Commit graph

2032 commits

Author SHA1 Message Date
Scott Nonnenberg
4cba16cb61 Fetch all conversations on startup of app, not on inbox load (#1437)
* Fetch all conversations on startup of app, not on inbox load

A recent change to fetch conversations less didn't take into account all
that can happen in the app without the inbox loaded. That only happens
when the window is shown, and messages can come in with the app in the
background. In that case, the conversation wouldn't have been loaded
from the database, but would be saved to the database anyway, losing
data.

This change fetches all conversations as soon as the the data store is
ready for a fetch. It also introduces failsafe throws to ensure that
synchronous ConversationController accesses don't happen until the
initial fetch is complete. A new getUnsafe() method was required to
account for some of the model setup that happens during that initial
conversation fetch.

Fixes #1428

FREEBIE

* Fix tests: ConversationController.load() required before get()

FREEBIE
2017-09-06 18:18:46 -07:00
Scott Nonnenberg
d8ce198f55 Fetch conversations once, clean up ConversationController API (#1420)
* Fetch conversations once, clean up ConversationController API

Race conditions around re-fetching have caused some problems recently,
so this removes the need to re-fetch conversations. They are fetched
once or saved once, and that is it. All interaction goes through the
ConversationController, which is the central source of truth.

We have two rules for Conversations:

1. If a conversation is in the ConversationController it doesn't need
   to be fetched, but its initial fetch/save might be in progress. You
   can wait for that fetch/save with conversation.initialPromise.
2. If a conversation is not already in the ConversationController, it's
   not yet in the database. It needs to be added to the
   ConversationController and saved to the database.

FREEBIE

* Remove Conversation.fetch() call in Message.handleDataMessage()

FREEBIE

* ConversationController.API cleanup: Fix two missing spots

FREEBIE
2017-09-01 09:10:41 -07:00
Lilia
51cd28bb4a Fix race handling contact sync with verified info (#1419)
When processing a contact sync with embedded identity key verification info, we
were running overlapping async fetch/save operations on the same conversation
model, causing a race that tends to clobber updates to the contact info.

In this change we extend the application-level contact info handler to block on
a subsequent call to the verification handler, which effectively serializes the
fetch/save calls, and relieves the need for the message receiver to trigger a
seperate event concerning the verification info on contact sync messages.

Fixes #1408

// FREEBIE
2017-09-01 07:42:41 -07:00
Scott Nonnenberg
07abe2639f Export: Properly generate directory names for nameless groups (#1421)
FREEBIE
2017-09-01 07:33:30 -07:00
Scott Nonnenberg
94b63c39fd
Export: Remove " as one of the allowed characters in filenames
Turns out that it's not allowed on windows.

FREEBIE
2017-08-31 23:25:49 -07:00
Scott Nonnenberg
36e8b82b5f Remove unknown group messages from cache - no need to retry! (#1414)
FREEBIE
2017-08-30 14:40:08 -07:00
Scott Nonnenberg
46b64e306f createTaskWithTimeout: Don't log expiration if task threw (#1412)
FREEBIE
2017-08-30 13:33:55 -07:00
Scott Nonnenberg
3f7fbd93d5 Export: Better disambiguate conversation directory names (#1409)
FREEBIE
2017-08-30 13:23:07 -07:00
Scott Nonnenberg
4011e26b50 Fix handling of sync message with blocked numbers (#1411)
FREEBIE
2017-08-30 11:55:17 -07:00
Scott Nonnenberg
b14667ae40 Additional error handling/logging during contact sync (#1395)
FREEBIE
2017-08-30 09:35:04 -07:00
Scott Nonnenberg
548586b934 Chrome export fixes: too-long names, redact group ids (#1402)
* On export, don't print out entire group id, just last three chars

FREEBIE

* Export: Limit conversation dirs to 30 characters of original name

FREEBIE

* Redact groups ids on import as well

FREEBIE

* InboxView: Protect against nonexistent loading screen

FREEBIE
2017-08-30 09:30:21 -07:00
Scott Nonnenberg
3d8aa3b8a2
Export: Handle synchronous 'shutdown-complete' event (already offline)
FREEBIE
2017-08-28 14:01:51 -07:00
Scott Nonnenberg
d31d1712b1
Bullet-proofing export scenarios: null attachments, no msgreceiver
FREEBIE
2017-08-28 13:20:53 -07:00
Scott Nonnenberg
c0cd733139 Full export, migration banner, and full migration workflow - behind flag (#1342)
* Add support for backup and restore

This first pass works for all stores except messages, pending some scaling
improvements.

