Fixes https://github.com/vector-im/riot-web/issues/13562
We only initialize a new key backup if the user requested one. If they've requested new keys but have not asked for keys to be backed up, we simply delete the now-invalid backup.
This also adds some logging to identify in rageshakes when someone resets their cross-signing, and when their key backup is being deleted.
If we already have an account password to use during secret storage setup, then
it's highly likely that the homeserver accepts passwords for device signing key
upload as well. This change then assumes password auth will work without
checking to avoid a request when the server is under high load.
Fixes https://github.com/vector-im/riot-web/issues/13286
If we ask for the key backup key early in creating secret storage to ensure we
trust the backup, then we stash it to ensure it's available to bootstrap as well
without prompting again.
Fixes https://github.com/vector-im/riot-web/issues/12958
This passes the newly created secret storage key down to the bootstrap path for
temporary caching to avoid prompting the user for it again in the later stages
of bootstrapping.
Fixes https://github.com/vector-im/riot-web/issues/12867
This uses the latest backup status we just retrieved by returning from the
lookup path (instead of using it indirectly via state). This is important
because state updates are batched, so we can't rely on the value to be updated
immediately like we were.
Fixes https://github.com/vector-im/riot-web/issues/12562
This shows the account password variation of upgrade encryption first if it's
possible to do so. This ensures we match the logic that locks the next button.
Fixes https://github.com/vector-im/riot-web/issues/12560
This adds a step after login to complete security for your new session. At the
moment, the only verification method is entering your SSSS passphrase, but nicer
paths will be added soon.
This new step only appears when crypto is available and the account has
cross-signing enabled in SSSS.
Fixes https://github.com/vector-im/riot-web/issues/11214
If we trust the key backup at upgrade time then we can sign it so
key backup will work automatically when cross-signing is trusted.
If we don't sign it at this point we'll end up with cross-signing
and key backup set up but key backup untrusted by the cross-signing
key which is a bit of a broken situation.
With https://github.com/matrix-org/matrix-js-sdk/pull/1144 fixes
https://github.com/vector-im/riot-web/issues/11747
