From e71ad0e51521f2ae51be1ac23ecf0f465ee291cd Mon Sep 17 00:00:00 2001
From: Valere <valeref@matrix.org>
Date: Tue, 3 Dec 2019 18:24:18 +0100
Subject: [PATCH] Simple strategy to Ignore old verification messages

---
 .../VerificationMessageLiveObserver.kt            | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt b/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt
index 2886d78d8c..6e365ac838 100644
--- a/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt
+++ b/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/verification/VerificationMessageLiveObserver.kt
@@ -69,12 +69,23 @@ internal class VerificationMessageLiveObserver @Inject constructor(@SessionDatab
                 }
                 .toList()
 
+        // TODO use age also, ignore initial sync or back pagination?
+        val now = System.currentTimeMillis()
+        val tooInThePast = now - (10 * 60 * 1000 * 1000)
+        val tooInTheFuture = System.currentTimeMillis() + (5 * 60 * 1000 * 1000)
+
         events.forEach { event ->
             Timber.d("## SAS Verification live observer: received msgId: ${event.eventId}   msgtype: ${event.type} from ${event.senderId}")
             Timber.v("## SAS Verification live observer: received msgId: $event")
 
+            // If the request is in the future by more than 5 minutes or more than 10 minutes in the past,
+            // the message should be ignored by the receiver.
+            val eventOrigin = event.originServerTs ?: -1
+            if (eventOrigin < tooInThePast || eventOrigin > tooInTheFuture) {
+                Timber.d("## SAS Verification live observer: msgId: ${event.eventId} is out of time ^^")
+                return@forEach
+            }
             // decrypt if needed?
-
             if (event.isEncrypted() && event.mxDecryptionResult == null) {
                 // TODO use a global event decryptor? attache to session and that listen to new sessionId?
                 // for now decrypt sync
@@ -102,8 +113,6 @@ internal class VerificationMessageLiveObserver @Inject constructor(@SessionDatab
                 }
                 EventType.MESSAGE               -> {
                     if (MessageType.MSGTYPE_VERIFICATION_REQUEST == event.getClearContent().toModel<MessageContent>()?.type) {
-                        // TODO  If the request is in the future by more than 5 minutes or more than 10 minutes in the past,
-                        // the message should be ignored by the receiver.
                         sasVerificationService.onRoomRequestReceived(event)
                     }
                 }