Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Add support for device dehydration v2 #12316

Merged
merged 22 commits into from
Apr 15, 2024
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
114 changes: 114 additions & 0 deletions playwright/e2e/crypto/dehydration.spec.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
/*
Copyright 2024 The Matrix.org Foundation C.I.C.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

import { Locator, type Page } from "@playwright/test";

import { test as base, expect } from "../../element-web-test";
import { viewRoomSummaryByName } from "../right-panel/utils";
import { isDendrite } from "../../plugins/homeserver/dendrite";

const test = base.extend({
// eslint-disable-next-line no-empty-pattern
startHomeserverOpts: async ({}, use) => {
await use("dehydration");
},
config: async ({ homeserver, context }, use) => {
const wellKnown = {
"m.homeserver": {
base_url: homeserver.config.baseUrl,
},
"org.matrix.msc3814": true,
};

await context.route("https://localhost/.well-known/matrix/client", async (route) => {
await route.fulfill({ json: wellKnown });
});

await use({
default_server_config: wellKnown,
});
},
});

const ROOM_NAME = "Test room";
const NAME = "Alice";

function getMemberTileByName(page: Page, name: string): Locator {
return page.locator(`.mx_EntityTile, [title="${name}"]`);
}

test.describe("Dehydration", () => {
test.skip(isDendrite, "does not yet support dehydration v2");

test.use({
displayName: NAME,
});

test("Create dehydrated device", async ({ page, user, app }, workerInfo) => {
test.skip(workerInfo.project.name === "Legacy Crypto", "This test only works with Rust crypto.");

// Create a backup (which will create SSSS, and dehydrated device)

const securityTab = await app.settings.openUserSettings("Security & Privacy");

await expect(securityTab.getByRole("heading", { name: "Secure Backup" })).toBeVisible();
await expect(securityTab.getByText("Offline device enabled")).not.toBeVisible();
await securityTab.getByRole("button", { name: "Set up", exact: true }).click();

const currentDialogLocator = page.locator(".mx_Dialog");

// It's the first time and secure storage is not set up, so it will create one
await expect(currentDialogLocator.getByRole("heading", { name: "Set up Secure Backup" })).toBeVisible();
await currentDialogLocator.getByRole("button", { name: "Continue", exact: true }).click();
await expect(currentDialogLocator.getByRole("heading", { name: "Save your Security Key" })).toBeVisible();
await currentDialogLocator.getByRole("button", { name: "Copy", exact: true }).click();
await currentDialogLocator.getByRole("button", { name: "Continue", exact: true }).click();

await expect(currentDialogLocator.getByRole("heading", { name: "Secure Backup successful" })).toBeVisible();
await currentDialogLocator.getByRole("button", { name: "Done", exact: true }).click();

// Open the settings again
await app.settings.openUserSettings("Security & Privacy");

// The Security tab should indicate that there is a dehydrated device present
await expect(securityTab.getByText("Offline device enabled")).toBeVisible();

await app.settings.closeDialog();

// the dehydrated device gets created with the name "Dehydrated
// device". We want to make sure that it is not visible as a normal
// device.
const sessionsTab = await app.settings.openUserSettings("Sessions");
await expect(sessionsTab.getByText("Dehydrated device")).not.toBeVisible();

await app.settings.closeDialog();

// now check that the user info right-panel shows the dehydrated device
// as a feature rather than as a normal device
await app.client.createRoom({ name: ROOM_NAME });

await viewRoomSummaryByName(page, app, ROOM_NAME);

await page.getByRole("menuitem", { name: "People" }).click();
await expect(page.locator(".mx_MemberList")).toBeVisible();

await getMemberTileByName(page, NAME).click();
await page.locator(".mx_UserInfo_devices .mx_UserInfo_expand").click();

await expect(page.locator(".mx_UserInfo_devices").getByText("Offline device enabled")).toBeVisible();
await expect(page.locator(".mx_UserInfo_devices").getByText("Dehydrated device")).not.toBeVisible();
});
});
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
A synapse configured with device dehydration v2 enabled
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
server_name: "localhost"
pid_file: /data/homeserver.pid
public_baseurl: "{{PUBLIC_BASEURL}}"
listeners:
- port: 8008
tls: false
bind_addresses: ["::"]
type: http
x_forwarded: true

