Commit graph

560 commits

Author SHA1 Message Date
lilia
9ecfe6acb0 Use SignalProtocolAddress in MessageReceiver constructor
// FREEBIE
2016-05-15 17:02:45 -07:00
lilia
213b44935d Update libsignal-protocol v0.8.0
Reorder identity key check
2016-05-15 17:02:21 -07:00
lilia
eee93987f8 Update libsignal-protocol v0.7.0
Remove unused methods.

// FREEBIE
2016-05-14 23:39:59 -07:00
lilia
6266050a67 Remove unused jobqueue
// FREEBIE
2016-05-14 23:26:34 -07:00
lilia
050ea87aaf Get device ids instead of objects
// FREEBIE
2016-05-14 23:26:33 -07:00
lilia
7939b6ae98 Remove hasOpenSession from protocol_wrapper
// FREEBIE
2016-05-14 23:26:33 -07:00
lilia
0483fa2f97 Remove closeOpenSessionForDevice from protocol_wrapper
// FREEBIE
2016-05-14 23:26:33 -07:00
lilia
0d5ec60a7a Remove handlePreKeyWhisperMessage from protocol_wrapper
// FREEBIE
2016-05-14 23:26:32 -07:00
lilia
8010a09045 Remove decryptWhisperMessage from protocol_wrapper
// FREEBIE
2016-05-14 23:26:32 -07:00
lilia
891ddacd35 Remove processPreKey from protocol_wrapper
Use SessionBuilder directly instead of protocol_wrapper

// FREEBIE
2016-05-14 23:26:32 -07:00
lilia
843036f0ce Remove getRegistrationId and encryptMessageFor from protocol_wrapper
We can now use protocol classes like SessionCipher directly because it
supports per-device read/write serialization internally.

// FREEBIE
2016-05-14 23:26:31 -07:00
lilia
284cf5be3a Update libsignal-protocol v0.6.0
Adds session accessors on SessionCipher and an internal session lock to
replace the same implemented in protocol_wrapper.js

// FREEBIE
2016-05-14 23:24:34 -07:00
lilia
92293f9da9 Update libsignal-protocol v0.5.0
Renames libsignal.util to libsignal.KeyHelper.

// FREEBIE
2016-05-13 19:47:39 -07:00
lilia
e68031019b Integrate libsignal.SessionCipher
Bypass the old protocolInstance wrapper methods and use the shiny new
SessionCipher class directly.

// FREEBIE
2016-05-12 13:13:15 -07:00
lilia
9e6ad27fc5 Update libsignal-protocol v0.4.0
// FREEBIE
2016-05-11 15:30:30 -07:00
lilia
418adff2a8 Rename device_storage_test.js
// FREEBIE
2016-05-10 19:38:44 -07:00
lilia
56238136ca Remove trivial wrapper method
// FREEBIE
2016-05-10 19:38:44 -07:00
lilia
78cdc0cb52 Remove tempKeys
Now that we simply establish and save a session via SessionBuilder
rather than saving the keys to pass in during encrypt, we can stop
caching them in memory in between the identity key check and the
encryption step.

// FREEBIE
2016-05-10 19:38:42 -07:00
lilia
519d3ec31b Update libsignal-protocol
// FREEBIE
2016-05-10 19:24:33 -07:00
lilia
9f871db48a Update libsignal-protocol / Update prekey format
Integrates change in prekey object formatting, which now matches more
conveniently with the representation rendered by the server.

// FREEBIE
2016-05-04 00:33:05 -07:00
lilia
f173104c82 Tests for isTrustedIdentity
// FREEBIE
2016-05-04 00:25:01 -07:00
lilia
b385b6e48e Update libsignal-protocol
SessionBuilder / SessionRecord refactor.

// FREEBIE
2016-05-04 00:05:37 -07:00
lilia
e659104cbf Add isTrustedIdentity to SignalProtocolStore
Adds a new required storage method for the protocol library.

// FREEBIE
2016-05-03 23:58:57 -07:00
lilia
7dcaf721ca Add keepalive logging
// FREEBIE
2016-04-28 11:27:15 -07:00
lilia
91bdd37019 Fix tests
// FREEBIE
2016-04-22 13:48:56 -07:00
lilia
b160556d6e Change filename
// FREEBIE
2016-04-22 13:43:31 -07:00
lilia
9a1a3bdf64 Rename axolotl to libsignal
// FREEBIE
2016-04-22 13:43:30 -07:00
lilia
6bffd50009 Fix comment
// FREEBIE
2016-04-22 13:43:30 -07:00
lilia
1d60dc38fb Rename axolotl storage
// FREEBIE
2016-04-22 13:43:30 -07:00
lilia
ee3bc11e3c Rename axolotlInstance
// FREEBIE
2016-04-22 13:32:19 -07:00
lilia
0fe3497d0e Update libsignal-protocol
Remove remaining refs to axolotl from lsp.

// FREEBIE
2016-04-22 13:29:31 -07:00
lilia
4169336776 Update libsignal protobuf package name
// FREEBIE
2016-04-21 19:30:34 -07:00
lilia
c1e1dd97ba Change libsignal-protocol filenames
// FREEBIE
2016-04-21 18:42:43 -07:00
lilia
b1d370755a Rename AxolotlStore
// FREEBIE
2016-04-21 18:36:17 -07:00
lilia
1fe5d63015 Update protocol libs
Rename storage functions

// FREEBIE
2016-04-21 18:36:16 -07:00
lilia
6a928e3377 Fix reference error in MessageReceiver from fe82e4
Fix a reference error when resolving a key conflict on an incoming end
session message. See Signal-Android/5438.

