery key"));
|
||||
|
||||
expect(client.getCrypto()!.resetKeyBackup).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("should not reset key backup if not needed", async () => {
|
||||
showToast(Kind.KEY_STORAGE_OUT_OF_SYNC);
|
||||
|
||||
jest.spyOn(SecurityManager, "accessSecretStorage").mockImplementation(
|
||||
async (func = async (): Promise<void> => {}) => {
|
||||
return await func();
|
||||
},
|
||||
);
|
||||
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsBackupReset").mockResolvedValue(false);
|
||||
// if the backup key is stored in 4S
|
||||
client.isKeyBackupKeyStored.mockResolvedValue({});
|
||||
|
||||
const user = userEvent.setup();
|
||||
await user.click(await screen.findByText("Enter recovery key"));
|
||||
|
||||
// we shouldn't have reset the key backup, but should have fetched
|
||||
// the key from 4S
|
||||
expect(client.getCrypto()!.resetKeyBackup).not.toHaveBeenCalled();
|
||||
expect(client.getCrypto()!.loadSessionBackupPrivateKeyFromSecretStorage).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("should open settings to the reset flow when 'forgot recovery key' clicked and identity reset needed", async () => {
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC));
|
||||
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsCrossSigningReset").mockResolvedValue(
|
||||
true,
|
||||
);
|
||||
|
||||
const user = userEvent.setup();
|
||||
await user.click(await screen.findByText("Forgot recovery key?"));
|
||||
|
||||
@@ -70,11 +130,32 @@ describe("SetupEncryptionToast", () => {
|
||||
});
|
||||
});
|
||||
|
||||
it("should open settings to the reset flow when recovering fails", async () => {
|
||||
it("should open settings to the change recovery key flow when 'forgot recovery key' clicked and identity reset not needed", async () => {
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC));
|
||||
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsCrossSigningReset").mockResolvedValue(
|
||||
false,
|
||||
);
|
||||
|
||||
const user = userEvent.setup();
|
||||
await user.click(await screen.findByText("Forgot recovery key?"));
|
||||
|
||||
expect(dis.dispatch).toHaveBeenCalledWith({
|
||||
action: "view_user_settings",
|
||||
initialTabId: "USER_ENCRYPTION_TAB",
|
||||
props: { initialEncryptionState: "change_recovery_key" },
|
||||
});
|
||||
});
|
||||
|
||||
it("should open settings to the reset flow when recovering fails and identity reset needed", async () => {
|
||||
jest.spyOn(SecurityManager, "accessSecretStorage").mockImplementation(async () => {
|
||||
throw new Error("Something went wrong while recovering!");
|
||||
});
|
||||
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsCrossSigningReset").mockResolvedValue(
|
||||
true,
|
||||
);
|
||||
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC));
|
||||
|
||||
const user = userEvent.setup();
|
||||
@@ -86,34 +167,17 @@ describe("SetupEncryptionToast", () => {
|
||||
props: { initialEncryptionState: "reset_identity_sync_failed" },
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("Key storage out of sync (secrets are missing from 4S)", () => {
|
||||
it("should render the toast", async () => {
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC_STORE));
|
||||
|
||||
await expect(screen.findByText("Your key storage is out of sync.")).resolves.toBeInTheDocument();
|
||||
});
|
||||
|
||||
it("should open settings to the reset flow when 'forgot recovery key' clicked", async () => {
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC_STORE));
|
||||
|
||||
const user = userEvent.setup();
|
||||
await user.click(await screen.findByText("Forgot recovery key?"));
|
||||
|
||||
expect(dis.dispatch).toHaveBeenCalledWith({
|
||||
action: "view_user_settings",
|
||||
initialTabId: "USER_ENCRYPTION_TAB",
|
||||
props: { initialEncryptionState: "reset_identity_forgot" },
|
||||
});
|
||||
});
|
||||
|
||||
it("should open settings to the reset flow when recovering fails", async () => {
|
||||
it("should open settings to the change recovery key flow when recovering fails and identity reset not needed", async () => {
|
||||
jest.spyOn(SecurityManager, "accessSecretStorage").mockImplementation(async () => {
|
||||
throw new Error("Something went wrong while recovering!");
|
||||
});
|
||||
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC_STORE));
|
||||
jest.spyOn(DeviceListener.sharedInstance(), "keyStorageOutOfSyncNeedsCrossSigningReset").mockResolvedValue(
|
||||
false,
|
||||
);
|
||||
|
||||
act(() => showToast(Kind.KEY_STORAGE_OUT_OF_SYNC));
|
||||
|
||||
const user = userEvent.setup();
|
||||
await user.click(await screen.findByText("Enter recovery key"));
|
||||
|
||||
Reference in New Issue
Block a user