// FREEBIE

* Import of messages and attachments

Properly sanitize filenames. Logging information that will help with
debugging but won't threaten privacy (no contact or group names),
where the on-disk directories have this information to make things
human-readable

FREEBIE

* First fully operational single-action export and import!

FREEBIE

* Add migration export flow

A banner alert leads to a blocking ui for the migration. We close the socket and
wait for incoming messages to drain before starting the export.

FREEBIE

* A number of updates for the export flow

1. We don't immediately pop the directory selection dialog box, instead
  showing an explicit 'choose directory' button after explaining what is
  about to happen
2. We show a 'submit debug log' button on most steps of the process
3. We handle export errors and encourage the user to double-check their
  filesystem then submit their log
4. We are resilient to restarts during the process
5. We handle the user cancelling out of the directory selection dialog
  differently from other errors.
6. The export process is now serialized: non-messages, then messages.
7. After successful export, show where the data is on disk

FREEBUE

* Put migration behind a flag

FREEBIE

* Shut down websocket before proceeding with export

FREEBIE

* Add MigrationView to test/index.html to fix test

FREEBIE

* Remove 'Submit Debug Log' button when the export process is complete

FREEBIE

* Create a 'Signal Export' directory below user-chosen dir

This cleans things up a bit so we don't litter the user's target
directory with lots of stuff.

FREEBIE

* Clarify MessageReceiver.drain() method comments

FREEBIE

* A couple updates for clarity - event names, else handling

Also the removal of wait(), which wasn't used anywhere.

FREEBIE

* A number of wording updates for the export flow

FREEBIE

* Export complete: put dir on its own line, make text selectable

FREEBIE
2017-08-28 13:06:10 -07:00
Scott Nonnenberg
76a69f7511
Move clear/drawAttention logging up a level to reduce verbosity
FREEBIE
2017-08-28 12:59:08 -07:00
Scott Nonnenberg
bbb12979b3
Fix a few errant jshint problems
FREEBIE
2017-08-25 14:28:05 -07:00
Scott Nonnenberg
9fb079253c Remove errors from the cache when they are shown to the user (#1392)
There's really no reason to retry encryption errors again if they've
already been made user-visible in a conversation.

Also, refactor e->error in background.js onError(), since both e and ev
in this method made it too easy to make a mistake.
2017-08-25 14:24:16 -07:00
Scott Nonnenberg
84fd605ad3 MessageReceiver cache: Don't convert to string for save
Because IndexedDB supports ArrayBuffer natively.

FREEBIE
2017-08-25 13:53:47 -07:00
beernutz
07ec2707ac Update to work around flashing icon issue (#1384)
Repeatedly clearAttention to prevent flashing icon
2017-08-24 16:22:01 -07:00
Scott Nonnenberg
f14ac69f2a Additional logging when we get delivery receipt for unknown msg
FREEBIE
2017-08-23 13:39:29 -07:00
Scott Nonnenberg
4ef36cc95c Add logging to help track down problems with Sync
Seems like we're running into errors sending the message to kick off the
sync, so positive logging as well as error logging is included.

FREEBIE
2017-08-17 17:33:22 -07:00
Scott Nonnenberg
675d41843e Re-enable message box if enter pressed with no text/files
Previously the message would stay disabled until the user clicked with
the mouse.