// FREEBIE
2016-04-18 16:01:46 -07:00
lilia
2d6d2a92b9 Update libaxolotl
// FREEBIE
2016-04-06 17:33:06 -07:00
lilia
af392c077d Update libaxolotl
// FREEBIE
2016-04-03 14:25:30 -07:00
lilia
7e2c6fd6bc Remove unused argument
// FREEBIE
2016-04-01 18:12:38 -07:00
lilia
ddcdc9e2ff Log on prekey messages
// FREEBIE
2016-03-30 17:18:15 -07:00
lilia
960519d296 Add debug logging
// FREEBIE
2016-03-29 12:35:37 -07:00
lilia
2128ee63aa Update libaxolotl
// FREEBIE
2016-03-14 11:28:53 -07:00
lilia
84235ef58e Use forEach instead of loop
// FREEBIE
2016-03-13 14:15:16 -07:00
lilia
c02054d5da Pass ciphertext as ArrayBuffer instead of string
// FREEBIE
2016-03-13 04:56:30 -07:00
lilia
6053fe67ba Use built-in string conversion on protobuf
In lieu of a global helper.

// FREEBIE
2016-03-13 04:56:29 -07:00
lilia
3e0bce2b21 Move, rename, and simplify toArrayBuffer helper
This function is only ever used to convert groupIds from strings to
array buffers in sendmessage.

// FREEBIE
2016-03-13 04:56:28 -07:00
lilia
c22a205d2e Remove unnecessary conversion from test
// FREEBIE
2016-03-13 04:56:28 -07:00
lilia
7dff9ac51b Update libaxolotl
// FREEBIE
2016-03-13 04:56:27 -07:00
lilia
57d64fe669 Fix session corruption due to database races
Prevent races between encrypt and decrypt calls, and other read/write
operations on the session store by serializing session io ops per
device.

Possible fix for #535

// FREEBIE
2016-03-10 18:37:18 -08:00
lilia
5f07c74f1a Add log statement when opening provisioning socket
Make it more obvious via logs which server someone is attempting to
register with (i.e., to disambiguate staging from prod).

// FREEBIE
2016-02-29 05:08:07 -08:00
lilia
2b7cbef8b1 Rename a function
Avoid confusing this operation with actual receipts, which are something
else.

// FREEBIE
2016-02-26 12:41:29 -08:00
lilia
8fdf58971c Add missing semicolons
// FREEBIE
2016-02-24 23:10:17 -08:00
lilia
c3bbdb393f Refactor media uploading step
Move this to its own function which encapsulates the error handling for
it.

// FREEBIE
2016-02-24 23:10:17 -08:00
lilia
44b1a6451d Add validation to Message class
// FREEBIE
2016-02-24 23:10:16 -08:00
lilia
781ada64ca Add libtextsecure support for syncing read messages
Plumbing for sending and receiving a new sync protobuf for marking
messages read on/from my other devices.

// FREEBIE
2016-02-22 17:11:17 -08:00
lilia
010297f4c5 Track groups I've left
// FREEBIE
2016-02-22 17:11:16 -08:00
lilia
7e82d1295c Handle attachment upload errors
Adds a new kind of replayable error that handles retry of pre-encryption
failures, e.g., attachment upload.

Fixes #485

// FREEBIE
2016-02-09 13:21:32 -08:00
lilia
910e37649a Let group messages use new Message class
// FREEBIE
2016-02-08 17:07:49 -08:00
lilia
3bffdd96f5 Add sendMessage to handle sending from Message class
// FREEBIE
2016-02-08 17:07:49 -08:00
lilia
ecdfa09e97 Create a helper class for constructing messages
// FREEBIE
2016-02-08 17:07:48 -08:00
lilia
b73a3aea80 Fix syntax error
// FREEBIE
2016-02-08 15:58:06 -08:00
lilia
cee2b3163a Add missing bind in messageReceiver
// FREEBIE
2016-02-08 15:49:34 -08:00
lilia
7dcad67410 Fix handleSentMessage
Missing a bind in 27fe7e3.

// FREEBIE
2016-02-05 11:11:34 -08:00
lilia
d4760452d1 Add signal agent to server requests
// FREEBIE
2016-02-04 14:13:04 -08:00
lilia
27fe7e355e Process end session flags in sync messages
Because remote clients will delete all sessions in response to an end
session message, regardless of which device it came from, when our
linked device sends an end session message, we must also end all
sessions with the destination.

This change moves the end session flag processing to processDecrypted,
which is shared between handlers of sent messages, data messages, and
messages which are re-tried after resolving identity conflicts.

// FREEBIE
2016-02-04 11:25:53 -08:00
lilia
fe82e469f2 Make end session consistent with android
Close all the sessions for a number when receiving an end session
message.

// FREEBIE
2016-02-03 17:56:24 -08:00
lilia
86132a38a8 Log envelopes and session end events
Help debug bad session errors by logging some envelope info about the
message we are about to decrypt. With this, if there is a decryption
error (e.g., bad mac or no session) it is clear from the logs what
number and device message sent the bad message.

Also log when we send and receive end session messages and when we close
sessions for certain devices.

// FREEBIE
2016-02-02 16:16:42 -08:00
lilia
7c17c5fa54 Update chai
// FREEBIE
2016-02-01 15:54:23 -08:00
lilia
1ee6a2e43f Rebuild libtextsecure test components w/ new chai
// FREEBIE
2016-01-28 18:03:51 -08:00
lilia
a9cba1471a Update our own key on re-install
Previously we would delete our own key from the trust store when
re-linking, in case it changed. We can also immediately take one step
further and store the new key. Typically this happens in the course of
requesting sync info from the master device, except in the case of
standalone clients.

Closes #596

// FREEBIE
2016-01-21 19:25:55 -08:00
lilia
30aa13079f Fix sync request argument check
Fixes #609

// FREEBIE
2016-01-15 01:40:40 -08:00
lilia
d6da77b6f4 Throw exception on bad args to SyncRequest
// FREEBIE
2016-01-14 15:57:38 -08:00
lilia
1b68e652cc Fire group sync completion event despite errors
Sometimes an error is thrown while processing groups from a group sync
message. We still want to fire the groupsync event when we're done
handling all the data, even if some of it was bad.
2016-01-14 15:44:44 -08:00
lilia
75b2c9c5de Fix crash when removing a listener
// FREEBIE
2016-01-14 15:44:43 -08:00
lilia
f7c4fd2fed DRY up event target implementations
Dedupe event target code and make it extensible.

