Commit graph

1836 commits

Author SHA1 Message Date
Scott Nonnenberg
12914307f1 Improve experience when discovering identity key error on send
New experience in the Message Detail view when outgoing identity key
errors happen, matching the Android View.

'View' button is only shown on outgoing key errors right now.

When a contact with an outgoing identity key error is clicked, they are
taken to a view like the popup that comes up on Android: an explanation
of what happened and three options: 'Show Safety Number', 'Send Anyway',
and 'Cancel'

Contacts are now sorted alphabetically, with the set of contacts with
errors coming before the rest.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
b6cca41a0c Update verification-related strings to better match mobile app
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
f654532fa8 Handle UNVERIFIED sync verification messages (via contact sync)
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
20451cc827 Show verified/keychange notifications when actually relevant
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e91f2d0377 Miscellaneous wire-up to ensure that failures propagate
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
aa83bc1dab Ensure all sessions are archived on profile fetch
If the key has changed, saveIdentity will archive sibling sessions, but not the
session for the device it was called on. Therefore we have to archive that one
by hand.

Also switch from saving the identity of an OutgoingIdentityKeyError to just
triggering a profile fetch, mostly for consistency, simplicity, and DRYness.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3206536d47 Fix deadlock in saveIdentity
Archive only sibling sessions so as not to block on the same device lock as the
protocol lib.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
e5e4eab9c5 Add archiveSiblingSessions
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
982e7f962c Update libsignal-protocol
// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e2ee63efaa m.get('sender') -> m.isIncoming(), filter in getLoadedUnreadCount
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5b46ef3562 Show last seen indicator for keychange/verification notifications
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1fedc75e5d Handle unverified length of zero
This can happen with unknown groups, where we don't know the list of
members but we're receiving messages. It's generally not a good
experience, but we shouldn't crash.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
224140c911 OutgoingMessage: Provide proper timestamp for replayability
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5d1150e5bc Fix call to reloadDevicesAndSend - it returns a function
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
f414c13220 Protos: Update to optional verified in sync (was: repeated)
This means that we no longer need to iterate.

FREEBIE
2017-08-04 12:03:25 -07:00
lilia
fdce4cfc7c Fix failed identity key sync from contact sync
These were failing because ByteBuffers from the protobufs need to be converted
to ArrayBuffers. Fixed by useing the existing handler in MessageReceiver to
process verified messages from contact sync messages and dispatch them as their
own events, reducing some complexity on the application side.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
78094102bd Message.send: Add promise to array for consistency
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4ee4ad80c3 Message.send - check for missing identityKey, also add logging
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
551aa24e9a OutgoingMessage: A few code style tweaks to make things readable
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
116e4d2eeb OutgoingMessage: Reduce the calls to registerError
In some cases, due to promise chaining and error propagation, we were
calling registerError more than once for a given error. This would then
cause the overall callback for the send operation to be called with a
partial set of errors, as well as duplicates.

Note: we do need to find a way to attach identityKey to the
OutgoingIdentityKeyError in the case where it comes directly from the
encrypt() instead of our pre-key operations.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
30bc3fca3a MessageView: Be resilient to multiple renders of a network error
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5e62d0cfd8 Update identity key after a send error tells us it has changed
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
22208ec3f8 Fix: Conversation.updateVerified fails when convo not yet in db
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
9f4fcc5afa Send null messages to mask verified syncs
First construct a null message of random size and contents and send it to the
destination. Then include that same padding in the verification sync.

Note that the sync message is additionally randomly padded like all other sync
messages.

This lets Verified sync messages appear the same as normal sync message traffic.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
bb9c97b960 Support for receiving null messages
Just log em for debugging. Also update the error messge thrown when we get a
content message with no supported properties. It may be empty or may just have
an unrecognized field.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
243fd68904 Handle verified state from contact syncs
Treat it just like an isolated verified state sync

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1e93b12b90 Update protos with support for null messages
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
6e758fc1ea Randomly pad all sync messages
WhisperSystems/libsignal-service-java@c46cdc0aa5

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
7bfb66b13b processVerifiedMessage: Archive all sessions when key changes
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
827addf628 Log on receipt of verified sync after we've processed the state
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d7054f4b63 Archive sessions whenever an identity key changes
Sessions established with the previous identity should no longer be used for
sending, so we should close them.

Since we've added this call to saveIdentity, we can omit the call to it after
profile fetches.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0056cbefc1 processVerifiedMessage: Trigger keychange event when key differs
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0db2ef9e7f Refactor: combine Conversation.setVerified/setVerifiedDefault
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
d1fa28b706 Object.assign -> _.extend(), for to make Chrome 45 and below work
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1e8ae774a2 Differentiate between local and remote trust decisions
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
20f4d48991 Protos: Move to latest iteration of verification protos
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3acfda3a56 Archive sessions on key changes after profile fetch
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4232f5711c Handle identity key change errors on encrypt
We need to capture key change errors from the protocol library when we call
encrypt. Previously we would only see these on session init.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4f2f622598 Apply special handling to verification sync messages
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1614a6f1b8 Add special handling for verification sync
processVerifiedMessage checks the current state of the database against the
identity key from an incoming verification sync message to determine whether or
how to update our local record.