resources:
- names: [client]
compress: false

database:
name: "sqlite3"
args:
database: ":memory:"

log_config: "/data/log.config"

rc_messages_per_second: 10000
rc_message_burst_count: 10000
rc_registration:
per_second: 10000
burst_count: 10000
rc_joins:
local:
per_second: 9999
burst_count: 9999
remote:
per_second: 9999
burst_count: 9999
rc_joins_per_room:
per_second: 9999
burst_count: 9999
rc_3pid_validation:
per_second: 1000
burst_count: 1000

rc_invites:
per_room:
per_second: 1000
burst_count: 1000
per_user:
per_second: 1000
burst_count: 1000

rc_login:
address:
per_second: 10000
burst_count: 10000
account:
per_second: 10000
burst_count: 10000
failed_attempts:
per_second: 10000
burst_count: 10000

media_store_path: "/data/media_store"
uploads_path: "/data/uploads"
enable_registration: true
enable_registration_without_verification: true
disable_msisdn_registration: false
registration_shared_secret: "{{REGISTRATION_SECRET}}"
report_stats: false
macaroon_secret_key: "{{MACAROON_SECRET_KEY}}"
form_secret: "{{FORM_SECRET}}"
signing_key_path: "/data/localhost.signing.key"

trusted_key_servers:
- server_name: "matrix.org"
suppress_key_server_warning: true

ui_auth:
session_timeout: "300s"

oidc_providers:
- idp_id: test
idp_name: "OAuth test"
issuer: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth"
authorization_endpoint: "http://localhost:{{OAUTH_SERVER_PORT}}/oauth/auth.html"
# the token endpoint receives requests from synapse, rather than the webapp, so needs to escape the docker container.
token_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/token"
userinfo_endpoint: "http://host.containers.internal:{{OAUTH_SERVER_PORT}}/oauth/userinfo"
client_id: "synapse"
discover: false
scopes: ["profile"]
skip_verification: true
client_auth_method: none
user_mapping_provider:
config:
display_name_template: "{{ user.name }}"

# Inhibit background updates as this Synapse isn't long-lived
background_updates:
min_batch_size: 100000
sleep_duration_ms: 100000

experimental_features:
msc2697_enabled: false
msc3814_enabled: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# Synapse also supports structured logging for machine readable logs which can
# be ingested by ELK stacks. See [2] for details.
#
# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
# [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html

version: 1

formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'

handlers:
# A handler that writes logs to stderr. Unused by default, but can be used
# instead of "buffer" and "file" in the logger handlers.
console:
class: logging.StreamHandler
formatter: precise

loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: DEBUG

twisted:
# We send the twisted logging directly to the file handler,
# to work around https://github.com/matrix-org/synapse/issues/3471
# when using "buffer" logger. Use "console" to log to stderr instead.
handlers: [console]
propagate: false

root:
level: DEBUG

# Write logs to the `buffer` handler, which will buffer them together in memory,
# then write them to a file.
#
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
# also need to update the configuration for the `twisted` logger above, in
# this case.)
#
handlers: [console]

disable_existing_loggers: false
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ import InteractiveAuthDialog from "../../../../components/views/dialogs/Interact
import { IValidationResult } from "../../../../components/views/elements/Validation";
import { Icon as CheckmarkIcon } from "../../../../../res/img/element-icons/check.svg";
import PassphraseConfirmField from "../../../../components/views/auth/PassphraseConfirmField";
import { initializeDehydration } from "../../../../utils/device/dehydration";

// I made a mistake while converting this and it has to be fixed!
enum Phase {
Expand Down Expand Up @@ -397,6 +398,7 @@ export default class CreateSecretStorageDialog extends React.PureComponent<IProp
},
});
}
initializeDehydration(true);
richvdh marked this conversation as resolved.
Show resolved Hide resolved

this.setState({
phase: Phase.Stored,
Expand Down
23 changes: 22 additions & 1 deletion src/components/views/right_panel/UserInfo.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,15 @@ function DevicesSection({
let expandHideCaption;
let expandIconClasses = "mx_E2EIcon";

const dehydratedDeviceIds: string[] = [];
for (const device of devices) {
if (device.dehydrated) {
dehydratedDeviceIds.push(device.deviceId);
}
}
const dehydratedDeviceId: string | undefined = dehydratedDeviceIds.length == 1 ? dehydratedDeviceIds[0] : undefined;
richvdh marked this conversation as resolved.
Show resolved Hide resolved
let dehydratedDeviceInExpandSection = false;

