* Element-R: pass pickleKey in as raw key for indexeddb encryption
Currently, we pass the `pickleKey` to the rust library for use as a passphrase
for encrypting its crypto store. The Rust libary then passes that passphrase
through 200000 rounds of PBKDF2 to generate an encryption key, which is
(deliberately) slow.
However, the pickleKey is actually 32 bytes of random data (base64-encoded). By
passing the raw key into the rust library, we can therefore save the PBKDF
operation.
Backwards-compatibility with existing sessions is maintained, because if the
rust library discovers that the store was previously encrypted with a key based
on a PBKDF, it will re-base64 and PBKDF the key we provide, thus reconstructing
the right key.
* Update src/Lifecycle.ts
Co-authored-by: Florian Duros <florianduros@element.io>
* Lifecycle-test: clean up test setup
Rely less on the unit under test for setting up the test preconditions -- not
least because we don't really want to fire up matrix clients and the like
during test setup.
* Factor out "encryptPickleKey" method
For a start it makes it easier to grok what's going on, but also I went to use
this in a test
* Improve tests for `Lifecycle.restoreFromLocalStorage`
---------
Co-authored-by: Florian Duros <florianduros@element.io>
* Store id_token rather than just id_token_claims
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Pass id_token via `id_token_hint` on `Manage Account` interaction
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Send user credentials to service worker for MSC3916 authentication
* appease linter
* Add initial test
The test fails, seemingly because the service worker isn't being installed or because the network mock can't reach that far.
* Remove unsafe access token code
* Split out base IDB operations to avoid importing `document` in serviceworkers
* Use safe crypto access for service workers
* Fix tests/unsafe access
* Remove backwards compatibility layer & appease linter
* Add docs
* Fix tests
* Appease the linter
* Iterate tests
* Factor out pickle key handling for service workers
* Enable everything we can about service workers
* Appease the linter
* Add docs
* Rename win32 image to linux in hopes of it just working
* Use actual image
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Improve documentation
* Document `??` not working
* Try to appease the tests
* Add some notes
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix spurious session corruption error
Move the server versions check to each time we reconnect to the server
rather than the first time,although, as per comment it will still only
trigger the first time, but it will avoid us awaiting and mean we know
we're connected to the server when we try, and get automatic retries.
Fixes https://github.com/element-hq/element-web/issues/26967
* Move test & add regression test
* Write some more tests
* More comments & catch exceptions in server versions check
* Note caching behaviour
* Typo
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Remove the bit of the comment that might be wrong
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix overwrite login action not stopping client
* remove unneeded fixture for overwrite login test
* Fix playwrite bad import of app sources
* revert uneeded change on fore OnLoggedIn causing side effects
* Add unit test for overwrite login action
* remove un needed ts-ignore
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* very messy poc
* utils to persist clientId and issuer after oidc authentication
* add dep oidc-client-ts
* persist issuer and clientId after successful oidc auth
* add OidcClientStore
* comments and tidy
* expose getters for stored refresh and access tokens in Lifecycle
* revoke tokens with oidc provider
* test logout action in MatrixChat
* comments
* prettier
* test OidcClientStore.revokeTokens
* put pickle key destruction back
* comment pedantry
* working refresh without persistence
* extract token persistence functions to utils
* add sugar
* implement TokenRefresher class with persistence
* tidying
* persist idTokenClaims
* persist idTokenClaims
* tests
* remove unused cde
* create token refresher during doSetLoggedIn
* tidying
* also tidying
* OidcClientStore.initClient use stored issuer when client well known unavailable
* test Lifecycle.logout
* update Lifecycle test replaceUsingCreds calls
* fix test
* tidy
* test tokenrefresher creation in login flow
* test token refresher
* Update src/utils/oidc/TokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use literal value for m.authentication
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* improve comments
* fix test mock, comment
* typo
* add sdkContext to SoftLogout, pass oidcClientStore to logout
* fullstops
* comments
* fussy comment formatting
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* very messy poc
* comments
* prettier
* comment pedantry
* working refresh without persistence
* extract token persistence functions to utils
* add sugar
* implement TokenRefresher class with persistence
* tidying
* persist idTokenClaims
* persist idTokenClaims
* tests
* remove unused cde
* create token refresher during doSetLoggedIn
* tidying
* also tidying
* update Lifecycle test replaceUsingCreds calls
* tidy
* test tokenrefresher creation in login flow
* test token refresher
* Update src/utils/oidc/TokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use literal value for m.authentication
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* improve comments
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* comments
* prettier
* comment pedantry
* fix code smell - nullish coalesce instead of ||
* more comments
* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* comments
* prettier
* Update src/Lifecycle.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* comments
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