FREEBIE
2017-08-17 08:54:38 -07:00
Scott Nonnenberg
680f7d8b57 Additional logging for perf analysis and cross-device debuging
- How long it takes to get a message through the pre-send checks
- How long it takes to open a conversation for the first time
- The timestamp of any message we send to corellate with other logs
- Add conversation ID to 'decrypt old identity key errors' start/end

FREEBIE
2017-08-17 08:54:38 -07:00
Scott Nonnenberg
241e26dc17 Don't revoke convo avatar URL on unload - we will need it again
FREEBIE
2017-08-15 14:08:14 -07:00
Scott Nonnenberg
9c7db537d0
libtextsecure.js catch-up
FREEBIE
2017-08-14 12:20:13 -07:00
Scott Nonnenberg
7e9ed1481b Set receivedAt after decrypt, sort by received then sent
FREEBIE
2017-08-14 12:12:36 -07:00
Scott Nonnenberg
620b71a649 Maintain original received time when processing queued/error msgs
FREEBIE
2017-08-12 13:17:53 -07:00
Scott Nonnenberg
8700112f6d Decrypt any IncomingIdentityKeyError still sticking around
FREEBIE
2017-08-12 13:17:53 -07:00
Scott Nonnenberg
67cb9bdf54 Disable message box between send request and final send begin
Because we do a number of async checks before allowing the real send to
begin, on a slow matchine or when doing a lot of work (like receiving a
lot of messages) there can be a noticeable delay between hitting Enter
and the clearing of the text in the message box. In fact, newly-typed
text can be added to the previous message if the delay is long enough.

This prevents any interaction with the message box until the send has
either been prevented or has started.

FREEBIE
2017-08-11 18:55:16 -07:00
Scott Nonnenberg
e7450fa0d7 Add a max setTimout for expiring messages (over max == immediate)
Discovered a user log where expiring message checks were happening
constantly. This ensures that a very large timeout doesn't roll over
into immediate callbacks.

FREEBIE
2017-08-10 12:04:13 -07:00
Scott Nonnenberg
e57f155403 Handle rejections from protocol layer (due to missing records)
isVerified and isUntrusted both went to the protocol layer, but were not
prepared for rejected promises resulting from missing records. This
prevented send in large groups where there has never been a message
exchanged with one of the members.

FREEBIE
2017-08-10 11:21:15 -07:00
Scott Nonnenberg
cf5f50cfab Give initIncomingMessage envelope in background.js error handling
FREEBIE
2017-08-08 14:08:29 -07:00
Scott Nonnenberg
b33c5c4c07 MessageReceiver: Wait for all code paths in handleSyncMessage
Without this, the recent changes to wait for read receipts and delivery
receipts don't have much of an effect.

FREEBIE
2017-08-08 11:22:41 -07:00
Scott Nonnenberg
96b00b3e2d Throttle expiring messages data query and deletion
I believe this to be the reason behind some of the high resource usage
on startup. If a lot of read receipts come in for disappearing messages,
this method can be called many, many times very quickly.

FREEBIE
2017-08-08 11:22:41 -07:00
Scott Nonnenberg
6caf88c404 Key verification error popup: Remove cancel, empty resolve()
FREEBIE
2017-08-07 16:14:49 -07:00
Scott Nonnenberg
2130795708 Fix 'retry message' scenario: they are now content messages
FREEBIE
2017-08-07 16:14:49 -07:00
Scott Nonnenberg
e0c1f0d27a MessageReceiver: Process cached before dismissing loading screen
FREEBIE
2017-08-07 16:14:49 -07:00
Scott Nonnenberg
fa00f08c95 MessageReceiver: Fix envelope id logging and make it consistent
FREEBIE
2017-08-07 16:14:49 -07:00
Scott Nonnenberg
82b2a611e3 MessageView: Always remove errors on re-render to prevent doubles
FREEBIE
2017-08-07 16:14:49 -07:00
Scott Nonnenberg
78c02f1154 Restore 'cancel' button on delete message confirmation dialog
FREEBIE
2017-08-07 16:14:49 -07:00
Scott Nonnenberg
559619eb49
Fix sync'd disappearing messages; prevent double-save
FREEBIE
2017-08-04 18:19:26 -07:00
Scott Nonnenberg
7e8f3ab5e7
Fix for "Can't find record for undefined.1"
Also, we didn't need to recalculate the number here anyway!