// FREEBIE
2016-01-14 15:44:42 -08:00
lilia
925c1bdb33 Add SyncRequest class
Similar in function to an xhr request, a textsecure.SyncRequest object
is initialized from a message sender and receiver pair and initiates a
request for sync from the master device. It later fires a success event
when both contacts and groups are done syncing, or a timeout event after
one minute.

// FREEBIE
2016-01-14 15:44:42 -08:00
Karel Bilek
d8381cfc47 Dispatch an event after processing a group sync
Related #521
2016-01-14 11:18:21 -08:00
lilia
96520e9fd4 Move envelope decode before ack
We should not ack envelope protobufs that fail to decode correctly. If
the server happens to send us such a thing it probably indicates a
protocol mismatch between it and the client, in which case the client
needs to update and re-receive the failed message.

// FREEBIE
2016-01-11 12:14:42 -08:00
lilia
44824df6cb Refactor for clarity
// FREEBIE
2016-01-11 11:00:44 -08:00
Matt Corallo
dac084b604 Send message ACKs immediately after recv, instead of after process 2016-01-11 10:55:53 -08:00
lilia
093eb001ff Correct log statement
Although in practice, these timestamps are often the same, they needn't
be, and when they aren't, we want the sentMessage.timestamp here.

// FREEBIE
2015-12-20 23:45:30 -08:00
lilia
d95f869d62 More logging
// FREEBIE
2015-12-17 16:42:54 -08:00
lilia
d201c65f7c More verbose logging in message receiver
// FREEBIE
2015-12-17 16:36:13 -08:00
lilia
bc576e18d5 Fix no delivery receipts on close session messages
// FREEBIE
2015-12-11 12:06:45 -08:00
lilia
9031b4c10c Update libaxolotl
Fixes #477

// FREEBIE
2015-12-08 10:51:52 -08:00
lilia
ea980b4385 Don't surface invalid attachment urls to the user
Log them, but don't put display them in user-facing error ui.

// FREEBIE
2015-12-07 16:52:45 -08:00
lilia
7b1268e5f7 Log incoming invalid attachment urls also
Same as previous commit but for incoming.

// FREEBIE
2015-12-07 16:43:59 -08:00
lilia
fe7505c050 Log invalid attachment urls
// FREEBIE
2015-12-07 16:07:10 -08:00
lilia
9c59dfda93 Remove duplicate case statement
This line was never being hit due to the duplicate one above (#L166).
Peeking at the server code shows that 403 is only given in response to
registration attempts, where it does in fact indicate an invalid code.

// FREEBIE
2015-12-05 11:07:31 -08:00
lilia
2f469835d9 Handle group quit sync messages
Previously, we would incorrectly reject group updates originating from a
linked device instructing us to remove ourselves from the group.

// FREEBIE
2015-12-04 11:25:19 -08:00
lilia
edcb28aebb Don't save a MessageCounterError
Fixes #446

// FREEBIE
2015-12-04 11:20:12 -08:00
lilia
b00d5289cf Save message timestamp for resending
Fix bug where resending due to failed network connection would fail
silently.

Broken in 7b6820 refactor which changed arguments to transmitMessage

// FREEBIE
2015-11-29 18:02:37 -08:00
lilia
e9949152bb Always return a promise from sendSyncMessage
// FREEBIE
2015-11-27 22:26:56 -08:00
lilia
acae4afce3 Handle invalid responses better
Depending on the response code, returning an HTTPError here will let us
retry later, if appropriate.

// FREEBIE
2015-11-27 22:26:56 -08:00
lilia
52b039a900 Remove unused function
This is now used only internally in libaxolotl, which provides its own
definition.

// FREEBIE
2015-11-27 14:40:20 -08:00
lilia
6445581594 Update libaxolotl
isEqual added to internal helper module

// FREEBIE
2015-11-27 14:40:19 -08:00
lilia
63cd3b2788 Use constant time mac comparison
In libtextsecure and in libaxolotl.

// FREEBIE
2015-11-27 14:40:17 -08:00
lilia
61439a886f Validate json responses
Perform lightweight validation on json responses from the server. Ensure
that the attributes we depend on have the right type.

// FREEBIE
2015-11-25 12:16:36 -08:00
lilia
b0d4370c2c Remove unused variable
// FREEBIE
2015-11-25 11:42:16 -08:00
lilia
07702c4ee5 Let the application layer send sync messages
Previously, libtextsecure would send a sync message automatically
when appropriate. This fails if any recipient has a key conflict
or if our network connection fails mid-send.

Instead, when appropriate, return a the DataMessage encoded as an array
buffer for later syncing. This lets the application choose when to send
it, which we now do after any successful send to a recipient, rather
than after all recipients are successfully sent to.

Eventually we should move the DataMessage protobuf construction and
group sending logic to the application layer entirely, in which case
we wouldn't need libtextsecure to construct the sync message either.

Fixes #408
2015-11-24 17:11:03 -08:00
lilia
5c37c3d6ce Change return type from sending messages
Pass the whole result from the outgoing message callback on to the
caller, and preserve the names of the members.

// FREEBIE
2015-11-24 17:05:25 -08:00
lilia
7b6820d2ac Refactor messageSender/OutgoingMessage
Move encrypt and transmit to OutgoingMessage
Restore per-number queueing to messageSender

// FREEBIE
2015-11-24 17:05:24 -08:00
lilia
adf8445b85 Populate registrationIds on deviceObjects
Saves us from doing so later.