When syncing a DEFAULT status and we have no local record, it's a no-op, but
we'll log it.

When syncing a DEFAULT status and we have non-default record with the same key,
mark it as default.

When syncing a VERIFIED status and either:
  1. we have no key on record,
  2. we have have a different key on record, or
  3. we have the same key on record, but not verified
mark it as verified.

Otherwise do nothing.

References: https://github.com/WhisperSystems/Signal-Android/blob/master/src/org/thoughtcrime/securesms/util/IdentityUtil.java#L129

// FREEBIE

Ensure processVerified resolves
2017-08-04 12:03:25 -07:00
lilia
c60919ca0e Update setVerified to take an optional key argument
If specified, the existing local key must match the given one or we will not
update the record.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
16433d661a Show call to action on group member list when verifying
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
31bf05e14a Add verified state summary to top of safety number screen
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
11372b4e00 Add icons for keychange and expiration timer in-conversation items
The shield matches the Android app's key change notification, and the
clock icon was easy to do and makes it easier to visually distinguish
those items in the conversation history.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c714fb6dbf Shadow/icon/blue for banner, better verify advisories in dark theme
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1d7cbc14fd Fix a couple bind()) issues when getting verified state
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
b0dbecb4e2 Check trust store for identity key information on every new message
It's debounced so it doesn't go too crazy.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
782c484680 Check trust store for latest identity key info before sending
We definitely want the latest information from our local database before
attempting to send.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
fc39241003 Ensure that we pull verified state only after getting profiles
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4a1dc46ab3 Fixes to get local verification and sync messages working
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c43d96904d Move to the real verify/trust APIs
This wires up verification sync messages, verification and trust checks
to the trust store instead of using mocked data.

FREEBIE
2017-08-04 12:03:25 -07:00
lilia
52481d1d13 Support for sending and receiving verification sync messages
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
475d607fd0 Prepare for verification sync messages: receiver, ready to send
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
aebf4b32d6 Conversation.updateLastMessage: fix indent, use of null message
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
36c28296e9 Remove extraneous logging
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9b864c8675 Re-render verified change conversation items when convo changes
If the contact's name changes, for example.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1cf9289b1a Add items to conversation history when user verifies/unverifies
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
a827334c3e Allow re-send of messages in msg detail view on OutgoingKeyError
We also show more errors than we used to in the MessageDetail screen
to help make it clear what is happening, and why the user would need to
re-send.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
688cae6374 Remove empty string class passed to contact template
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
8264f3ba33 Make the term 'Verified' fully localizable
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e9968c3118 Remove comments after NewGroupUpdateView investigation
It doesn't run today - it depends on RecipientsInputView, which depends
on Backbone.TypeaheadCollection which doesn't currently exist in the
product.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
8d29cb9830 Prevent access to Safety Number when talking to yourself
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c7e385eb38 Remove 'safety number approval' option from settings dialog
Also sync templates in test/index.html and background.html

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9204188aa3 A bit of cleanup after some early code review
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
2955c36b3e Confirmation dialog: Make keyboard-accessible: escape to cancel
And proper tab order. Then some more work to re-focus on the message
composition field after the dialog shows up and steals focus.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
243cbd8123 Confirmaton on send, banner when 'unverified'
Not yet using the new APIs, but ready to. Still to do:
- Send sync messages on trust decisions
- Respond to received trust decision sync messages
- Show trust decisions in the conversation history
- In that rare situation where a sent message ends up with a key error
  make it easy to retry the send.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
bedf10056b Support for group-member verifications via second-level panel
Also:
- All the necessary wire-up to update things in real time. If you have
a safety number page up via a group member view as well as via a 1:1
conversation with that contact, they'll both be updated as the
underlying model changes. Similarly, the overall group will update
in real-time as members change.
- A bit of special-casing for yourself in a group conversation - you're
shown as 'me' and are not clickable, where normally that would take you
to the Safety Number screen for that contact. You are also not included
in the trust calculations for a given group.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ae3587f05e Move all instances of 'verify identity' to 'show identity'
As discussed in standup this morning - only the act of verifying or a
statement about current status should use that word 'verify.'

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ee0b0f5ffb Remove all concept of 'key conflict' from the app 2017-08-04 12:03:25 -07:00
lilia
0e0f14723e Rename model IdentityKey -> IdentityRecord
Reduce ambiguity in between the record itself, which now stores other
information besides the public key, and its `publicKey` attribute, which
contains an ArrayBuffer of key material.