FREEBIE
2017-08-04 15:23:54 -07:00
Scott Nonnenberg
e223db56d9 Set messageKeysLimit to unlimited if communicating with our devices (#1348)
Set messageKeysLimit to unlimited if communicating with our devices

FREEBIE
2017-08-04 12:25:30 -07:00
Scott Nonnenberg
7e0bd82bd3 handleDataMessage: Remove if(confirm) checks, add try/catch
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
832b343031 Expiring messages: Add clarifying comment about destroy() ordering
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
7d4ae63501 MessageReceiver: Log empty event, flow promise properly
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
32e12f7d3c Conversation.notify(): introduce a promise to track completion
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
d3fb0e5b46 Expiring messages: destroy only after we've notified conversation
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
7faf83bc01 Read/Delivery Receipts: Wait for resolution in main queue
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
92ba295d52 Better logging for sync sent messages, and new (disappeared) msgs
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ad8cb870d9 libtextsecure.js catch-up
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ec70170829 ConversationView.unload: Add ability to provide reason for logging
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c0f8812f9b ConversationView: when windows are closed, call unload()
Anyway, unload() is a more comprehensive method for doing what the close
handler was trying to do before.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
6f1a2a9b3e Conversation.markRead() - wait for all database saves are complete
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
b4f6721846 Fix manfest.css, libtextsecure.js catch-up
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
65283d2794 Unload conversations and old messages every half-hour
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4ea457a01c Fix second fetchConversation call if unread > 0
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
8c231d9830 MessageReceiver: Flow promises back properly in decrypt error case
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
31d7e652fe Dismiss the app loading screen if we failed to connect to socket
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
af2ce56c8d Reset MessageReciever queue whenever possible
(like we do with the conversation queue already)

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
305bd6b3b8 App loading screen: show messages processed so far
Also, show the same loading screen on index.js before we've bootstrapped
the app.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e36aa524c9 background.js: Flow promises properly in error case
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
39795170c1 Handle the 'extension loaded, reopen window' scenario
Not sure exactly how to think about Chrome app lifetimes, so we're
being conservative. We only show the full-application loading screen
once, on first display of the inbox.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
53f2bfbb57 Animated loading screens on startup and first conversation load
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
3e8b34f3d0 findOrCreateById instead of private-specific method
Anyway, findOrCreateById with no type didn't succeed, because the
conversation didn't validate.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ef3431af1b isUntrusted: Return false if firstUse is true
Because users will see this upon first trying to communicate with a new
contact if they're quick about it.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
f38d715250 Read receipts: Log sender and timestamp when related msg not found
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c6bc167975 Increase log length to 5000, since we're logging so much now
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
82c0b4aaa6 Add return to onContractReceived for consistency
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9dc406dc8d Apply reliable trigger to Backbone.Collection as well
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
3e0fa995dd When finding all groups involving a number, load from DB not memory
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0adc398a6f Fetch conversation before saving in all sync handlers
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9db0a58260 Whenever adding something to a queue, include a timeout
No more wedged queues!

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
cc2c3edaa6 Override Backbone's trigger with one that catches exceptions
Model operations are vulnerable to exceptions thrown by event handlers.
Because this can interrupt really important data operations, it's better
to let the operation continue and log the error. In all likelihood it's
a view-related problem, and that shouldn't cause any data operation to
fail.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
700272cf85 Add a pure copy from backbone into reliable_trigger.js for diff
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
b985228160 Last seen indicator/scroll down button - defensive removal
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4f90cefd4f More bullet-proofing - reject surrounding promise if save() fails
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1eb450ca35 Conversation: Start w/DEFAULT verified state, avoid null timestamp
Fix too-aggressive verification notifications on startup by starting a
conversation with the right initial verified state, and then making sure
to fetch() before setting a new verified state.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
bd0050b6c6 Cache messages on receipt, remove from cache when processed
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e6859a3684 Ensure that promises always resolve, or that rejections are okay 2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4da1722ee8 Bullet-proof _setVerified and handleDataMessage against rejections
And the weird behavior we get from $.Deferred.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5da324103a Throttle calls to getProfile when opening conversation
We don't want to throttle other calls to getProfile, so we localize this
to the fetch we do when we first open a conversation.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
aa80cdd74d ConfirmationDialogView: Make showCancel an explicit option
Also, don't call resolve/reject callbacks if they weren't provided.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
14765599f3 Delete individual message
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
80a2a01e37 Remove jitter on verifying/unverifying safety number
On every click, even when sub-panes were open, we were calling
markRead(), which would save the conversation model with the new
unreadCount. The KeyVerificationPanelView was wired up to the change
event on conversation, so it would render with the results of that
update, then finally the user's intended update.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
12b2674bde Show size of files even if size not precomputed for attachment
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9ba5aaa54d Verification sync logging: include whether it was from contact sync
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4124d5cb9b Show 'Message not sent' only if 'Some recipients failed' not showing
Also switch up the visual style for 'Some recipients failed' text to
match the more-visible 'Message not sent' text and the 'Resend' link.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
25243ad9de Send warning: Show single problematic group member, not group name
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
697079cf9b Add else handlers with logging in toggleVerified catch handler
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
8112cd220a Show warning when we discover key change on verify
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
91f50c028f Unify processVerifiedMessage with Java implementation
This removes our support for the New Key/DEFAULT case, which iOS will
sync to us. Why? Because it ensures that in out of date scenarios, we
don't lose the higher-security state we were in previously.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5bba6d3f17 setTrusted() -> setApproved() to dismiss the five-second warning
This change makes sense, since there was already a reference in the code
to the then-nonexistent setApproved()!

