* Add commercial licence and update config files
* Update license in headers
* Revert "Update license in headers"
This reverts commit 7ed7949485.
* Update only spdx id
* Remove LicenseRef- from package.json
LicenseRef- no longer allowed in npm v3 package.json
This fixes the warning in the logs and failing build check.
* Changed call sites from customisations/security to ModuleRunner.extensions
* Updated depenndecy and added tests
* Fixed style and formatting with prettier
* Fix according to Element PR comments
* Fixing issues raised in PR review
* Removed commented code. Improved encapsulation. Removed noisy logging
* Improved language of comment about calling the factory
* Refactor to get better encapsulation
* Find a better name. Provide explicit reset function. Provide more TSDoc
* Simplify mock for cryptoSetup, and add assertion for exception message.
* Remove unused className property. Adjust TSDoc comments
* Fix linting and code style issues
* Added test to ensure we canregister anduse experimental extensions
* Fix linting and code-style issues
* Added test to ensure only on registration of experimental extensions
* Added test toensure call to getDehydratedDeviceCallback()
* Test what happens when there is no implementation
* Iterating cryptoSetup tests
* Lint/prettier fix
* Assert both branches when checking for dehydrationkey callback
* Update src/modules/ModuleRunner.ts
Language and formatting
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Reset by setting a fresh ExtensionsManager
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Use regular comment instead of TSDoc style comment
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update test/MatrixClientPeg-test.ts
No need to extend the base class
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Fix spelling
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Fix spelling
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/modules/ModuleRunner.ts
Fix TSDoc formatting
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Simplify mock setup
* Simplified mock and cleaned up a bit
* Keeping track of extensions is an implementation detail internal to ExtensionsManager. Language and punctuation
* Addressed issues and comments from PR review
* Update src/modules/ModuleRunner.ts
Keep the flags to track implementations as direct properties
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix flattening of implementation map
* Update src/modules/ModuleRunner.ts
Fix whitespace
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* util functions to get static client id
* check static client ids in login flow
* remove dead code
* add trailing slash
* comment error enum
* spacing
* PR tidying
* more comments
* add ValidatedDelegatedAuthConfig type
* Update src/Login.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/Login.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update src/utils/ValidatedServerConfig.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* rename oidc_static_clients to oidc_static_client_ids
* comment
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fully move auth types to js-sdk
The SSO buttons were the only consumer of these types, so let's just move them. They've been in the js-sdk for a while now, and webpack is screaming about missing exports (because they're all interfaces and types, which don't exist after transpiling).
* Fix the other cases too
* Add test case for null identity_providers for SSO
* Fix typing for identity_providers
* Make null idp explicit and handle in analytics
* chore: whitespace fix
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
MSC: https://github.com/matrix-org/matrix-doc/pull/2918
Fixes https://github.com/vector-im/element-web/issues/18698
Fixes https://github.com/vector-im/element-web/issues/20648
**Requires https://github.com/matrix-org/matrix-js-sdk/pull/2178**
**Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date).
----
This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens.
If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again.
This additionally contains a change to fix soft logout not working, per the issue links above.
Of interest may be the IPC approach which was ultimately declined in favour of this change instead: https://github.com/matrix-org/matrix-react-sdk/pull/7803
Turns out a lot of the typescript warnings about improper warnings were correct. TypeScript appears to be pulling in two copies of the js-sdk when we do this, which can lead to type conflicts (or worse: the wrong code entirely). We fix this at the webpack level by explicitly importing from `src`, but some alternative build structures have broken tests because of this - jest ends up pulling in the "wrong" js-sdk, breaking things.
This adds various customisations point in the app for security related
decisions. By default, these do nothing, but would be customised at the
app level via module replacement (so that no changes are needed here in the
SDK).
Fixes https://github.com/vector-im/element-web/issues/15350