if (isUserVerified) {
for (let i = 0; i < devices.length; ++i) {
const device = devices[i];
Expand All @@ -302,7 +311,13 @@ function DevicesSection({
const isVerified = deviceTrust && (isMe ? deviceTrust.crossSigningVerified : deviceTrust.isVerified());

if (isVerified) {
expandSectionDevices.push(device);
// don't show dehydrated device as a normal device, if it's
// verified
if (device.deviceId === dehydratedDeviceId) {
dehydratedDeviceInExpandSection = true;
} else {
expandSectionDevices.push(device);
}
} else {
unverifiedDevices.push(device);
}
Expand All @@ -311,6 +326,9 @@ function DevicesSection({
expandHideCaption = _t("user_info|hide_verified_sessions");
expandIconClasses += " mx_E2EIcon_verified";
} else {
if (dehydratedDeviceId) {
devices = devices.filter((device) => device.deviceId !== dehydratedDeviceId);
}
expandSectionDevices = devices;
expandCountCaption = _t("user_info|count_of_sessions", { count: devices.length });
expandHideCaption = _t("user_info|hide_sessions");
Expand Down Expand Up @@ -347,6 +365,9 @@ function DevicesSection({
);
}),
);
if (dehydratedDeviceInExpandSection) {
deviceList.push(<div>{_t("user_info|dehydrated_device_enabled")}</div>);
}
}

return (
Expand Down
14 changes: 14 additions & 0 deletions src/components/views/settings/devices/useOwnDevices.ts
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@
}
export type DevicesState = {
devices: DevicesDictionary;
dehydratedDeviceId?: string;
pushers: IPusher[];
localNotificationSettings: Map<string, LocalNotificationSettings>;
currentDeviceId: string;
Expand All @@ -91,12 +92,13 @@
};
export const useOwnDevices = (): DevicesState => {
const sdkContext = useContext(SDKContext);
const matrixClient = sdkContext.client!;

Check warning on line 95 in src/components/views/settings/devices/useOwnDevices.ts

View workflow job for this annotation

GitHub Actions / Jest (2)

RETRY 1: <SecurityUserSettingsTab /> › renders security section

TypeError: Cannot read properties of null (reading 'client') at client (src/components/views/settings/devices/useOwnDevices.ts:95:37) at DehydratedDeviceStatus (src/components/views/settings/tabs/user/SecurityUserSettingsTab.tsx:54:49) at renderWithHooks (node_modules/react-dom/cjs/react-dom.development.js:14985:18) at mountIndeterminateComponent (node_modules/react-dom/cjs/react-dom.development.js:17811:13) at beginWork (node_modules/react-dom/cjs/react-dom.development.js:19049:16) at HTMLUnknownElement.callCallback (node_modules/react-dom/cjs/react-dom.development.js:3945:14) at HTMLUnknownElement.callTheUserObjectsOperation (node_modules/jsdom/lib/jsdom/living/generated/EventListener.js:26:30) at innerInvokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:350:25) at invokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:286:3) at HTMLUnknownElementImpl._dispatch (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:233:9) at HTMLUnknownElementImpl.dispatchEvent (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:104:17) at HTMLUnknownElement.dispatchEvent (node_modules/jsdom/lib/jsdom/living/generated/EventTarget.js:241:34) at Object.invokeGuardedCallbackDev (node_modules/react-dom/cjs/react-dom.development.js:3994:16) at invokeGuardedCallback (node_modules/react-dom/cjs/react-dom.development.js:4056:31) at beginWork$1 (node_modules/react-dom/cjs/react-dom.development.js:23964:7) at performUnitOfWork (node_modules/react-dom/cjs/react-dom.development.js:22779:12) at workLoopSync (node_modules/react-dom/cjs/react-dom.development.js:22707:5) at renderRootSync (node_modules/react-dom/cjs/react-dom.development.js:22670:7) at performSyncWorkOnRoot (node_modules/react-dom/cjs/react-dom.development.js:22293:18) at scheduleUpdateOnFiber (node_modules/react-dom/cjs/react-dom.development.js:21881:7) at updateContainer (node_modules/react-dom/cjs/react-dom.development.js:25482:3) at node_modules/react-dom/cjs/react-dom.development.js:26021:7 at unbatchedUpdates (node_modules/react-dom/cjs/react-dom.development.js:22431:12) at legacyRenderSubtreeIntoContainer (node_modules/react-dom/cjs/react-dom.development.js:26020:5) at Object.render (node_modules/react-dom/cjs/react-dom.development.js:26103:10) at node_modules/@testing-library/react/dist/pure.js:101:25 at batchedUpdates$1 (node_modules/react-dom/cjs/react-dom.development.js:22380:12) at act (node_modules/react-dom/cjs/react-dom-test-utils.development.js:1042:14) at render (node_modules/@testing-library/react/dist/pure.js:97:26) at Object.<anonymous> (test/components/views/settings/tabs/user/SecurityUserSettingsTab-test.tsx:59:37)