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
23a806a6b1 removeAllSessions: properly reject in failure cases
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
7ab20f09cc Fix focus issues with identity key send view
Tabbing right after entering the view would cause everythign to go crazy
as focus went back to the pane you were just on. This change both sets
the proper focus on load of that view (on the cancel button) and hides
other panes when they aren't active, only making them visible again when
they are once again the 'top' pane.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ff4fde651c Make it clear in conversation just some recipients failed
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
12914307f1 Improve experience when discovering identity key error on send
New experience in the Message Detail view when outgoing identity key
errors happen, matching the Android View.

'View' button is only shown on outgoing key errors right now.

When a contact with an outgoing identity key error is clicked, they are
taken to a view like the popup that comes up on Android: an explanation
of what happened and three options: 'Show Safety Number', 'Send Anyway',
and 'Cancel'

Contacts are now sorted alphabetically, with the set of contacts with
errors coming before the rest.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
b6cca41a0c Update verification-related strings to better match mobile app
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
f654532fa8 Handle UNVERIFIED sync verification messages (via contact sync)
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
20451cc827 Show verified/keychange notifications when actually relevant
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e91f2d0377 Miscellaneous wire-up to ensure that failures propagate
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
aa83bc1dab Ensure all sessions are archived on profile fetch
If the key has changed, saveIdentity will archive sibling sessions, but not the
session for the device it was called on. Therefore we have to archive that one
by hand.

Also switch from saving the identity of an OutgoingIdentityKeyError to just
triggering a profile fetch, mostly for consistency, simplicity, and DRYness.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3206536d47 Fix deadlock in saveIdentity
Archive only sibling sessions so as not to block on the same device lock as the
protocol lib.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
e5e4eab9c5 Add archiveSiblingSessions
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
982e7f962c Update libsignal-protocol
// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e2ee63efaa m.get('sender') -> m.isIncoming(), filter in getLoadedUnreadCount
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5b46ef3562 Show last seen indicator for keychange/verification notifications
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1fedc75e5d Handle unverified length of zero
This can happen with unknown groups, where we don't know the list of
members but we're receiving messages. It's generally not a good
experience, but we shouldn't crash.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
224140c911 OutgoingMessage: Provide proper timestamp for replayability
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5d1150e5bc Fix call to reloadDevicesAndSend - it returns a function
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
f414c13220 Protos: Update to optional verified in sync (was: repeated)
This means that we no longer need to iterate.

FREEBIE
2017-08-04 12:03:25 -07:00
lilia
fdce4cfc7c Fix failed identity key sync from contact sync
These were failing because ByteBuffers from the protobufs need to be converted
to ArrayBuffers. Fixed by useing the existing handler in MessageReceiver to
process verified messages from contact sync messages and dispatch them as their
own events, reducing some complexity on the application side.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
78094102bd Message.send: Add promise to array for consistency
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4ee4ad80c3 Message.send - check for missing identityKey, also add logging
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
551aa24e9a OutgoingMessage: A few code style tweaks to make things readable
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
116e4d2eeb OutgoingMessage: Reduce the calls to registerError
In some cases, due to promise chaining and error propagation, we were
calling registerError more than once for a given error. This would then
cause the overall callback for the send operation to be called with a
partial set of errors, as well as duplicates.

