* Log when we get a blocked numbers sync message
* Save three old signed keys in addition to the current active
* Remove the mystery from all the error-related log messages
* Log successful load of signed key - to help debug prekey errors
* removeSignedPreKey: Don't hang or crash in error cases
* Log on top-level unhandled promise rejection
* Remove trailing comma in param list, Electron 1.6 does not like
* Harden top-level error handler for strange object shapes
* web requests: Don't fail if JSON not well-formed in error cases
Turns out that before our move to node-fetch, we ignored JSON.parse()
failures: https://github.com/WhisperSystems/Signal-Desktop/pull/1552/files#diff-1103a6aff0f28b6066715c6994278767L37518
* Update to libsignal v1.2.0, delete sessions on reset session
Previously we only archived sessions when sending or receiving a
'reset secure session, which didn't match up with the mobile apps.
* Refactor delivery receipt event handler
* Rename the delivery receipt event
For less ambiguity with read receipts.
* Rename synced read event
For less ambiguity with read receipts from other Signal users.
* Add support for incoming receipt messages
Handle ReceiptMessages, which may include encrypted delivery receipts or read
receipts from recipients of our sent messages.
// FREEBIE
* Rename ReadReceipts to ReadSyncs
* Render read messages with blue double checks
* Send read receipts to senders of incoming messages
// FREEBIE
* Move ReadSyncs to their own file
// FREEBIE
* Fixup old comments on read receipts (now read syncs)
And some variable renaming for extra clarity.
// FREEBIE
* Add global setting for read receipts
Don't send read receipt messages unless the setting is enabled.
Don't process read receipts if the setting is disabled.
// FREEBIE
* Sync read receipt setting from mobile
Toggling this setting on your mobile device should sync it to Desktop. When
linking, use the setting in the provisioning message.
// FREEBIE
* Send receipt messages silently
Avoid generating phantom messages on ios
// FREEBIE
* Save recipients on the outgoing message models
For accurate tracking and display of sent/delivered/read state, even if group
membership changes later.
// FREEBIE
* Fix conversation type in profile key update handling
// FREEBIE
* Set recipients on synced sent messages
* Render saved recipients in message detail if available
For older messages, where we did not save the intended set of recipients at the
time of sending, fall back to the current group membership.
// FREEBIE
* Record who has been successfully sent to
// FREEBIE
* Record who a message has been delivered to
* Invert the not-clickable class
* Fix readReceipt setting sync when linking
* Render per recipient sent/delivered/read status
In the message detail view for outgoing messages, render each recipient's
individual sent/delivered/read status with respect to this message, as long as
there are no errors associated with the recipient (ie, safety number changes,
user not registered, etc...) since the error icon is displayed in that case.
*Messages sent before this change may not have per-recipient status lists
and will simply show no status icon.
// FREEBIE
* Add configuration sync request
Send these requests in a one-off fashion when:
1. We have just setup from a chrome app import
2. We have just upgraded to read-receipt support
// FREEBIE
* Expose sendRequestConfigurationSyncMessage
// FREEBIE
* Fix handling of incoming delivery receipts - union with array
FREEBIE
Without this change, there's a race condition for the notification we
show when we get the 'empty' event after a large backlog download. Four
messages may have come in, but the last might not be notified. So the
count shown would be three. And then, when the final message's notify()
call finishes, another notification would be shown.
FREEBIE
This prevents the parade of notifications if a machine wakes up from
sleep. Basically covers situations that the loading screen doesn't
already.
When disabled, notifications will be cached until they are subsequently
re-enabled, at which time all the pending notifications will be summarized.
From the background page, notifications are disabled during connection attempts
until an empty event. This means we can always safely call conversation.notify
to queue a notification for the next batch, dropping some options from message
and conversation model methods.
We've also moved the calls to check window focus and draw attention to the
window, which were previously included in the conversation model, but are now
performed by the Notification system, because the time that the notification is
displayed might be some time after the message is added by the conversation, so
decisions about focus and attention should be made in that moment and not
before.
// FREEBIE
Found a number of 'Illegal buffer' errors in an Electron log submitted
today. As far as I can tell, these same profiles are succeedig for me,
so it's time to collect more data.