This model is internal to SignalProtocolStore.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
aa6dbb2e59 Preserve UNVERIFIED status on key change
Don't revert it to default, which would effectively downgrade the security model
for that contact.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
12d9bb61c3 Let removeIdentityKey delete the entire record
Previously we would only clear the publicKey since that was the only attribute,
but now we should delete the entire record. This method is currently only called
from tests.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d1858de39b Default nonblockingApproval to false
saveIdentity is invoked with only two arguments from the protocol layer, in
which case we should default nonblockingApproval to false.

76c28cfa7a/src/org/thoughtcrime/securesms/crypto/storage/TextSecureIdentityKeyStore.java (L87)

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
261ec003ee Account manager calls saveIdentityWithAtttributes
saveIdentityWithAtttributes allows directly setting all properties of an
identity key record. In AccountManager we use it to save our own identity
key after a new registration.

Previously we would remove the existing key first in order to coerce firstUse to
true, but now we can simply set it explicitly, along with a VERIFIED status.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
2a76bb6fc2 Add new methods to identity store
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
50dd9c6772 Add identityKey model validation
This will enforce that all identity record attributes are valid and present
before allowing the record to be saved. This is necessary since we will be
exposing a lower-level method to save an identity with explicit values for
firstUse, nonblockingApproval, and verified status.
2017-08-04 12:03:25 -07:00
lilia
b93042f12f Add verified status
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
c6bfdec84d Remove blockingApproval
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
53e7e1be3a Fix libsignal-protocol using wrong direction flag
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
6fdd0f1625 Handle identity errors on decrypt
Previously we only expected these errors to occur when decrypting prekey
messages, so we need to add handling for them in the case of a normal message.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
f095a1583e Fetch profiles whenever conversations are opened
For a group, fetch everyone's profile.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d295fa7057 Update libsignal-protocol
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1b9eb83422 Update isTrustedIdentity for directional trust
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4e4aedd4ba Pass in non/blockingApproval args to saveIdentity
Multiple cases here:
1. setting our own key on registration
1. changing identities from a safety number change dialog

Note that removeIdentityKey runs before saveIdentity, so we'll always end up
with firstUse: true on our own key.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3ca511a10a Unwrap removeIdentityKey from calls to saveIdentity
saveIdentity is now reponsible for determining firstUse, so we must not remove
the existing key before updating it.

Previously, the implementation provided an extra check against overwritting an
existing key, but that should be done via isTrustedIdentity instead.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
82469713d2 Update saveIdentity
Add support new blockingApproval and nonblockingApproval arguments
Populate the firstUse property on identity key records
Return whether an existing record was overwritten.

References
https://github.com/WhisperSystems/Signal-Android/commit/39d4a7#diff-69ede72c549da6bcbcd959935995b7e9R45

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4d4dd3341f Add isBlocking/isNonBlockingApprovalRequired
These analyse the identity key record and user preferences to determine whether
a key requires approval for sending.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
22e907a8d4 Add getProfile to MessageSender
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
0c5a69cce4 Add support for getProfile to TextSecureServer
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
9f4a657e8a Add database migration
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3afe378063 Remove legacy property from OutgoingMessage 2017-07-05 18:05:56 -07:00
lilia
d47ced1199 Don't recompute outgoing message padding
We can use the same padded plaintext across multiple numbers or attempts rather
than re-creating it every time we encrypt to a particular number.

// FREEBIE
2017-07-05 18:05:56 -07:00
lilia
30201969be Inline some functions in OutgoingMessage
Since we no longer have legacy messages to send, we can simplify things a bit
here.

// FREEBIE
2017-07-05 18:05:56 -07:00
lilia
e8548879db Stop sending legacy DataMessages 2017-06-20 17:57:27 -07:00
Scott Nonnenberg
3fbd1ab618 Use error.stack instead of error for console log
Chrome/V8 give you the error name, message and callstack at that
property, where toString() gives you [object NavigatorUserMediaError]

FREEBIE
2017-06-20 16:57:11 -07:00
Scott Nonnenberg
98f88607a0 Remove recorder UI when we fail to 'getUserMedia'
FREEBIE
2017-06-20 16:57:11 -07:00
Scott Nonnenberg
24174312b9 Fix: Show attachment views; they trigger update syncrhonously
FREEBIE
2017-06-16 10:52:57 -07:00
Scott Nonnenberg
2b5e56f6be Use setElement to ensure that re-parented views listen for events
FREEBIE
2017-06-15 16:28:15 -07:00
Scott Nonnenberg
40651f44ab
MessageView.appendAttachmentView: Remove from proper parent
FREEBIE
2017-06-08 19:59:22 -07:00
Scott Nonnenberg
f602ac462f A little cleanup in ConversationView.resetLastSeenIndicator
FREEBIE
2017-06-08 17:04:07 -07:00