Note: we do need to find a way to attach identityKey to the
OutgoingIdentityKeyError in the case where it comes directly from the
encrypt() instead of our pre-key operations.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
30bc3fca3a MessageView: Be resilient to multiple renders of a network error
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5e62d0cfd8 Update identity key after a send error tells us it has changed
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
22208ec3f8 Fix: Conversation.updateVerified fails when convo not yet in db
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
9f4fcc5afa Send null messages to mask verified syncs
First construct a null message of random size and contents and send it to the
destination. Then include that same padding in the verification sync.

Note that the sync message is additionally randomly padded like all other sync
messages.

This lets Verified sync messages appear the same as normal sync message traffic.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
bb9c97b960 Support for receiving null messages
Just log em for debugging. Also update the error messge thrown when we get a
content message with no supported properties. It may be empty or may just have
an unrecognized field.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
243fd68904 Handle verified state from contact syncs
Treat it just like an isolated verified state sync

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1e93b12b90 Update protos with support for null messages
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
6e758fc1ea Randomly pad all sync messages
WhisperSystems/libsignal-service-java@c46cdc0aa5

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
7bfb66b13b processVerifiedMessage: Archive all sessions when key changes
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
827addf628 Log on receipt of verified sync after we've processed the state
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d7054f4b63 Archive sessions whenever an identity key changes
Sessions established with the previous identity should no longer be used for
sending, so we should close them.

Since we've added this call to saveIdentity, we can omit the call to it after
profile fetches.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0056cbefc1 processVerifiedMessage: Trigger keychange event when key differs
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0db2ef9e7f Refactor: combine Conversation.setVerified/setVerifiedDefault
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
d1fa28b706 Object.assign -> _.extend(), for to make Chrome 45 and below work
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1e8ae774a2 Differentiate between local and remote trust decisions
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
20f4d48991 Protos: Move to latest iteration of verification protos
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3acfda3a56 Archive sessions on key changes after profile fetch
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4232f5711c Handle identity key change errors on encrypt
We need to capture key change errors from the protocol library when we call
encrypt. Previously we would only see these on session init.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4f2f622598 Apply special handling to verification sync messages
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1614a6f1b8 Add special handling for verification sync
processVerifiedMessage checks the current state of the database against the
identity key from an incoming verification sync message to determine whether or
how to update our local record.

When syncing a DEFAULT status and we have no local record, it's a no-op, but
we'll log it.

When syncing a DEFAULT status and we have non-default record with the same key,
mark it as default.

When syncing a VERIFIED status and either:
  1. we have no key on record,
  2. we have have a different key on record, or
  3. we have the same key on record, but not verified
mark it as verified.

Otherwise do nothing.

References: https://github.com/WhisperSystems/Signal-Android/blob/master/src/org/thoughtcrime/securesms/util/IdentityUtil.java#L129

// FREEBIE

Ensure processVerified resolves
2017-08-04 12:03:25 -07:00
lilia
c60919ca0e Update setVerified to take an optional key argument
If specified, the existing local key must match the given one or we will not
update the record.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
16433d661a Show call to action on group member list when verifying
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
31bf05e14a Add verified state summary to top of safety number screen
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
11372b4e00 Add icons for keychange and expiration timer in-conversation items
The shield matches the Android app's key change notification, and the
clock icon was easy to do and makes it easier to visually distinguish
those items in the conversation history.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c714fb6dbf Shadow/icon/blue for banner, better verify advisories in dark theme
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1d7cbc14fd Fix a couple bind()) issues when getting verified state
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
b0dbecb4e2 Check trust store for identity key information on every new message
It's debounced so it doesn't go too crazy.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
782c484680 Check trust store for latest identity key info before sending
We definitely want the latest information from our local database before
attempting to send.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
fc39241003 Ensure that we pull verified state only after getting profiles
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4a1dc46ab3 Fixes to get local verification and sync messages working
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c43d96904d Move to the real verify/trust APIs
This wires up verification sync messages, verification and trust checks
to the trust store instead of using mocked data.

