Handle cross-signing keys missing locally and/or from secret storage (#31367)

* show correct toast when cross-signing keys missing If cross-signing keys are missing both locally and in 4S, show a new toast saying that identity needs resetting, rather than saying that the device needs to be verified. * refactor: make DeviceListener in charge of device state - move enum from SetupEncryptionToast to DeviceListener - DeviceListener has public method to get device state - DeviceListener emits events to update device state * reset key backup when needed in RecoveryPanelOutOfSync brings RecoveryPanelOutOfSync in line with SetupEncryptionToast behaviour * update strings to agree with designs from Figma * use DeviceListener to determine EncryptionUserSettingsTab display rather than using its own logic * prompt to reset identity in Encryption Settings when needed * fix type * calculate device state even if we aren't going to show a toast * update snapshot * make logs more accurate * add tests * make the bot use a different access token/device * only log in a new session when requested * Mark properties as read-only Co-authored-by: Skye Elliot <actuallyori@gmail.com> * remove some duplicate strings * make accessToken optional instead of using empty string * switch from enum to string union as per review * apply other changes from review * handle errors in accessSecretStorage * remove incorrect testid --------- Co-authored-by: Skye Elliot <actuallyori@gmail.com>
2025-12-19 12:00:50 -05:00
parent ce9c66ba4c
commit ebd5df633e
14 changed files with 668 additions and 343 deletions
--- a/playwright/pages/bot.ts
+++ b/playwright/pages/bot.ts
@@ -16,6 +16,10 @@ import type { Credentials, HomeserverInstance } from "../plugins/homeserver";
 import type { GeneratedSecretStorageKey } from "matrix-js-sdk/src/crypto-api";
 import { bootstrapCrossSigningForClient, Client } from "./client";

+export interface CredentialsOptionalAccessToken extends Omit<Credentials, "accessToken"> {
+    accessToken?: string;
+}
+
 export interface CreateBotOpts {
    /**
     * A prefix to use for the userid. If unspecified, "bot_" will be used.
@@ -58,7 +62,7 @@ const defaultCreateBotOptions = {
 type ExtendedMatrixClient = MatrixClient & { __playwright_recovery_key: GeneratedSecretStorageKey };

 export class Bot extends Client {
-    public credentials?: Credentials;
+    public credentials?: CredentialsOptionalAccessToken;
    private handlePromise: Promise<JSHandle<ExtendedMatrixClient>>;

    constructor(
@@ -70,7 +74,16 @@ export class Bot extends Client {
        this.opts = Object.assign({}, defaultCreateBotOptions, opts);
    }

-    public setCredentials(credentials: Credentials): void {
+    /**
+     * Set the credentials used by the bot.
+     *
+     * If `credentials.accessToken` is unset, then `buildClient` will log in a
+     * new session.  Note that `getCredentials` will return the credentials
+     * passed to this function, rather than the updated credentials from the new
+     * login.  In particular, the `accessToken` and `deviceId` will not be
+     * updated.
+     */
+    public setCredentials(credentials: CredentialsOptionalAccessToken): void {
        if (this.credentials) throw new Error("Bot has already started");
        this.credentials = credentials;
    }
@@ -80,7 +93,7 @@ export class Bot extends Client {
        return client.evaluate((cli) => cli.__playwright_recovery_key);
    }

-    private async getCredentials(): Promise<Credentials> {
+    private async getCredentials(): Promise<CredentialsOptionalAccessToken> {
        if (this.credentials) return this.credentials;
        // We want to pad the uniqueId but not the prefix
        const username =
@@ -161,6 +174,30 @@ export class Bot extends Client {
                    getSecretStorageKey,
                };

+                if (!("accessToken" in credentials)) {
+                    const loginCli = new window.matrixcs.MatrixClient({
+                        baseUrl,
+                        store: new window.matrixcs.MemoryStore(),
+                        scheduler: new window.matrixcs.MatrixScheduler(),
+                        cryptoStore: new window.matrixcs.MemoryCryptoStore(),
+                        cryptoCallbacks,
+                        logger,
+                    });
+
+                    const loginResponse = await loginCli.loginRequest({
+                        type: "m.login.password",
+                        identifier: {
+                            type: "m.id.user",
+                            user: credentials.userId,
+                        },
+                        password: credentials.password,
+                    });
+
+                    credentials.accessToken = loginResponse.access_token;
+                    credentials.userId = loginResponse.user_id;
+                    credentials.deviceId = loginResponse.device_id;
+                }
+
                const cli = new window.matrixcs.MatrixClient({
                    baseUrl,
                    userId: credentials.userId,