FREEBIE
* Add AES-GCM encryption for profiles
With tests.
* Add profileKey to DataMessage protobuf
// FREEBIE
* Decrypt and save profile names
// FREEBIE
* Save incoming profile keys
* Move pad/unpad to crypto module
// FREEBIE
* Support fetching avatars from the cdn
// FREEBIE
* Translate failed authentication errors
When AES-GCM authentication fails, webcrypto returns a very generic error. The
same error is thrown for invalid length inputs, but our earlier checks in
decryptProfile should rule out those failure modes and leave us safe to assume
that we either had bad ciphertext or the wrong key.
// FREEBIE
* Handle profile avatars (wip) and log decrypt errors
// FREEBIE
* Display profile avatars
Synced contact avatars will still override profile avatars.
* Display profile names in convo list
Only if we don't have a synced contact name.
// FREEBIE
* Make cdn url an environment config
Use different ones for staging and production
// FREEBIE
* Display profile name in conversation header
* Display profile name in group messages
* Update conversation header if profile avatar changes
// FREEBIE
* Style profile names small with ~
* Save profileKeys from contact sync messages
// FREEBIE
* Save profile keys from provisioning messages
For standalone accounts, generate a random profile key.
// FREEBIE
* Special case for one-time sync of our profile key
Android will use a contact sync message to sync a profile key from Android
clients who have just upgraded and generated their profile key. Normally we
should receive this data in a provisioning message.
// FREEBIE
* Infer profile sharing from synced data messages
* Populate profile keys on outgoing messages
Requires that `profileSharing` be set on the conversation.
// FREEBIE
* Support for the profile key update flag
When receiving a message with this flag, don't init a message record, just
process the profile key and move on.
// FREEBIE
* Display profile names in group member list
* Refresh contact's profile on profile key changes
// FREEBIE
* Catch errors on profile save
// FREEBIE
* Save our own synced contact info
Don't return early if we get a contact sync for our own number
// FREEBIE
On a recent trip through a CPU profile taken while Signal Desktop
churned through a large backlog of messages, it was clear that
console.log was a major source of time spent, primarily the sort
operation required after every new entry is added to the Backbone
collection. So, three different techniques to combat this:
1) Reduce the maximum number of entries in the collection from 5k to 2k
2) No more logging of add/update/remove queue in MessageReceiver
3) No more log entries in Message.handleDataMessage main codepath
FREEBIE
* Don't show notifications for verified state change with yourself
It's confusing to users, and it really doesn't mean anything anyway.
FREEBIE
* Add log statement that we've suppressed a verified notification
FREEBIE
* Fetch all conversations on startup of app, not on inbox load
A recent change to fetch conversations less didn't take into account all
that can happen in the app without the inbox loaded. That only happens
when the window is shown, and messages can come in with the app in the
background. In that case, the conversation wouldn't have been loaded
from the database, but would be saved to the database anyway, losing
data.
This change fetches all conversations as soon as the the data store is
ready for a fetch. It also introduces failsafe throws to ensure that
synchronous ConversationController accesses don't happen until the
initial fetch is complete. A new getUnsafe() method was required to
account for some of the model setup that happens during that initial
conversation fetch.
Fixes#1428
FREEBIE
* Fix tests: ConversationController.load() required before get()
FREEBIE
* Fetch conversations once, clean up ConversationController API
Race conditions around re-fetching have caused some problems recently,
so this removes the need to re-fetch conversations. They are fetched
once or saved once, and that is it. All interaction goes through the
ConversationController, which is the central source of truth.
We have two rules for Conversations:
1. If a conversation is in the ConversationController it doesn't need
to be fetched, but its initial fetch/save might be in progress. You
can wait for that fetch/save with conversation.initialPromise.
2. If a conversation is not already in the ConversationController, it's
not yet in the database. It needs to be added to the
ConversationController and saved to the database.
FREEBIE
* Remove Conversation.fetch() call in Message.handleDataMessage()
FREEBIE
* ConversationController.API cleanup: Fix two missing spots
FREEBIE
- How long it takes to get a message through the pre-send checks
- How long it takes to open a conversation for the first time
- The timestamp of any message we send to corellate with other logs
- Add conversation ID to 'decrypt old identity key errors' start/end
FREEBIE
isVerified and isUntrusted both went to the protocol layer, but were not
prepared for rejected promises resulting from missing records. This
prevented send in large groups where there has never been a message
exchanged with one of the members.