FREEBIE
2017-08-04 12:03:25 -07:00
lilia
52481d1d13 Support for sending and receiving verification sync messages
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
475d607fd0 Prepare for verification sync messages: receiver, ready to send
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
aebf4b32d6 Conversation.updateLastMessage: fix indent, use of null message
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
36c28296e9 Remove extraneous logging
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9b864c8675 Re-render verified change conversation items when convo changes
If the contact's name changes, for example.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1cf9289b1a Add items to conversation history when user verifies/unverifies
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
a827334c3e Allow re-send of messages in msg detail view on OutgoingKeyError
We also show more errors than we used to in the MessageDetail screen
to help make it clear what is happening, and why the user would need to
re-send.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
688cae6374 Remove empty string class passed to contact template
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
8264f3ba33 Make the term 'Verified' fully localizable
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e9968c3118 Remove comments after NewGroupUpdateView investigation
It doesn't run today - it depends on RecipientsInputView, which depends
on Backbone.TypeaheadCollection which doesn't currently exist in the
product.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
8d29cb9830 Prevent access to Safety Number when talking to yourself
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c7e385eb38 Remove 'safety number approval' option from settings dialog
Also sync templates in test/index.html and background.html

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9204188aa3 A bit of cleanup after some early code review
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
2955c36b3e Confirmation dialog: Make keyboard-accessible: escape to cancel
And proper tab order. Then some more work to re-focus on the message
composition field after the dialog shows up and steals focus.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
243cbd8123 Confirmaton on send, banner when 'unverified'
Not yet using the new APIs, but ready to. Still to do:
- Send sync messages on trust decisions
- Respond to received trust decision sync messages
- Show trust decisions in the conversation history
- In that rare situation where a sent message ends up with a key error
  make it easy to retry the send.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
bedf10056b Support for group-member verifications via second-level panel
Also:
- All the necessary wire-up to update things in real time. If you have
a safety number page up via a group member view as well as via a 1:1
conversation with that contact, they'll both be updated as the
underlying model changes. Similarly, the overall group will update
in real-time as members change.
- A bit of special-casing for yourself in a group conversation - you're
shown as 'me' and are not clickable, where normally that would take you
to the Safety Number screen for that contact. You are also not included
in the trust calculations for a given group.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ae3587f05e Move all instances of 'verify identity' to 'show identity'
As discussed in standup this morning - only the act of verifying or a
statement about current status should use that word 'verify.'

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
ee0b0f5ffb Remove all concept of 'key conflict' from the app 2017-08-04 12:03:25 -07:00
lilia
0e0f14723e Rename model IdentityKey -> IdentityRecord
Reduce ambiguity in between the record itself, which now stores other
information besides the public key, and its `publicKey` attribute, which
contains an ArrayBuffer of key material.

This model is internal to SignalProtocolStore.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
aa6dbb2e59 Preserve UNVERIFIED status on key change
Don't revert it to default, which would effectively downgrade the security model
for that contact.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
12d9bb61c3 Let removeIdentityKey delete the entire record
Previously we would only clear the publicKey since that was the only attribute,
but now we should delete the entire record. This method is currently only called
from tests.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d1858de39b Default nonblockingApproval to false
saveIdentity is invoked with only two arguments from the protocol layer, in
which case we should default nonblockingApproval to false.

76c28cfa7a/src/org/thoughtcrime/securesms/crypto/storage/TextSecureIdentityKeyStore.java (L87)

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
261ec003ee Account manager calls saveIdentityWithAtttributes
saveIdentityWithAtttributes allows directly setting all properties of an
identity key record. In AccountManager we use it to save our own identity
key after a new registration.