Check warning on line 95 in src/components/views/settings/devices/useOwnDevices.ts

View workflow job for this annotation

GitHub Actions / Jest (2)

RETRY 2: <SecurityUserSettingsTab /> › renders security section

TypeError: Cannot read properties of null (reading 'client') at client (src/components/views/settings/devices/useOwnDevices.ts:95:37) at DehydratedDeviceStatus (src/components/views/settings/tabs/user/SecurityUserSettingsTab.tsx:54:49) at renderWithHooks (node_modules/react-dom/cjs/react-dom.development.js:14985:18) at mountIndeterminateComponent (node_modules/react-dom/cjs/react-dom.development.js:17811:13) at beginWork (node_modules/react-dom/cjs/react-dom.development.js:19049:16) at HTMLUnknownElement.callCallback (node_modules/react-dom/cjs/react-dom.development.js:3945:14) at HTMLUnknownElement.callTheUserObjectsOperation (node_modules/jsdom/lib/jsdom/living/generated/EventListener.js:26:30) at innerInvokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:350:25) at invokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:286:3) at HTMLUnknownElementImpl._dispatch (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:233:9) at HTMLUnknownElementImpl.dispatchEvent (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:104:17) at HTMLUnknownElement.dispatchEvent (node_modules/jsdom/lib/jsdom/living/generated/EventTarget.js:241:34) at Object.invokeGuardedCallbackDev (node_modules/react-dom/cjs/react-dom.development.js:3994:16) at invokeGuardedCallback (node_modules/react-dom/cjs/react-dom.development.js:4056:31) at beginWork$1 (node_modules/react-dom/cjs/react-dom.development.js:23964:7) at performUnitOfWork (node_modules/react-dom/cjs/react-dom.development.js:22779:12) at workLoopSync (node_modules/react-dom/cjs/react-dom.development.js:22707:5) at renderRootSync (node_modules/react-dom/cjs/react-dom.development.js:22670:7) at performSyncWorkOnRoot (node_modules/react-dom/cjs/react-dom.development.js:22293:18) at scheduleUpdateOnFiber (node_modules/react-dom/cjs/react-dom.development.js:21881:7) at updateContainer (node_modules/react-dom/cjs/react-dom.development.js:25482:3) at node_modules/react-dom/cjs/react-dom.development.js:26021:7 at unbatchedUpdates (node_modules/react-dom/cjs/react-dom.development.js:22431:12) at legacyRenderSubtreeIntoContainer (node_modules/react-dom/cjs/react-dom.development.js:26020:5) at Object.render (node_modules/react-dom/cjs/react-dom.development.js:26103:10) at node_modules/@testing-library/react/dist/pure.js:101:25 at batchedUpdates$1 (node_modules/react-dom/cjs/react-dom.development.js:22380:12) at act (node_modules/react-dom/cjs/react-dom-test-utils.development.js:1042:14) at render (node_modules/@testing-library/react/dist/pure.js:97:26) at Object.<anonymous> (test/components/views/settings/tabs/user/SecurityUserSettingsTab-test.tsx:59:37)

Check failure on line 95 in src/components/views/settings/devices/useOwnDevices.ts

View workflow job for this annotation

GitHub Actions / Jest (2)

