Merge pull request #2709 from AndrewFerr/develop

Identity: Recompute hashes after M_INVALID_PEPPER
This commit is contained in:
Benoit Marty 2021-01-22 17:20:43 +01:00 committed by GitHub
commit 68177a02e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 22 deletions

View file

@ -10,6 +10,7 @@ Improvements 🙌:
Bugfix 🐛: Bugfix 🐛:
- Fix clear cache issue: sometimes, after a clear cache, there is still a token, so the init sync service is not started. - Fix clear cache issue: sometimes, after a clear cache, there is still a token, so the init sync service is not started.
- Sidebar too large in horizontal orientation or tablets (#475) - Sidebar too large in horizontal orientation or tablets (#475)
- When receiving a new pepper from identity server, use it on the next hash lookup (#2708)
- Crashes reported by PlayStore (new in 1.0.14) (#2707) - Crashes reported by PlayStore (new in 1.0.14) (#2707)
Translations 🗣: Translations 🗣:

View file

@ -46,6 +46,17 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
@UserId private val userId: String @UserId private val userId: String
) : IdentityBulkLookupTask { ) : IdentityBulkLookupTask {
private fun getHashedAddresses(threePids: List<ThreePid>, pepper: String): List<String> {
return withOlmUtility { olmUtility ->
threePids.map { threePid ->
base64ToBase64Url(
olmUtility.sha256(threePid.value.toLowerCase(Locale.ROOT)
+ " " + threePid.toMedium() + " " + pepper)
)
}
}
}
override suspend fun execute(params: IdentityBulkLookupTask.Params): List<FoundThreePid> { override suspend fun execute(params: IdentityBulkLookupTask.Params): List<FoundThreePid> {
val identityAPI = getIdentityApiAndEnsureTerms(identityApiProvider, userId) val identityAPI = getIdentityApiAndEnsureTerms(identityApiProvider, userId)
val identityData = identityStore.getIdentityData() ?: throw IdentityServiceError.NoIdentityServerConfigured val identityData = identityStore.getIdentityData() ?: throw IdentityServiceError.NoIdentityServerConfigured
@ -63,33 +74,26 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
throw IdentityServiceError.BulkLookupSha256NotSupported throw IdentityServiceError.BulkLookupSha256NotSupported
} }
val hashedAddresses = withOlmUtility { olmUtility -> val lookupResult = lookUpInternal(identityAPI, params.threePids, hashDetailResponse, true)
params.threePids.map { threePid ->
base64ToBase64Url(
olmUtility.sha256(threePid.value.toLowerCase(Locale.ROOT)
+ " " + threePid.toMedium() + " " + hashDetailResponse.pepper)
)
}
}
val identityLookUpV2Response = lookUpInternal(identityAPI, hashedAddresses, hashDetailResponse, true)
// Convert back to List<FoundThreePid> // Convert back to List<FoundThreePid>
return handleSuccess(params.threePids, hashedAddresses, identityLookUpV2Response) return handleSuccess(params.threePids, lookupResult.first, lookupResult.second)
} }
private suspend fun lookUpInternal(identityAPI: IdentityAPI, private suspend fun lookUpInternal(identityAPI: IdentityAPI,
hashedAddresses: List<String>, threePids: List<ThreePid>,
hashDetailResponse: IdentityHashDetailResponse, hashDetailResponse: IdentityHashDetailResponse,
canRetry: Boolean): IdentityLookUpResponse { canRetry: Boolean): Pair<List<String>, IdentityLookUpResponse> {
val hashedAddresses = getHashedAddresses(threePids, hashDetailResponse.pepper)
return try { return try {
executeRequest(null) { Pair(hashedAddresses,
apiCall = identityAPI.lookup(IdentityLookUpParams( executeRequest(null) {
hashedAddresses, apiCall = identityAPI.lookup(IdentityLookUpParams(
IdentityHashDetailResponse.ALGORITHM_SHA256, hashedAddresses,
hashDetailResponse.pepper IdentityHashDetailResponse.ALGORITHM_SHA256,
)) hashDetailResponse.pepper
} ))
})
} catch (failure: Throwable) { } catch (failure: Throwable) {
// Catch invalid hash pepper and retry // Catch invalid hash pepper and retry
if (canRetry && failure is Failure.ServerError && failure.error.code == MatrixError.M_INVALID_PEPPER) { if (canRetry && failure is Failure.ServerError && failure.error.code == MatrixError.M_INVALID_PEPPER) {
@ -98,7 +102,7 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
// Store it and use it right now // Store it and use it right now
hashDetailResponse.copy(pepper = failure.error.newLookupPepper) hashDetailResponse.copy(pepper = failure.error.newLookupPepper)
.also { identityStore.setHashDetails(it) } .also { identityStore.setHashDetails(it) }
.let { lookUpInternal(identityAPI, hashedAddresses, it, false /* Avoid infinite loop */) } .let { lookUpInternal(identityAPI, threePids, it, false /* Avoid infinite loop */) }
} else { } else {
// Retrieve the new hash details // Retrieve the new hash details
val newHashDetailResponse = fetchAndStoreHashDetails(identityAPI) val newHashDetailResponse = fetchAndStoreHashDetails(identityAPI)
@ -109,7 +113,7 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
throw IdentityServiceError.BulkLookupSha256NotSupported throw IdentityServiceError.BulkLookupSha256NotSupported
} }
lookUpInternal(identityAPI, hashedAddresses, newHashDetailResponse, false /* Avoid infinite loop */) lookUpInternal(identityAPI, threePids, newHashDetailResponse, false /* Avoid infinite loop */)
} }
} else { } else {
// Other error // Other error