Previously we would remove the existing key first in order to coerce firstUse to
true, but now we can simply set it explicitly, along with a VERIFIED status.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
2a76bb6fc2 Add new methods to identity store
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
50dd9c6772 Add identityKey model validation
This will enforce that all identity record attributes are valid and present
before allowing the record to be saved. This is necessary since we will be
exposing a lower-level method to save an identity with explicit values for
firstUse, nonblockingApproval, and verified status.
2017-08-04 12:03:25 -07:00
lilia
b93042f12f Add verified status
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
c6bfdec84d Remove blockingApproval
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
53e7e1be3a Fix libsignal-protocol using wrong direction flag
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
6fdd0f1625 Handle identity errors on decrypt
Previously we only expected these errors to occur when decrypting prekey
messages, so we need to add handling for them in the case of a normal message.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
f095a1583e Fetch profiles whenever conversations are opened
For a group, fetch everyone's profile.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d295fa7057 Update libsignal-protocol
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
1b9eb83422 Update isTrustedIdentity for directional trust
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4e4aedd4ba Pass in non/blockingApproval args to saveIdentity
Multiple cases here:
1. setting our own key on registration
1. changing identities from a safety number change dialog

Note that removeIdentityKey runs before saveIdentity, so we'll always end up
with firstUse: true on our own key.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3ca511a10a Unwrap removeIdentityKey from calls to saveIdentity
saveIdentity is now reponsible for determining firstUse, so we must not remove
the existing key before updating it.

Previously, the implementation provided an extra check against overwritting an
existing key, but that should be done via isTrustedIdentity instead.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
82469713d2 Update saveIdentity
Add support new blockingApproval and nonblockingApproval arguments
Populate the firstUse property on identity key records
Return whether an existing record was overwritten.

References
https://github.com/WhisperSystems/Signal-Android/commit/39d4a7#diff-69ede72c549da6bcbcd959935995b7e9R45

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4d4dd3341f Add isBlocking/isNonBlockingApprovalRequired
These analyse the identity key record and user preferences to determine whether
a key requires approval for sending.

// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
22e907a8d4 Add getProfile to MessageSender
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
0c5a69cce4 Add support for getProfile to TextSecureServer
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
9f4a657e8a Add database migration
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3afe378063 Remove legacy property from OutgoingMessage 2017-07-05 18:05:56 -07:00
lilia
d47ced1199 Don't recompute outgoing message padding
We can use the same padded plaintext across multiple numbers or attempts rather
than re-creating it every time we encrypt to a particular number.

// FREEBIE
2017-07-05 18:05:56 -07:00
lilia
30201969be Inline some functions in OutgoingMessage
Since we no longer have legacy messages to send, we can simplify things a bit
here.

// FREEBIE
2017-07-05 18:05:56 -07:00
lilia
e8548879db Stop sending legacy DataMessages 2017-06-20 17:57:27 -07:00
Scott Nonnenberg
3fbd1ab618 Use error.stack instead of error for console log
Chrome/V8 give you the error name, message and callstack at that
property, where toString() gives you [object NavigatorUserMediaError]

FREEBIE
2017-06-20 16:57:11 -07:00
Scott Nonnenberg
98f88607a0 Remove recorder UI when we fail to 'getUserMedia'
FREEBIE
2017-06-20 16:57:11 -07:00
Scott Nonnenberg
24174312b9 Fix: Show attachment views; they trigger update syncrhonously
FREEBIE
2017-06-16 10:52:57 -07:00
Scott Nonnenberg
2b5e56f6be Use setElement to ensure that re-parented views listen for events
FREEBIE
2017-06-15 16:28:15 -07:00
Scott Nonnenberg
40651f44ab
MessageView.appendAttachmentView: Remove from proper parent
FREEBIE
2017-06-08 19:59:22 -07:00
Scott Nonnenberg
f602ac462f A little cleanup in ConversationView.resetLastSeenIndicator
FREEBIE
2017-06-08 17:04:07 -07:00
Ikarulus
1021f835fe changes due to feedback 2017-06-07 15:53:14 -07:00
Ikarulus
068cf5092c fix typo 2017-06-07 15:53:14 -07:00
Ikarulus
ec3278ca3a add message length warning for android clients 2017-06-07 15:53:14 -07:00
Scott Nonnenberg
d269751dbc Conversation.markRead: Return a promise so queueJob works
FREEBIE
2017-06-07 15:46:21 -07:00