// FREEBIE
2015-11-24 17:05:23 -08:00
lilia
cf85c5e25e Fix key conflict with self after master device re-install
Fix bug where re-installing would cause sync messages to fail and
produce unresolvable error indicators on messages that were actually
sent.

// FREEBIE
2015-11-24 16:20:07 -08:00
lilia
4cc6b1ff9a Validate attachment urls
// FREEBIE
2015-11-24 16:20:07 -08:00
lilia
f006bd9ddc Update libaxolotl
Removes webcrypto, fixes padding calc

// FREEBIE
2015-11-23 16:13:32 -08:00
lilia
641a7dbc6d Update libaxolotl
encryptMessageFor now requires an array buffer instead of a protobuf.

By converting the message to an array buffer outside the Promise.all, we
avoid allocating a new copy for each device.

// FREEBIE
2015-11-17 16:58:31 -08:00
codedust
5e255e9df0 Remove 'Textsecure' from error message in api.js 2015-11-13 16:07:49 -08:00
lilia
70bde5f4fa Update libaxolotl
// FREEBIE
2015-11-13 14:01:19 -08:00
lilia
596188a630 Fix protocol version check
Fixes #392

// FREEBIE
2015-11-09 16:59:53 -08:00
lilia
847fa43520 Save group members when creating groups from non-updates
Follow up to b0da4910. When inferring membership of the sender in an
unknown group, remember to save and return the group members.

Generally, this should only effect standalone clients unless someone
managed to clear their groups db table, since linked clients get group
info synced at registration.

// FREEBIE
2015-11-06 19:09:03 -08:00
lilia
a3d29a92bb Reject messages sent to groups with no members
If you're the last member of the group, it doesn't make sense to send
messages to it. Previously, we would wait forever for a callback,
causing a stuck pending state indicator.

// FREEBIE
2015-11-06 18:51:18 -08:00
lilia
675be2b569 Don't reconnect if close was called
Fixes a bug during re-registration where we continue to re-open
the socket using old credentials.

// FREEBIE
2015-11-05 13:04:29 -08:00
lilia
f863616785 Remove api TODO comments
// FREEBIE
2015-11-04 13:52:48 -08:00
lilia
80d32103d1 Clear session store when re-registering
When we re-register, our deviceId might change, which makes our sessions
are no longer valid since the recipient will see us as a new device.

Fixes #388
2015-11-04 13:52:47 -08:00
lilia
a52d35bb1b Refactor and fixup key requests
Fix a bad loop scope bug in getKeysForNumber by using forEach.
Refactor the initial process of establishing key material for devices
that do not have open sessions.

// FREEBIE
2015-11-03 16:22:26 -08:00
lilia
b18cfd75de Check for device keys in memory before requesting more
// FREEBIE
2015-11-02 14:07:52 -08:00
lilia
2b9d039837 Serialize requests for keys
Fixes #383

// FREEBIE
2015-11-02 14:07:51 -08:00
lilia
a644b7a674 Update libaxolotl
// FREEBIE
2015-10-28 16:53:09 -07:00
lilia
1065502770 Change key conflict error message
Include the contact's number in the message for more helpful debug log
output.

// FREEBIE
2015-10-28 13:46:03 -07:00
lilia
f8fd613669 Update libaxolotl
// FREEBIE
2015-10-27 14:00:41 -07:00
lilia
ac7c95fed0 Validate argument lengths in crypto.js
These functions accept an array buffer and extract an AES and MAC key
from it without verifying it has the appropriate length. Ciphertext
messages are similarly dissected. The slice function does not raise an
error on out of bounds accesses but instead returns an empty or
partially-filled array. Empty or short arrays will be passed through to
the window.crypto.subtle API, where they will raise an error. We should
not rely on the Web Crypto API to validate key lengths or for MAC checks
to fail. Instead, validate the lengths of given parameters before
extracting their components.

// FREEBIE
2015-10-27 13:58:23 -07:00
lilia
ec6898f1ab Process incoming messages in order
This may increase processing latency a bit, particularly with large
attachments, but will ensure that messages are dispatched in the order
they are received.

It would be nice to enforce ordering on only the dispatch step, so that
we could, for example, decrypt the next websocket message while waiting
for an attachment to download, but that will require a more complicated
refactor. Will stick with the quick fix for now and revisit later.

Fixes #342

// FREEBIE
2015-10-26 14:18:24 -07:00
lilia
9b12d8a978 Reconnect provisioning socket
If the provisioning socket closes, reconnect and generate a new qr code.
Fixes #371

// FREEBIE
2015-10-23 18:33:07 -07:00
lilia
01e85b68ef Handle exceptions when fetching keys for devices
It's rare that we get in a state where we have a device record without a
session, but we should handle errors gracefully in that case. Catch them
and register them, except for identity key errors which are registered
in handleResult.

// FREEBIE

fixup error handling // FREEBIE
2015-10-23 15:53:20 -07:00
lilia
12276e691b Refactor contents of sendMessageProto
This function dynamically declares a bunch of functions which bind to
its input arguments. Instead, use a new prototypal class to define
these functions within the context of a particular message.

// FREEBIE
2015-10-23 15:53:20 -07:00
lilia
a2c7ac0df9 Serialize message sending per-recipient
Add a pendingMessages object to MessageSender. This object holds
one promise per recipient number. We init this promise with
Promise.resolve(), and chain on promises for message sending, replacing
the previous promise with the newly chained promise each time. If the
current promise resolves and finds that it is still the last promise
in the chain, it removes itself.
2015-10-23 15:53:19 -07:00
lilia
9be5efc571 Simplify keepalive resets
Websocket resources should have their keepalive timers reset whenever a
message comes in. This is a nicety that slightly reduces the amount of
traffic we send when actively messaging.

Previously this was handled by MessageReceiver, but it's a bit cleaner
to just have the WebsocketResource add an extra 'message' event handler.

