Trust on decrypt

Add support for trust-on-decrypt (API change, recognise flag on isKeyBackupTrusted). Catch rejection on wrong passphrase / recovery key. Fix remembering whether we are restoring with key or passphrase. Requires https://github.com/matrix-org/matrix-js-sdk/pull/836
2024-11-27 11:47:23 +03:00 · 2019-02-07 14:39:47 +00:00 · 2019-02-07 14:39:47 +00:00 · f79b777dd4
commit f79b777dd4
parent b7fd1336de
3 changed files with 38 additions and 31 deletions
--- a/src/components/views/dialogs/keybackup/RestoreKeyBackupDialog.js
+++ b/src/components/views/dialogs/keybackup/RestoreKeyBackupDialog.js
@ -88,7 +88,7 @@ export default React.createClass({
        });
        try {
            const recoverInfo = await MatrixClientPeg.get().restoreKeyBackupWithPassword(
-                this.state.passPhrase, undefined, undefined, this.state.backupInfo.version,
+                this.state.passPhrase, undefined, undefined, this.state.backupInfo,
            );
            this.setState({
                loading: false,
@ -107,11 +107,11 @@ export default React.createClass({
        this.setState({
            loading: true,
            restoreError: null,
-            restoreType: RESTORE_TYPE_PASSPHRASE,
+            restoreType: RESTORE_TYPE_RECOVERYKEY,
        });
        try {
            const recoverInfo = await MatrixClientPeg.get().restoreKeyBackupWithRecoveryKey(
-                this.state.recoveryKey, undefined, undefined, this.state.backupInfo.version,
+                this.state.recoveryKey, undefined, undefined, this.state.backupInfo,
            );
            this.setState({
                loading: false,
@ -185,32 +185,31 @@ export default React.createClass({
            title = _t("Error");
            content = _t("Unable to load backup status");
        } else if (this.state.restoreError) {
-            title = _t("Error");
-            content = _t("Unable to restore backup");
+            if (this.state.restoreError.errcode === MatrixClientPeg.get().RESTORE_BACKUP_ERROR_BAD_KEY) {
+                if (this.state.restoreType === RESTORE_TYPE_RECOVERYKEY) {
+                    title = _t("Recovery Key Mismatch");
+                    content = <div>
+                        <p>{_t(
+                            "Backup could not be decrypted with this key: " +
+                            "please verify that you entered the correct recovery key.",
+                        )}</p>
+                    </div>;
+                } else {
+                    title = _t("Incorrect Recovery Passphrase");
+                    content = <div>
+                        <p>{_t(
+                            "Backup could not be decrypted with this passphrase: " +
+                            "please verify that you entered the correct recovery passphrase.",
+                        )}</p>
+                    </div>;
+                }
+            } else {
+                title = _t("Error");
+                content = _t("Unable to restore backup");
+            }
        } else if (this.state.backupInfo === null) {
            title = _t("Error");
            content = _t("No backup found!");
-        } else if (
-            this.state.recoverInfo &&
-            this.state.recoverInfo.imported === 0 &&
-            this.state.recoverInfo.total > 0
-        ) {
-            title = _t("Error Restoring Backup");
-            if (this.state.restoreType === RESTORE_TYPE_RECOVERYKEY) {
-                content = <div>
-                    <p>{_t(
-                        "Backup could not be decrypted with this key: " +
-                        "please verify that you entered the correct recovery key.",
-                    )}</p>
-                </div>;
-            } else {
-                content = <div>
-                    <p>{_t(
-                        "Backup could not be decrypted with this passphrase: " +
-                        "please verify that you entered the correct recovery passphrase.",
-                    )}</p>
-                </div>;
-            }
        } else if (this.state.recoverInfo) {
            title = _t("Backup Restored");
            let failedToDecrypt;
--- a/src/components/views/settings/KeyBackupPanel.js
+++ b/src/components/views/settings/KeyBackupPanel.js
@ -250,13 +250,19 @@ export default class KeyBackupPanel extends React.PureComponent {
                backupSigStatuses = _t("Backup is not signed by any of your devices");
            }

+            let trustedLocally;
+            if (this.state.backupSigStatus.trusted_locally) {
+                trustedLocally = _t("This backup is trusted because it has been restored on this device");
+            }
+
            return <div>
                {_t("Backup version: ")}{this.state.backupInfo.version}<br />
                {_t("Algorithm: ")}{this.state.backupInfo.algorithm}<br />
                {clientBackupStatus}<br />
                {uploadStatus}
-                <div>{backupSigStatuses}</div><br />
-                <br />
+                <div>{backupSigStatuses}</div>
+                <div>{trustedLocally}</div>
+                <br /><br />
                <AccessibleButton kind="primary" onClick={this._restoreBackup}>
                    { _t("Restore backup") }
                </AccessibleButton>&nbsp;&nbsp;&nbsp;
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@ -385,6 +385,7 @@
    "Backup has an <validity>invalid</validity> signature from <verify>unverified</verify> device <device></device>": "Backup has an <validity>invalid</validity> signature from <verify>unverified</verify> device <device></device>",
    "Verify...": "Verify...",
    "Backup is not signed by any of your devices": "Backup is not signed by any of your devices",
+    "This backup is trusted because it has been restored on this device": "This backup is trusted because it has been restored on this device",
    "Backup version: ": "Backup version: ",
    "Algorithm: ": "Algorithm: ",
    "Restore backup": "Restore backup",
@ -1095,11 +1096,12 @@
    "\"%(RoomName)s\" contains devices that you haven't seen before.": "\"%(RoomName)s\" contains devices that you haven't seen before.",
    "Unknown devices": "Unknown devices",
    "Unable to load backup status": "Unable to load backup status",
+    "Recovery Key Mismatch": "Recovery Key Mismatch",
+    "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.": "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.",
+    "Incorrect Recovery Passphrase": "Incorrect Recovery Passphrase",
+    "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.": "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.",
    "Unable to restore backup": "Unable to restore backup",
    "No backup found!": "No backup found!",
-    "Error Restoring Backup": "Error Restoring Backup",
-    "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.": "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.",
-    "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.": "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.",
    "Backup Restored": "Backup Restored",
    "Failed to decrypt %(failedCount)s sessions!": "Failed to decrypt %(failedCount)s sessions!",
    "Restored %(sessionCount)s session keys": "Restored %(sessionCount)s session keys",