MessageReceiver: Drop blocked senders only after processing SKDMs

ts/textsecure/MessageReceiver.ts

@@ -290,16 +290,6 @@ export default class MessageReceiver
         //   fault, and we should handle them gracefully and tell the
         //   user they received an invalid message
 
-        if (envelope.source && this.isBlocked(envelope.source)) {
-          request.respond(200, 'OK');
-          return;
-        }
-
-        if (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid)) {
-          request.respond(200, 'OK');
-          return;
-        }
-
         this.decryptAndCache(envelope, plaintext, request);
         this.processedCount += 1;
       } catch (e) {
@@ -937,7 +927,7 @@ export default class MessageReceiver
     const task = createTaskWithTimeout(async (): Promise<DecryptResult> => {
       const unsealedEnvelope = await this.unsealEnvelope(stores, envelope);
       if (!unsealedEnvelope) {
-        // Envelope was dropped or sender is blocked
+        // Envelope was dropped
         return { envelope, plaintext: undefined };
       }
 
@@ -1065,11 +1055,8 @@ export default class MessageReceiver
       unsealedContent: messageContent,
     };
 
-    const validationResult = await this.validateUnsealedEnvelope(newEnvelope);
+    // This will throw if there's a problem
-    if (validationResult && validationResult.isBlocked) {
+    this.validateUnsealedEnvelope(newEnvelope);
-      this.removeFromCache(envelope);
-      return undefined;
-    }
 
     return newEnvelope;
   }
@@ -1144,12 +1131,20 @@ export default class MessageReceiver
       );
     }
 
+    if (
+      (envelope.source && this.isBlocked(envelope.source)) ||
+      (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid))
+    ) {
+      window.log.info(
+        'MessageReceiver.decryptEnvelope: Dropping message from blocked sender'
+      );
+      return { plaintext: undefined, envelope };
+    }
+
     return { plaintext, envelope };
   }
 
-  private async validateUnsealedEnvelope(
+  private validateUnsealedEnvelope(envelope: UnsealedEnvelope): void {
-    envelope: UnsealedEnvelope
-  ): Promise<{ isBlocked: true } | void> {
     const { unsealedContent: messageContent, certificate } = envelope;
     strictAssert(
       messageContent !== undefined,
@@ -1160,17 +1155,6 @@ export default class MessageReceiver
       'Missing sender certificate for sealed sender message'
     );
 
-    if (
-      (envelope.source && this.isBlocked(envelope.source)) ||
-      (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid))
-    ) {
-      window.log.info(
-        'MessageReceiver.validateUnsealedEnvelope: Dropping blocked message ' +
-          'after partial sealed sender decryption'
-      );
-      return { isBlocked: true };
-    }
-
     if (!envelope.serverTimestamp) {
       throw new Error(
         'MessageReceiver.decryptSealedSender: ' +
@@ -1486,7 +1470,7 @@ export default class MessageReceiver
       const uuid = envelope.sourceUuid;
       const deviceId = envelope.sourceDevice;
 
-      // We don't do a light session reset if it's just a duplicated message
+      // We don't do anything if it's just a duplicated message
       if (
         error?.message?.includes &&
         error.message.includes('message with old counter')
@@ -1503,6 +1487,16 @@ export default class MessageReceiver
         throw error;
       }
 
+      if (
+        (envelope.source && this.isBlocked(envelope.source)) ||
+        (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid))
+      ) {
+        window.log.info(
+          'MessageReceiver.decrypt: Error from blocked sender; no further processing'
+        );
+        throw error;
+      }
+
       if (uuid && deviceId) {
         const { usmc } = envelope;
         const event = new DecryptionErrorEvent({