FREEBIE
Fix too-aggressive verification notifications on startup by starting a
conversation with the right initial verified state, and then making sure
to fetch() before setting a new verified state.
FREEBIE
New experience in the Message Detail view when outgoing identity key
errors happen, matching the Android View.
'View' button is only shown on outgoing key errors right now.
When a contact with an outgoing identity key error is clicked, they are
taken to a view like the popup that comes up on Android: an explanation
of what happened and three options: 'Show Safety Number', 'Send Anyway',
and 'Cancel'
Contacts are now sorted alphabetically, with the set of contacts with
errors coming before the rest.
FREEBIE
If the key has changed, saveIdentity will archive sibling sessions, but not the
session for the device it was called on. Therefore we have to archive that one
by hand.
Also switch from saving the identity of an OutgoingIdentityKeyError to just
triggering a profile fetch, mostly for consistency, simplicity, and DRYness.
// FREEBIE
Sessions established with the previous identity should no longer be used for
sending, so we should close them.
Since we've added this call to saveIdentity, we can omit the call to it after
profile fetches.
// FREEBIE
We also show more errors than we used to in the MessageDetail screen
to help make it clear what is happening, and why the user would need to
re-send.
FREEBIE
Not yet using the new APIs, but ready to. Still to do:
- Send sync messages on trust decisions
- Respond to received trust decision sync messages
- Show trust decisions in the conversation history
- In that rare situation where a sent message ends up with a key error
make it easy to retry the send.
FREEBIE
Also:
- All the necessary wire-up to update things in real time. If you have
a safety number page up via a group member view as well as via a 1:1
conversation with that contact, they'll both be updated as the
underlying model changes. Similarly, the overall group will update
in real-time as members change.
- A bit of special-casing for yourself in a group conversation - you're
shown as 'me' and are not clickable, where normally that would take you
to the Safety Number screen for that contact. You are also not included
in the trust calculations for a given group.
FREEBIE
Multiple cases here:
1. setting our own key on registration
1. changing identities from a safety number change dialog
Note that removeIdentityKey runs before saveIdentity, so we'll always end up
with firstUse: true on our own key.
// FREEBIE
saveIdentity is now reponsible for determining firstUse, so we must not remove
the existing key before updating it.
Previously, the implementation provided an extra check against overwritting an
existing key, but that should be done via isTrustedIdentity instead.
// FREEBIE
We will now always attempt to mark things unread if this method. If the
conversation's unreadCount gets out of date, set to zero, we will still
do it. If we go through the motions, and nothing is newly marked read,
we will still set the unreadCount to zero.
We queue the job because we often get a whole lot of read receipts at
once, and their markRead calls could very easily overlap given the async
pull from DB.
We also disable read receipts for any message marked read due to a read
receipt. That's a notification explosion we don't need.
FREEBIE
We mark as read everything older than this message - to clean up old
stuff still marked unread in the database. If the user generally doesn't
read in the desktop app, so the desktop app only gets read receipts, we
can very easily end up with messages never marked as read (our previous
early read receipt handling, read receipts never sent because app was
offline).
FREEBIE
This is no longer guaranteed to be true. If you're scrolled up in a
conversation, you may not have read all messages. Setting the
unreadCount to zero will prevent the user from marking any of their
existing messages as unread until something else happens, like receiving
a read receipt or new message.
FREEBIE
- Only mark messages read when scrolling if in focus and visible
- Remove last seen indicator when scrolling to the bottom with scroll
down button
- Update last seen indicator when we don't already have one and we're
scrolled up.
FREEBIE
Check for early read receipts for an incoming messages *after*
processing the expireTimer on that message. Then we can set
expirationStartTime appropriately if an early receipt is found.
Closes#950
// FREEBIE
Bind a single listener to keychange events from the storage interface,
which then looks up relevant conversations and adds notices to them,
with tests.
