mirror of
https://github.com/vector-im/element-web.git
synced 2024-11-28 11:28:12 +08:00
c05c429803
Co-authored-by: github-merge-queue <118344674+github-merge-queue@users.noreply.github.com> Co-authored-by: github-merge-queue <github-merge-queue@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Florian Duros <florian.duros@ormaz.fr> Co-authored-by: Kim Brose <kim.brose@nordeck.net> Co-authored-by: Florian Duros <florianduros@element.io> Co-authored-by: R Midhun Suresh <hi@midhun.dev> Co-authored-by: dbkr <986903+dbkr@users.noreply.github.com> Co-authored-by: ElementRobot <releases@riot.im> Co-authored-by: dbkr <dbkr@users.noreply.github.com> Co-authored-by: David Baker <dbkr@users.noreply.github.com> Co-authored-by: Michael Telatynski <7t3chguy@gmail.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Co-authored-by: David Langley <davidl@element.io> Co-authored-by: Michael Weimann <michaelw@matrix.org> Co-authored-by: Timshel <Timshel@users.noreply.github.com> Co-authored-by: Sahil Silare <32628578+sahil9001@users.noreply.github.com> Co-authored-by: Will Hunt <will@half-shot.uk> Co-authored-by: Hubert Chathi <hubert@uhoreg.ca> Co-authored-by: Andrew Ferrazzutti <andrewf@element.io> Co-authored-by: Robin <robin@robin.town> Co-authored-by: Tulir Asokan <tulir@maunium.net>
209 lines
8.7 KiB
TypeScript
209 lines
8.7 KiB
TypeScript
/*
|
|
Copyright 2024 New Vector Ltd.
|
|
Copyright 2023 The Matrix.org Foundation C.I.C.
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
|
|
Please see LICENSE files in the repository root for full details.
|
|
*/
|
|
|
|
import { mocked, Mocked } from "jest-mock";
|
|
import { IBootstrapCrossSigningOpts } from "matrix-js-sdk/src/crypto";
|
|
import { MatrixClient, Device } from "matrix-js-sdk/src/matrix";
|
|
import { SecretStorageKeyDescriptionAesV1, ServerSideSecretStorage } from "matrix-js-sdk/src/secret-storage";
|
|
import { IDehydratedDevice } from "matrix-js-sdk/src/crypto/dehydration";
|
|
import { CryptoApi, DeviceVerificationStatus } from "matrix-js-sdk/src/crypto-api";
|
|
|
|
import { SdkContextClass } from "../../../src/contexts/SDKContext";
|
|
import { accessSecretStorage } from "../../../src/SecurityManager";
|
|
import { SetupEncryptionStore } from "../../../src/stores/SetupEncryptionStore";
|
|
import { emitPromise, stubClient } from "../../test-utils";
|
|
|
|
jest.mock("../../../src/SecurityManager", () => ({
|
|
accessSecretStorage: jest.fn(),
|
|
}));
|
|
|
|
describe("SetupEncryptionStore", () => {
|
|
const cachedPassword = "p4assword";
|
|
let client: Mocked<MatrixClient>;
|
|
let mockCrypto: Mocked<CryptoApi>;
|
|
let mockSecretStorage: Mocked<ServerSideSecretStorage>;
|
|
let setupEncryptionStore: SetupEncryptionStore;
|
|
|
|
beforeEach(() => {
|
|
client = mocked(stubClient());
|
|
mockCrypto = {
|
|
bootstrapCrossSigning: jest.fn(),
|
|
getCrossSigningKeyId: jest.fn(),
|
|
getVerificationRequestsToDeviceInProgress: jest.fn().mockReturnValue([]),
|
|
getUserDeviceInfo: jest.fn(),
|
|
getDeviceVerificationStatus: jest.fn(),
|
|
isDehydrationSupported: jest.fn().mockResolvedValue(false),
|
|
startDehydration: jest.fn(),
|
|
} as unknown as Mocked<CryptoApi>;
|
|
client.getCrypto.mockReturnValue(mockCrypto);
|
|
|
|
mockSecretStorage = {
|
|
isStored: jest.fn(),
|
|
} as unknown as Mocked<ServerSideSecretStorage>;
|
|
Object.defineProperty(client, "secretStorage", { value: mockSecretStorage });
|
|
|
|
setupEncryptionStore = new SetupEncryptionStore();
|
|
SdkContextClass.instance.accountPasswordStore.setPassword(cachedPassword);
|
|
});
|
|
|
|
afterEach(() => {
|
|
SdkContextClass.instance.accountPasswordStore.clearPassword();
|
|
});
|
|
|
|
describe("start", () => {
|
|
it("should fetch cross-signing and device info", async () => {
|
|
const fakeKey = {} as SecretStorageKeyDescriptionAesV1;
|
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: fakeKey });
|
|
|
|
const fakeDevice = new Device({ deviceId: "deviceId", userId: "", algorithms: [], keys: new Map() });
|
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
|
);
|
|
|
|
setupEncryptionStore.start();
|
|
await emitPromise(setupEncryptionStore, "update");
|
|
|
|
// our fake device is not signed, so we can't verify against it
|
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
|
|
|
expect(setupEncryptionStore.keyId).toEqual("sskeyid");