<SecurityUserSettingsTab /> › renders security section

TypeError: Cannot read properties of null (reading 'client') at client (src/components/views/settings/devices/useOwnDevices.ts:95:37) at DehydratedDeviceStatus (src/components/views/settings/tabs/user/SecurityUserSettingsTab.tsx:54:49) at renderWithHooks (node_modules/react-dom/cjs/react-dom.development.js:14985:18) at mountIndeterminateComponent (node_modules/react-dom/cjs/react-dom.development.js:17811:13) at beginWork (node_modules/react-dom/cjs/react-dom.development.js:19049:16) at HTMLUnknownElement.callCallback (node_modules/react-dom/cjs/react-dom.development.js:3945:14) at HTMLUnknownElement.callTheUserObjectsOperation (node_modules/jsdom/lib/jsdom/living/generated/EventListener.js:26:30) at innerInvokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:350:25) at invokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:286:3) at HTMLUnknownElementImpl._dispatch (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:233:9) at HTMLUnknownElementImpl.dispatchEvent (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:104:17) at HTMLUnknownElement.dispatchEvent (node_modules/jsdom/lib/jsdom/living/generated/EventTarget.js:241:34) at Object.invokeGuardedCallbackDev (node_modules/react-dom/cjs/react-dom.development.js:3994:16) at invokeGuardedCallback (node_modules/react-dom/cjs/react-dom.development.js:4056:31) at beginWork$1 (node_modules/react-dom/cjs/react-dom.development.js:23964:7) at performUnitOfWork (node_modules/react-dom/cjs/react-dom.development.js:22779:12) at workLoopSync (node_modules/react-dom/cjs/react-dom.development.js:22707:5) at renderRootSync (node_modules/react-dom/cjs/react-dom.development.js:22670:7) at performSyncWorkOnRoot (node_modules/react-dom/cjs/react-dom.development.js:22293:18) at scheduleUpdateOnFiber (node_modules/react-dom/cjs/react-dom.development.js:21881:7) at updateContainer (node_modules/react-dom/cjs/react-dom.development.js:25482:3) at node_modules/react-dom/cjs/react-dom.development.js:26021:7 at unbatchedUpdates (node_modules/react-dom/cjs/react-dom.development.js:22431:12) at legacyRenderSubtreeIntoContainer (node_modules/react-dom/cjs/react-dom.development.js:26020:5) at Object.render (node_modules/react-dom/cjs/react-dom.development.js:26103:10) at node_modules/@testing-library/react/dist/pure.js:101:25 at batchedUpdates$1 (node_modules/react-dom/cjs/react-dom.development.js:22380:12) at act (node_modules/react-dom/cjs/react-dom-test-utils.development.js:1042:14) at render (node_modules/@testing-library/react/dist/pure.js:97:26) at Object.<anonymous> (test/components/views/settings/tabs/user/SecurityUserSettingsTab-test.tsx:59:37)

const currentDeviceId = matrixClient.getDeviceId()!;
const userId = matrixClient.getSafeUserId();

const [devices, setDevices] = useState<DevicesState["devices"]>({});
const [dehydratedDeviceId, setDehydratedDeviceId] = useState<DevicesState["dehydratedDeviceId"]>(undefined);
const [pushers, setPushers] = useState<DevicesState["pushers"]>([]);
const [localNotificationSettings, setLocalNotificationSettings] = useState<
DevicesState["localNotificationSettings"]
Expand Down Expand Up @@ -131,6 +133,17 @@
});
setLocalNotificationSettings(notificationSettings);

const ownUserId = matrixClient.getUserId()!;
const userDevices = (await matrixClient.getCrypto()?.getUserDeviceInfo([ownUserId]))?.get(ownUserId);
const dehydratedDeviceIds: string[] = [];
for (const device of userDevices?.values() ?? []) {
if (device.dehydrated) {
logger.debug("Found dehydrated device", device.deviceId);
uhoreg marked this conversation as resolved.
Show resolved Hide resolved
dehydratedDeviceIds.push(device.deviceId);
}
}
setDehydratedDeviceId(dehydratedDeviceIds.length == 1 ? dehydratedDeviceIds[0] : undefined);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, how should we handle >1 dehydrated devices?


setIsLoadingDeviceList(false);
} catch (error) {
if ((error as MatrixError).httpStatus == 404) {
Expand Down Expand Up @@ -228,6 +241,7 @@

return {
devices,
dehydratedDeviceId,
pushers,
localNotificationSettings,
currentDeviceId,
Expand Down
Loading
Loading