// FREEBIE
2015-10-23 15:44:03 -07:00
lilia
b9b01330fe Move jquery from libtextsecure components
Jquery is not required by libtextsecure, but our test coverage tool,
blanket, depends on it.

// FREEBIE
2015-10-19 12:51:59 -07:00
lilia
7414828bb3 Disable keepalive tests
These are failing because MockSocket doesn't implement an EventTarget
interface like an actual WebSocket does, so we get an exception when
trying to call addEventListener on it. :(

// FREEBIE
2015-10-11 13:18:51 -07:00
lilia
81ebc5ffd7 Improve stack traces on HTTPErrors
Save stack even earlier, outside the promise.

// FREEBIE
2015-10-11 12:12:11 -07:00
lilia
c062fe3060 Automatically retry failed http requests
If we failed to reach the server, wait a second and try again up to 3
times.

// FREEBIE
2015-10-10 19:07:00 -07:00
lilia
816a206892 Refactor sendMessageToDevices
Split into separate encrypt and transmit functions. Let the encryption
function also handle all wire formatting (ie, jsonification and base64
encoding), which simplifes TextSecureServer.sendMessages, removes a
TODO, and lets us save fewer params to make network errors replayable.

// FREEBIE
2015-10-10 16:36:30 -07:00
lilia
e9bc39bc56 Add parens and line breaks
// FREEBIE
2015-10-10 15:12:06 -07:00
lilia
0ff38e41c2 Let keepalive listen to socket events
Wait until the socket connects before starting the keepalive timer.
Automatically stop the keepalive when the socket is closed.

// FREEBIE
2015-10-05 15:05:24 -07:00
lilia
1345899253 Use reject instead of throw
This ensures that the containing promise is rejected without triggering
the side effects of an uncaught exception, such as causing the debugger
to pause.

// FREEBIE
2015-10-03 23:19:53 -07:00
lilia
a32f3ff1f6 More work on replayable errors
Expose a button that does that retries outgoing messages if possible.

// FREEBIE
2015-10-02 18:31:07 -07:00
lilia
5eabfa2559 Fix libtextsecure tests
// FREEBIE
2015-10-02 15:08:21 -07:00
lilia
5bf608598c Fix MessageSender prototype
// FREEBIE
2015-10-02 15:02:25 -07:00
lilia
b0da491025 Don't throw on unknown groups
// FREEBIE
2015-10-02 12:54:12 -07:00
lilia
8f003ea69d Don't throw if sender is not a group member
This could happen if we simply failed to process an earlier group
update correctly.

// FREEBIE
2015-10-02 10:43:34 -07:00
lilia
4a1d0ebdb9 Pass bytebuffer to axolotlInstance
// FREEBIE
2015-10-02 00:03:49 -07:00
lilia
46c9a7fafb Fix tryMessageAgain
// FREEBIE
2015-10-02 00:02:18 -07:00
lilia
9872b59355 Simplify filter predicate
Untangle a double negative to make this line shorter and easier to read.

// FREEBIE
2015-10-01 21:11:41 -07:00
lilia
0fa1069a93 Don't throw on duplicate members in a group update
Fixes #364

// FREEBIE
2015-10-01 21:11:41 -07:00
lilia
1aee065c2c Fix registration
Previously would fail to register keys by using the wrong username.
The username should be <number>.<deviceid> once we've confirmed our
account and received a deviceId from the server.

// FREEBIE
2015-10-01 20:43:30 -07:00
lilia
978b3d1a98 DRY up tryMessageAgain
// FREEBIE
2015-10-01 18:43:20 -07:00
lilia
fbb65d1988 Add replayable network errors
Support for manual message retry.

// FREEBIE
2015-10-01 18:43:20 -07:00
lilia
bc03bdbfc4 Move tryMessageAgain to MessageReceiver
`tryMessageAgain` is the routine called when re-trying a message that
failed to decrypt due to an IncomingIdentityKeyError. This handling
needs to move to MessageReceiver because it depends on
`processDecrypted` to handle incoming message protos, which depends
on a server instance in order to download attachments.

// FREEBIE
2015-10-01 18:43:19 -07:00
lilia
0fc673f25f Refactor sendmessage for prototypality
// FREEBIE
2015-10-01 18:43:18 -07:00
lilia
868695558d Throw on bad server url
// FREEBIE
2015-10-01 18:43:18 -07:00
lilia
c8a1e090d2 Move handleAttachment and processDecrypted
Make these internal methods on MessageReceiver. Todo: refactor
identity key errors to use a given message receiver.

// FREEBIE
2015-10-01 18:43:07 -07:00
lilia
a8f4bac2f7 Let makeAttachmentPointer resolve falsey arguments
Internalizing this pattern to the makeAttachmentPointer function lets us
DRY it up throughout the file.

// FREEBIE
2015-10-01 18:33:50 -07:00
lilia
9de23a967b Fix dropping the first websocket message 2015-10-01 18:33:49 -07:00
lilia
3fcd980c23 Add websocket error and close event handlers 2015-10-01 18:33:49 -07:00
lilia
78956ede2f Disable keepalive if we disconnect the socket 2015-10-01 18:33:48 -07:00
lilia
9e9d767a30 Add MessageSender
textsecure.MessageSender takes server url and credentials and returns
a message sending interface configured for that server.

Used a wrapper function to insert a TextSecureServer instance into
sendmessage.js code at runtime. This will result in function duplication
between different MessageSender objects, pending further refactoring to
use prototypal inheritence.

// FREEBIE
2015-10-01 18:33:48 -07:00
lilia
98aa5156b0 Refactor TextSecureServer for storage
Following the pattern from previous commit, let the server class accept
a url and login credentials from the caller. Then integrate into
MessageReceiver and AccountManager.

// FREEBIE
2015-10-01 18:33:48 -07:00
lilia
09bd6c7824 Lint
// FREEBIE
2015-10-01 18:33:33 -07:00
lilia
37ff3cf5a8 Change http logging
Printing method + url again makes it easier to match requests to
responses when scanning logs.