Previously we would need to instantiate a conversation model in order to
start listening to its key change events. In practice this usually
happens at startup but we shouldn't rely on it, and it incurs higher
overhead since it creates a different listener for each conversation.
// FREEBIE
This reverts commit a768b94471.
d2ddfc7 was enough to fix#989. Removing unregistered members from the
group (as opposed to silently ignorning them) creates greater potential
for getting out of sync with the member lists on other devices.
// FREEBIE
Previously, updateNumbers would throw an Error, so the whole group
update was discarded.
Signal-Android handles this the same way in
GroupMessageProcessor.handleGroupUpdate().
Closes#1056
Don't set lastMessage, let it update itself as needed, such as when
first rendering a conversation list item, and when its messages are
sent, received, or destroyed.
Let received_at be the current time for keychanges. This avoids them
being inserted in the wrong place in the thread.
Use the newmessage event to trigger frontend listeners to add them to
the conversation view if it is open.
There are some cases when we want to initialize a group object without
loading its contacts, such as while processing delivery receipts. We
really only need to load the contacts for a group/convo when we are
rendering it, so let the front end handle those cases (which most of
them do already).
When initialized, or when expiration-related attributes change, expiring
messages will set timers to self-destruct. On self-destruct they trigger
'expired' events so that frontend listeners can clean up any collections
and views referencing them.
At startup, load all messages pending expiration so they can start their
timers even if they haven't been loaded in the frontend yet.
Todo: Remove expired conversation snippets from the left pane.
Move away from inline style attributes for setting contact colors.
Apply colors by name via css classes instead. Also lays groundwork
for syncing contact colors.
// FREEBIE
In some cases, we have already received a read receipt for an incoming
message by the time we go to create a notification about it. In this
case, we should skip the notification.
// FREEBIE
Fixes a session management problem where, after resolving a conflict
with some contact, that contact would get bad mac as a result of us
sending them a new prekey message before processing a pending conflicted
prekey message received from them earlier.
Fixes#806
// FREEBIE
In the case of a double send (same message encrypted and sent twice due
to key conflict bug), we would mark the first instance read twice rather
than marking both instances read. Fix by searching for matching messages
that have not yet been marked read.
// FREEBIE
When deleting all messages in a conversation, the entry in the left pane
should be inserted into the alphabetical portion of the list. To keep it
in this collection, do not nullify active_at.
To ensure the list view is keeping itself correctly sorted, make sure
that resorting behavior is triggered any time a relevant attribute is
changed.
This fixes deleted conversations jumping to the top of the list, and
conversation order scrambling when getting a group or contact sync
message from our master device.
Fixes#734
// FREEBIE
For messages that failed to send due to network errors, this change
allows retrying them directly from the main conversation view rather
than only from the message detail view.
// FREEBIE
Previously, if a message was sent in between the receive time of an
incoming message and the time it is actually added to the conversation's
message collection (which only occurs later after several async
callbacks), the incoming message would be inserted not-at-the-end of the
collection since it is ordered by receive time. This tricked the front
end into assuming the message was an older message instead of a new one.
Fixes#490
// FREEBIE
Remove individual messages from Notifications when marked read.
Previously this was only done from the conversation model when marking
the entire conversation as read.
Fixes#717
// FREEBIE
Don't save the change until we successfully process the message, but
make it first so that the user sees the error disappear when the new key
is accepted.
// FREEBIE
If the replay failed due to a bad mac or other decryption error for some
other reason we still want to clear the conflict. If it failed because
it's still in conflict then the newly returned error will reflect that
and be saved.
// FREEBIE
Since the introduction of infinite scroll, the delete messages function
has only deleted the currently loaded set of messages in a conversation.
To fix this, we should fetch all the messages and then delete them.
Fixes#645
// FREEBIE
Group updates in which nothing change should still display 'Updated the
group'. Previously they would display as empty message bubbles. Fixed by
ensuring that the 'group_update' attribute is set on the model, even if
it is an empty object.
// FREEBIE
Previously, when processing a backlog of sync messages and their
delivery receipts, we would fail to mark some messages as delivered even
though we got a receipt. This was due to an async race condition between
saving a sync message and fetching it after the receipt arrives.
Fix by re-ordering idb requests such that we save the message first and
fetch it after.
