Merge pull request #3887 from matrix-org/jryans/user-verif-mismatch

Change user info verification checks to use cross-signing
This commit is contained in:
J. Ryan Stinnett 2020-01-21 13:44:22 +00:00 committed by GitHub
commit 224528afd4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 10 deletions

View file

@ -75,7 +75,7 @@ export default class DeviceListener {
if (device.deviceId == cli.deviceId) continue;
const deviceTrust = await cli.checkDeviceTrust(cli.getUserId(), device.deviceId);
if (deviceTrust.isVerified() || this._dismissed.has(device.deviceId)) {
if (deviceTrust.isCrossSigningVerified() || this._dismissed.has(device.deviceId)) {
ToastStore.sharedInstance().dismissToast(toastKey(device));
} else {
ToastStore.sharedInstance().addOrReplaceToast({

View file

@ -64,10 +64,17 @@ const _getE2EStatus = (cli, userId, devices) => {
const hasUnverifiedDevice = devices.some((device) => device.isUnverified());
return hasUnverifiedDevice ? "warning" : "verified";
}
const isMe = userId === cli.getUserId();
const userVerified = cli.checkUserTrust(userId).isCrossSigningVerified();
const allDevicesVerified = devices.every(device => {
const { deviceId } = device;
return cli.checkDeviceTrust(userId, deviceId).isCrossSigningVerified();
// For your own devices, we use the stricter check of cross-signing
// verification to encourage everyone to trust their own devices via
// cross-signing so that other users can then safely trust you.
// For other people's devices, the more general verified check that
// includes locally verified devices can be used.
const deviceTrust = cli.checkDeviceTrust(userId, deviceId);
return isMe ? deviceTrust.isCrossSigningVerified() : deviceTrust.isVerified();
});
if (allDevicesVerified) {
return userVerified ? "verified" : "normal";
@ -128,19 +135,28 @@ function verifyUser(user) {
function DeviceItem({userId, device}) {
const cli = useContext(MatrixClientContext);
const isMe = userId === cli.getUserId();
const deviceTrust = cli.checkDeviceTrust(userId, device.deviceId);
// For your own devices, we use the stricter check of cross-signing
// verification to encourage everyone to trust their own devices via
// cross-signing so that other users can then safely trust you.
// For other people's devices, the more general verified check that
// includes locally verified devices can be used.
const isVerified = (isMe && SettingsStore.isFeatureEnabled("feature_cross_signing")) ?
deviceTrust.isCrossSigningVerified() :
deviceTrust.isVerified();
const classes = classNames("mx_UserInfo_device", {
mx_UserInfo_device_verified: deviceTrust.isVerified(),
mx_UserInfo_device_unverified: !deviceTrust.isVerified(),
mx_UserInfo_device_verified: isVerified,
mx_UserInfo_device_unverified: !isVerified,
});
const iconClasses = classNames("mx_E2EIcon", {
mx_E2EIcon_verified: deviceTrust.isVerified(),
mx_E2EIcon_warning: !deviceTrust.isVerified(),
mx_E2EIcon_verified: isVerified,
mx_E2EIcon_warning: !isVerified,
});
const onDeviceClick = () => {
if (!deviceTrust.isVerified()) {
if (!isVerified) {
verifyDevice(userId, device);
}
};
@ -148,7 +164,7 @@ function DeviceItem({userId, device}) {
const deviceName = device.ambiguous ?
(device.getDisplayName() ? device.getDisplayName() : "") + " (" + device.deviceId + ")" :
device.getDisplayName();
const trustedLabel = deviceTrust.isVerified() ? _t("Trusted") : _t("Not trusted");
const trustedLabel = isVerified ? _t("Trusted") : _t("Not trusted");
return (<AccessibleButton className={classes} onClick={onDeviceClick}>
<div className={iconClasses} />
<div className="mx_UserInfo_device_name">{deviceName}</div>
@ -169,6 +185,7 @@ function DevicesSection({devices, userId, loading}) {
if (devices === null) {
return _t("Unable to load device list");
}
const isMe = userId === cli.getUserId();
const deviceTrusts = devices.map(d => cli.checkDeviceTrust(userId, d.deviceId));
const unverifiedDevices = [];
@ -177,8 +194,16 @@ function DevicesSection({devices, userId, loading}) {
for (let i = 0; i < devices.length; ++i) {
const device = devices[i];
const deviceTrust = deviceTrusts[i];
// For your own devices, we use the stricter check of cross-signing
// verification to encourage everyone to trust their own devices via
// cross-signing so that other users can then safely trust you.
// For other people's devices, the more general verified check that
// includes locally verified devices can be used.
const isVerified = (isMe && SettingsStore.isFeatureEnabled("feature_cross_signing")) ?
deviceTrust.isCrossSigningVerified() :
deviceTrust.isVerified();
if (deviceTrust.isVerified()) {
if (isVerified) {
verifiedDevices.push(device);
} else {
unverifiedDevices.push(device);
@ -1277,7 +1302,10 @@ const UserInfo = ({user, groupId, roomId, onClose}) => {
text = _t("Messages in this room are end-to-end encrypted.");
}
const userVerified = cli.checkUserTrust(user.userId).isVerified();
const userTrust = cli.checkUserTrust(user.userId);
const userVerified = SettingsStore.isFeatureEnabled("feature_cross_signing") ?
userTrust.isCrossSigningVerified() :
userTrust.isVerified();
const isMe = user.userId === cli.getUserId();
let verifyButton;
if (!userVerified && !isMe) {