// FREEBIE
2015-09-30 14:21:52 -07:00
lilia
b8536679b3 Stop keepalive when socket closes
// FREEBIE
2015-09-30 14:21:10 -07:00
lilia
04c5f83485 Un-nest libtextsecure errors
Fix inconsistency in error format, where we sometimes get an unexpected
Error object and sometimes get a wrapper object containing an Error.

Also start saving network errors.

// FREEBIE
2015-09-30 12:44:11 -07:00
lilia
1879e73c76 Allow one more retry if we get a 409
Handle cases where we get a 409 (missing/extra devices), handle it, then
get a 410 (stale devices by registration id).

// FREEBIE
2015-09-28 14:10:50 -07:00
lilia
c8e51563a0 Refactor initial sync codepath to application layer
To reduce dependence on the message sending module, AccountManager
should send no sync requests itself.
2015-09-24 10:38:58 -07:00
lilia
6123c419d0 Remove refreshGroup
1. This is nonstandard behavior, not supported by any other clients. It
   may help sometimes but will also cause bugs (see 2)

2. iOS doesn't handle group updates with missing fields. all fields must
   be populated, and libtextsecure doesn't have any knowledge of the group
   name or avatar, so these updates will clobber group state on iOS.

// FREEBIE
2015-09-23 16:45:09 -07:00
lilia
94e1c2d123 Remove check for .humanError property
This property is no longer used by any of our errors.

// FREEBIE
2015-09-23 16:45:09 -07:00
lilia
6547538458 Use foreach instead of a loop
This syntax makes plain that the function is not used anywhere else,
and increases linearity/readability.

// FREEBIE
2015-09-23 16:45:08 -07:00
lilia
acaf7b8de2 Refactor relay consistency check
Check the device list for relay consitency and throw an exception before
attempting to encrypt to any of the mismatched devices.

// FREEBIE
2015-09-23 16:45:08 -07:00
lilia
bafc61600c Refactor sendMessageToDevices
Leverage map and Promise.all for more concise and linear code flow.
2015-09-23 16:45:07 -07:00
lilia
62c90e3925 Don't save/log websocket error
It's a generic error Event and doesn't actually contain anything useful.

// FREEBIE
2015-09-23 16:30:30 -07:00
lilia
289b82d1dc Expose messageReceiver.close
// FREEBIE
2015-09-23 16:30:29 -07:00
lilia
1d370857fc Remove unused callback arguments
Unused since d0fd3e94 afaict.

// FREEBIE
2015-09-23 16:07:21 -07:00
lilia
2204ef863d Fix event name
We successfully retry after a websocket connection closes, but this typo
prevented us from retrying if the websocket simply never opened.

// FREEBIE
2015-09-23 16:07:20 -07:00
lilia
ce49d14d85 Fix leave group bug
This one's been around since forever, but only manifests when someone
leaves the group and comes back. In that case we fail to reinit their
numberRegistrationId object, which causes a npe when we try to send
send them group messages.

Affected parties must ask their fickle friends to leave/join again.

// FREEBIE
2015-09-21 11:00:12 -07:00
lilia
c8a76ab38e Fix websocket event handler name
// FREEBIE
2015-09-21 10:32:35 -07:00
lilia
823f570955 Add more websocket debug logging
// FREEBIE
2015-09-21 10:32:34 -07:00
lilia
f70e844cef Include url in http response logging
Otherwise it's impossible to tell which is which, especially when
sending group messages.

// FREEBIE
2015-09-21 10:32:34 -07:00
lilia
2243c09fea MessageReceiver is an event target
Rather than asking for a global target, the message receiver implements
the EventTarget interface itself. It does not expose the dispatchEvent
method, however. This ensures that events can only be triggered from
within the internal MessageReceiver class, which means we no longer need
to namespace them.

// FREEBIE
2015-09-18 09:30:12 -07:00
lilia
a925027cd2 Refactor MessageReceiver for storage/server independence
Let the libtextsecure consumer pass in their own server url, username,
password, and signaling key, as with libtextsecure-java.

Also brings reconnect logic up into the MessageReceiver class, which
is the only place it should apply.
2015-09-17 16:52:32 -07:00
lilia
e59a5792d5 Don't hardcode the attachment host 2015-09-17 16:02:22 -07:00
lilia
184e37383c Don't auto-populate the relay field
According to server api docs, relay is optional when it is the same as
our own server.

// FREEBIE
2015-09-17 16:02:22 -07:00
lilia
7d9cf0c167 Pass the signaling key into decryptWebSocketMessage
De-couple this file from dependency on storage.
2015-09-17 16:02:22 -07:00
lilia
537f0ceef0 Log all http requests at start and end
// FREEBIE
2015-09-17 10:57:17 -07:00
lilia
04c8796bd3 Disable socket level reconnect
This is now handled at a higher level by the message receiver with the
aid of http requests for diagnosing the disconnect.

// FREEBIE
2015-09-10 01:03:19 -07:00
lilia
6b483195cb Fix reconnect bugs from previous commit
Forgot to bind the socket event handler, and the then() handler should
come before the catch() handler or else it will execute every time the
catch handler executes.

// FREEBIE
2015-09-09 01:56:14 -07:00
lilia
16de5aa3d3 Improve reconnect logic
Always test connectivity with an http request after a websocket closes,
regardless of what code/error it closed with. If that request succeeds,
automatically reconnect the socket.

// FREEBIE
2015-09-09 01:34:36 -07:00
lilia
f764445c86 Remove erroneous license file and headers
We only use GPLV3 around here.

// FREEBIE
2015-09-07 14:58:42 -07:00
lilia
0b98043c1c Add a worker
Offload all the asm.js code to a second thread. This is usually the
source of intermittent frontend freezes when running single-threaded.
2015-08-26 16:09:58 -07:00
lilia
c3d3ec125d Wait for contact sync before opening inbox
Use a canned bootstrap progress animation in lieu of better design.