|
|
expect(setupEncryptionStore.keyInfo).toBe(fakeKey);
|
|
});
|
|
|
|
it("should spot a signed device", async () => {
|
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
|
|
|
const fakeDevice = new Device({
|
|
deviceId: "deviceId",
|
|
userId: "",
|
|
algorithms: [],
|
|
keys: new Map([["curve25519:deviceId", "identityKey"]]),
|
|
});
|
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
|
);
|
|
mockCrypto.getDeviceVerificationStatus.mockResolvedValue(
|
|
new DeviceVerificationStatus({ signedByOwner: true }),
|
|
);
|
|
|
|
setupEncryptionStore.start();
|
|
await emitPromise(setupEncryptionStore, "update");
|
|
|
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(true);
|
|
});
|
|
|
|
it("should ignore the MSC2697 dehydrated device", async () => {
|
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
|
|
|
client.getDehydratedDevice.mockResolvedValue({ device_id: "dehydrated" } as IDehydratedDevice);
|
|
|
|
const fakeDevice = new Device({
|
|
deviceId: "dehydrated",
|
|
userId: "",
|
|
algorithms: [],
|
|
keys: new Map([["curve25519:dehydrated", "identityKey"]]),
|
|
});
|
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
|
);
|
|
|
|
setupEncryptionStore.start();
|
|
await emitPromise(setupEncryptionStore, "update");
|
|
|
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
|
expect(mockCrypto.getDeviceVerificationStatus).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it("should ignore the MSC3812 dehydrated device", async () => {
|
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
|
|
|
const fakeDevice = new Device({
|
|
deviceId: "dehydrated",
|
|
userId: "",
|
|
algorithms: [],
|
|
keys: new Map([["curve25519:dehydrated", "identityKey"]]),
|
|
dehydrated: true,
|
|
});
|
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
|
);
|
|
|
|
setupEncryptionStore.start();
|
|
await emitPromise(setupEncryptionStore, "update");
|
|
|
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
|
expect(mockCrypto.getDeviceVerificationStatus).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it("should correctly handle getUserDeviceInfo() returning an empty map", async () => {
|
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(new Map());
|
|
|
|
setupEncryptionStore.start();
|
|
await emitPromise(setupEncryptionStore, "update");
|
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("usePassPhrase", () => {
|
|
it("should use dehydration when enabled", async () => {
|
|
// mocks for cross-signing and secret storage
|
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(new Map());
|
|
mockCrypto.getDeviceVerificationStatus.mockResolvedValue(
|
|
new DeviceVerificationStatus({ signedByOwner: true }),
|
|
);
|
|
mocked(accessSecretStorage).mockImplementation(async (func?: () => Promise<void>) => {
|
|
await func!();
|
|
});
|
|
|
|
// mocks for dehydration
|
|
mockCrypto.isDehydrationSupported.mockResolvedValue(true);
|
|
const dehydrationPromise = new Promise<void>((resolve) => {
|
|
// Dehydration gets processed in the background, after
|
|
// `usePassPhrase` returns, so we need to use a promise to make
|
|
// sure that it is called.
|
|
mockCrypto.startDehydration.mockImplementation(async () => {
|
|
resolve();
|
|
});
|
|
});
|
|
client.waitForClientWellKnown.mockResolvedValue({ "org.matrix.msc3814": true });
|
|
|
|
setupEncryptionStore.start();
|
|
await emitPromise(setupEncryptionStore, "update");
|
|
|
|
await setupEncryptionStore.usePassPhrase();
|
|
|
|
await dehydrationPromise;
|
|
});
|
|
});
|
|
|
|
it("resetConfirm should work with a cached account password", async () => {
|
|
const makeRequest = jest.fn();
|
|
mockCrypto.bootstrapCrossSigning.mockImplementation(async (opts: IBootstrapCrossSigningOpts) => {
|
|
await opts?.authUploadDeviceSigningKeys?.(makeRequest);
|
|
});
|
|
mocked(accessSecretStorage).mockImplementation(async (func?: () => Promise<void>) => {
|
|
await func!();
|
|
});
|
|
|
|
await setupEncryptionStore.resetConfirm();
|
|
|
|
expect(mocked(accessSecretStorage)).toHaveBeenCalledWith(expect.any(Function), true);
|
|
expect(makeRequest).toHaveBeenCalledWith({
|
|
identifier: {
|
|
type: "m.id.user",
|
|
user: "@userId:matrix.org",
|
|
},
|
|
password: cachedPassword,
|
|
type: "m.login.password",
|
|
user: "@userId:matrix.org",
|
|
});
|
|
});
|
|
});
|