Implement UserVerificationStatus.needsUserApproval

Expose the `identityNeedsUserApproval` flag from the rust crypto crate.

spec/unit/rust-crypto/rust-crypto.spec.ts

@@ -1362,13 +1362,17 @@ describe("RustCrypto", () => {
         });
 
         it("returns a verified UserVerificationStatus when the UserIdentity is verified", async () => {
-            olmMachine.getIdentity.mockResolvedValue({ free: jest.fn(), isVerified: jest.fn().mockReturnValue(true) });
+            olmMachine.getIdentity.mockResolvedValue({
+                free: jest.fn(),
+                isVerified: jest.fn().mockReturnValue(true),
+                wasPreviouslyVerified: jest.fn().mockReturnValue(true),
+            });
 
             const userVerificationStatus = await rustCrypto.getUserVerificationStatus(testData.TEST_USER_ID);
             expect(userVerificationStatus.isVerified()).toBeTruthy();
             expect(userVerificationStatus.isTofu()).toBeFalsy();
             expect(userVerificationStatus.isCrossSigningVerified()).toBeTruthy();
-            expect(userVerificationStatus.wasCrossSigningVerified()).toBeFalsy();
+            expect(userVerificationStatus.wasCrossSigningVerified()).toBeTruthy();
         });
     });
 

src/crypto-api/index.ts

@@ -707,11 +707,29 @@ export interface BootstrapCrossSigningOpts {
  * Represents the ways in which we trust a user
  */
 export class UserVerificationStatus {
+    /**
+     * Indicates if the identity has changed in a way that needs user approval.
+     *
+     * This happens if the identity has changed since we first saw it, *unless* the new identity has also been verified
+     * by our user (eg via an interactive verification).
+     *
+     * To rectify this, either:
+     *
+     *  * Conduct a verification of the new identity via {@link CryptoApi.requestVerificationDM}.
+     *  * Pin the new identity, via {@link CryptoApi.pinCurrentUserIdentity}.
+     *
+     * @returns true if the identity has changed in a way that needs user approval.
+     */
+    public readonly needsUserApproval: boolean;
+
     public constructor(
         private readonly crossSigningVerified: boolean,
         private readonly crossSigningVerifiedBefore: boolean,
         private readonly tofu: boolean,
-    ) {}
+        needsUserApproval: boolean = false,
+    ) {
+        this.needsUserApproval = needsUserApproval;
+    }
 
     /**
      * @returns true if this user is verified via any means
@@ -737,6 +755,8 @@ export class UserVerificationStatus {
 
     /**
      * @returns true if this user's key is trusted on first use
+     *
+     * @deprecated No longer supported, with the Rust crypto stack.
      */
     public isTofu(): boolean {
         return this.tofu;

src/rust-crypto/rust-crypto.ts

@@ -654,9 +654,13 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
         if (userIdentity === undefined) {
             return new UserVerificationStatus(false, false, false);
         }
+
         const verified = userIdentity.isVerified();
+        const wasVerified = userIdentity.wasPreviouslyVerified();
+        const needsUserApproval =
+            userIdentity instanceof RustSdkCryptoJs.UserIdentity ? userIdentity.identityNeedsUserApproval() : false;
         userIdentity.free();
-        return new UserVerificationStatus(verified, false, false);
+        return new UserVerificationStatus(verified, wasVerified, false, needsUserApproval);
     }
 
     /**