Fix #271 // FREEBIE
2015-08-06 12:35:06 -07:00
lilia
4f1ce4c493 Assume unknown recipients are single-device
Start by requesting keys for only the master device, then handle 410 as
needed. Single-device users are the more common case and this strategy
lets us avoid requesting/expending one of our own device keys when
establishing a session with sibling devices.

// FREEBIE
2015-08-05 16:06:28 -07:00
lilia
f3f084398f Handle identity key errors when retrying decrypt
After setting a new identity key as trusted, we retry decryption on all
pending conflicts for that contact. If their identity changed twice in a
row, we can still get a conflict the second time, and should handle it
appropriately.
2015-07-31 17:28:25 -07:00
lilia
4fc4573de4 Don't try to sync after single device registration
There's no other device to sync to. :p
2015-07-31 11:11:23 -07:00
lilia
b3d93ab334 Request group sync when pairing
Whoops, missed a step. Fixes #319. Fixes #276.

// FREEBIE
2015-07-29 19:06:19 -07:00
lilia
56b6375f97 Use new provisioning socket keepalive path
This new endpoint should always issue a response to a provisioning
socket so if we don't receive one we should assume the connection has
been lost.

Closes #318
2015-07-29 13:37:17 -07:00
lilia
2b563212b4 Change default for keepalive autodisconnect config
By default, automatically disconnect if no response. This is preferable
because we can sometimes lose connectivity without receiving a close
event from the socket, but it's also possible that the endpoint may not
support responses.

// FREEBIE
2015-07-29 11:30:58 -07:00
lilia
ebca58b282 Fix multiple calls to done
Triggered by multiple keepalives.
2015-07-28 17:11:11 -07:00
lilia
7c0eb5e080 Add keepalive reset test 2015-07-28 14:59:16 -07:00
lilia
01ca1be24e Fix test 2015-07-28 14:59:09 -07:00
lilia
1a06cb5cbe Update consumers of WebsocketResources 2015-07-28 14:58:55 -07:00
lilia
1af8bd16b7 Add default response message to websocketresources
// FREEBIE
2015-07-28 14:57:09 -07:00
lilia
44b7b32385 Update tests 2015-07-28 14:15:49 -07:00
lilia
637cbcbf99 Make handleRequest optional in WebSocketResources
If no request handler is provided, respond with 404 to any incoming
requests.
2015-07-28 13:48:27 -07:00
lilia
cd363bd84d Integrate keepalives into websocket resources 2015-07-28 13:07:34 -07:00
lilia
7d2b41db11 Add auto-disconnect config to keepalive constructor
Disconnects on no keepalive response by default.

// FREEBIE
2015-07-27 20:17:00 -07:00
lilia
d9fe783488 Accept close code/message via websocket/resources 2015-07-27 19:30:51 -07:00
lilia
8170a7baae WebSocketResource exposes socket.close()
Allows for simplification of the keepalive construct.
2015-07-27 18:51:48 -07:00
lilia
98edd3939b Fix up websocket options handling 2015-07-27 18:50:55 -07:00
lilia
4c9d69094d Work on message receiver tests
Not quite working yet

// FREEBIE
2015-07-27 18:16:47 -07:00
lilia
d9d4e281cc Keepalive provisioning socket
Fixes #315

// FREEBIE
2015-07-27 18:16:47 -07:00
lilia
0d0bdbf998 Don't auto-reconnect provisioning socket
// FREEBIE
2015-07-27 18:01:22 -07:00
lilia
15cd348bf2 Remove nonexistant variable 2015-07-27 18:01:21 -07:00
lilia
1f8856fa69 MessageReceiver accepts a server websocket url
// FREEBIE
2015-07-23 16:10:43 -07:00
lilia
17e515f886 Add identity key conflict tests 2015-07-22 12:48:08 -07:00
lilia
c05be725b3 Move makeAttachmentPointer
Clean up unnecessary pre-declaration of `var makeAttachmentPointer`.
2015-07-21 16:00:16 -07:00
lilia
67f25214d3 Refactor outgoing identity key conflict handling
saveKeysToDeviceObject is the detector of outgoing identity key errors.
Catch these key errors closer to the source by pulling the
getKeysForNumber into the context of sendMessageToDevices, which lets
it access registerError and the message protobuf.

Previously identity key errors would be uncaught if all existing
sessions with a recipient were closed/deleted, since we would
preemptively fetch the new identity key. The old error handling only
kicked in after a 409/410 response from the server when posting a
message encrypted for a stale session.

// FREEBIE
2015-07-21 16:00:09 -07:00
lilia
27016e1919 Let textsecure devices throw on identity key change
Restore error format, accidentally removed in 43d6efcd

// FREEBIE
2015-07-21 15:50:11 -07:00
lilia
4e88d4a5cf Add missing semicolons 2015-07-20 16:13:50 -07:00
lilia
c28b5408ab Plumb keys into outgoing conflicts 2015-07-20 16:13:17 -07:00
lilia
cc303e0802 Update libaxolotl, handle untrusted identitykey
Previously we had no access to the new untrusted identity
for verification purposes.

// FREEBIE
2015-07-20 14:25:02 -07:00
lilia
af48ca9e4b Update libaxolotl, remove one string conversion
Previously we would convert a bytebuffer to a string, pass it to
libaxolotl where it would be parsed back into a bytebuffer.

Ideally we would just pass the bytebuffer, but it turns out that
libaxolotl's bytebyffer class is identical but separate from
libtextsecure's bytebuffer class. ¯\_(ツ)_/¯

So instead we pass the underlying array buffer, which is handled
more or less the same way as a bytebuffer, and most importantly,
does not involve any copying.