Fixes#479
// FREEBIE
Refactor libphonenumber.validateNumber into libphonenumber.parseNumber,
which encapsulates the try-catch pattern used in number parsing and
returns an object of info about the input number rather tha throwing
since we expect to get some invalid number inputs the user is typing.
In the conversation model,
* Separate phone number validation from search token updating.
* Perform token update before save if the number was valid.
* Stop storing unneeded number variants as conversation properties.
// FREEBIE
Search box finds or creates a conversation given a phone number in
local (to the user's region) or international format.
Previously you had to enter e164 format to set up the conversation
correctly.
If the number is not valid, do not open the conversation.
TODO: user feedback on invalid numbers.
// FREEBIE
Previously, libtextsecure would send a sync message automatically
when appropriate. This fails if any recipient has a key conflict
or if our network connection fails mid-send.
Instead, when appropriate, return a the DataMessage encoded as an array
buffer for later syncing. This lets the application choose when to send
it, which we now do after any successful send to a recipient, rather
than after all recipients are successfully sent to.
Eventually we should move the DataMessage protobuf construction and
group sending logic to the application layer entirely, in which case
we wouldn't need libtextsecure to construct the sync message either.
Fixes#408
Only load the most recent messages when initially rendering a
conversation. Scrolling to the top of a message list loads older
messages.
This required some slight refactoring of how we insert message elements
into the dom. If the message is added to the end of the collection,
append it at the end. Otherwise, assume it is an older message and
prepend it.
When adding elements to the top, reset the scrollPosition to its
previous distance from scrollHeight. This keeps the current set of
elements fixed in the viewport.
// FREEBIE
Create a cleaner seperation between generating notifications
and updating frontend conversation views. The former is now
handled by `conversation.notify` while the latter is achieved
by triggering an event on the conversation model, which will
only be acted on if there are any views listening for it.
Additionally, instead of re-fetching the entire message history,
which is overkill, just add or update the new/modified message.
This will help speed up the newmessage event handler and also
help avoid unnecessary re-rendering when resolving key conflicts.
// FREEBIE
Follow up to ddd2e67eb5
but for incoming messages.
* Conflict state sometimes failed to be removed even though the
conflict was resolved.
* Messages failed to re-render after a conflict. We want to
re-render only the error state on outgoing messages, to avoid
flickering attachments. On incoming messages, we need to call
render to populate the message text, avatar, etc...
// FREEBIE
Previously, with a mix of text and media messages in conflict,
asynchronous callbacks aligned so as to fail to remove some of
the conflict objects on messages.
Fix by serializing conflict processing, but making sure to move
on through the message list even if some conflict resolutions fail.
Fixes#370
// FREEBIE
For non text messages (ex: media messages and group updates), the
lastMessage field was being populated with empty string, resulting in an
empty message preview in the conversation list. Instead, display 'Media
message' or 'Updated the group', etc...
// FREEBIE
Using the search field produces a filtered view of all contacts and
groups containing the input. To make this fast and scalable, add an
index on a 'tokens' array containing words from the conversation name
and different forms of phone number.
Closes#365
// FREEBIE
An exception to the previous commit, for incoming messages we should not
show a mysterious empty bubble. Instead there is some generic
non-technical error message.
// FREEBIE
Change how message errors are rendered. Errors associated with a number
will be shown under that number in the detail view rather than piling up
in the message bubble.
// FREEBIE
Fix inconsistency in error format, where we sometimes get an unexpected
Error object and sometimes get a wrapper object containing an Error.
Also start saving network errors.
// FREEBIE
Refactor outgoing message error handling to use the same success and
error handlers. This creates a somewhat strange pattern, where we call
send and pass in the promise that resolves when sending is complete, but
there's enough variety in the libtextsecure syntax for different message
sending routines that it belongs at the conversation level and only the
post-processing stuff is really shared by all messages.
// FREEBIE
The conversation's contactCollection only contains references to the
current membership, and will not provide contact info for people who
have left the group, causing their messages to render without numbers or
avatars.
// FREEBIE
Only allow one notification at a time. Use a basic notification for
normal messages, and image notification for image messages, and a list
notification when there are multiple unread messages.
// FREEBIE