// FREEBIE
2015-07-20 14:24:19 -07:00
lilia
1ab5af338a Update libaxolotl, un-revert b790f82849
Accidentally reverted in d3c158f
2015-07-20 12:31:31 -07:00
lilia
7d3d634a2d Move/refactor keepalive logic and add disconnect timer
We now disconnect ourselves if we don't get the server's response to a
keepalive request within 30s. This way we will eventually disconnect if
the network goes away but the socket is not closed.*

* See code.google.com/p/chromium/issues/detail?id=197841 and
https://stackoverflow.com/questions/11755605/chrome-websocket-connection-not-closed-when-browser-closed

We will then try to reconnect once a minute (See 8a10c96);

Keepalives belong at this level anyway, since the format is defined by
both the websocket resource protocol and our specific server url
structure.

// FREEBIE
2015-07-16 15:01:34 -07:00
lilia
a3ae3cab79 Use Promise.reject for simplicity
The following are equivalent, except that the first is longer and
invokes an extra function call.

```
return new Promise(function(resolve, reject) {
  reject(new Error("Unknown Group"));
});

return Promise.reject(new Error("Unknown Group"));
```
2015-07-14 13:39:36 -07:00
lilia
20586e2dcc Namespace events
Naming conflict was firing the error handler twice.

// FREEBIE
2015-07-13 13:03:43 -07:00
lilia
6e74ac9e28 Dispatch all network errors, not just auth errors
Also streamline the onError handler.
2015-07-13 13:03:43 -07:00
lilia
b40a8696b7 DRY up Promise creation in api.js
Since calls to ajax() are always wrapped in promises, we can internalize
that pattern in the ajax function itself.

// FREEBIE
2015-07-13 13:03:42 -07:00
lilia
3711e0a6cd Convert throwHumanError to custom error type
Now with 200% more helpful stack traces.

// FREEBIE
2015-07-13 13:03:41 -07:00
lilia
8745424d3a Fix outgoing identity key conflict handling
// FREEBIE
2015-07-06 15:11:35 -07:00
lilia
66ae3689c1 Fix decrypt error handling
This rejection-handler was resolving its promise rather than allowing
the rejection to bubble up.
2015-07-06 12:46:32 -07:00
lilia
f8ae5556d9 Fix standalone registration 2015-07-06 12:45:09 -07:00
lilia
5242108e15 Fix group update avatar handling
The avatar handler was being added to the list of promises too late,
so we were storing the raw avatar protobuf (Long id, bytes key) rather
than the downloaded/decrypted attachment data.

Fixes #280
2015-06-26 12:23:57 -07:00
lilia
4c40861728 Fix reinstalls
Delay saving of new account info until we confirm with the server.
Explicitly delete old account info beforehand.

// FREEBIE
2015-06-25 13:24:32 -07:00
lilia
db31835f68 Handle group sync for existing groups
// FREEBIE
2015-06-25 13:24:32 -07:00
lilia
5925c2fe84 Support for group sync
Protocol and handling is all analogous to contact sync: Multiple
GroupDetails structs are packed into a single attachment blob and parsed
on our end. We don't display the synced groups in the conversation list
until a new message is sent to one of them.

// FREEBIE
2015-06-25 13:24:32 -07:00
lilia
f126e3b21b Work on auth error handling / reinstall 2015-06-25 13:24:31 -07:00
lilia
2f935dfd5e Add contact sync request protocol 2015-06-25 13:24:31 -07:00
lilia
f32ff58953 Add support for device name 2015-06-25 13:24:30 -07:00
lilia
8dc4e34aaf Bug and test fixes for contact sync
Closes #135

// FREEBIE
2015-06-18 13:48:32 -07:00
lilia
b0603bc91a Wrap message receiver for minimum api exposure
Initializing a message receiver opens the socket and starts listening
right away rather than requiring a separate call to connect. The only
other publicly accessible method is to query the socket status.

// FREEBIE
2015-06-17 12:29:40 -07:00
lilia
316838cfe9 Add tests and bug fixes for ContactBuffer 2015-06-17 12:29:40 -07:00
lilia
6d9854f456 Remove plaintext message test case
Support for the PLAINTEXT message type is not present in the latest
protobuf definitions. Leaving it out for now since we don't have any use
case for it currently.
2015-06-17 12:29:39 -07:00
lilia
228ffe901d Update json formatting for legacy message requests
Legacy DataMessages are sent using the `body` field, new Content
messages are sent using the `content` field.

// FREEBIE
2015-06-17 12:29:39 -07:00
lilia
a833d62a71 Implement sync protocol changes
Update protobuf definitions and refactor message receive and decrypt
codepath to support new protocol, including various flavors of sync
messages (sent messages, contacts, and groups).

Also cleans up background.js and lets libtextsecure internalize
textsecure.processDecrypted and ensure that it is called before handing
DataMessages off to the application.

The Envelope structure now has a generic content field and a
legacyMessage field for backwards compatibility. We'll send outgoing
messages as legacy messages, and sync messages as "content" while
continuing to support both legacy and non-legacy messages on the receive
side until old clients have a chance to transition.
2015-06-17 12:29:39 -07:00
lilia
061d57c95a Fix string vs number comparison
Fix bug in device storage causing duplicate device messages after a 410.
2015-06-04 16:48:34 -07:00
lilia
a9549e2e0f Fix 410 handling
We need to close the existing session with an old registrationId.
2015-06-04 16:48:10 -07:00
lilia
7d08e1132d Fix close session 2015-06-04 14:48:59 -07:00
lilia
7e8b1319a5 Ignore sync contexts on messages not from ourselves
But process the rest of the message normally.
2015-05-20 12:42:13 -07:00
lilia
090cc84452 Do not include destination on group sync messages 2015-05-18 14:40:27 -07:00
lilia
d1bcafad65 Update libaxolotl 2015-05-15 16:30:22 -07:00
lilia
029c9754f0 Fix tests 2015-05-15 11:39:23 -07:00