Commit graph

227 commits

Author SHA1 Message Date
Scott Nonnenberg
158b575885
Proper session reset: Delete sessions before and after (#1796)
* web requests: Don't fail if JSON not well-formed in error cases

Turns out that before our move to node-fetch, we ignored JSON.parse()
failures: https://github.com/WhisperSystems/Signal-Desktop/pull/1552/files#diff-1103a6aff0f28b6066715c6994278767L37518

* Update to libsignal v1.2.0, delete sessions on reset session

Previously we only archived sessions when sending or receiving a
'reset secure session, which didn't match up with the mobile apps.
2017-11-21 15:20:07 -08:00
Scott Nonnenberg
efb5c10d36 Re-enable read receipts and read syncs (#1604) 2017-10-24 10:29:45 -07:00
Scott Nonnenberg
5c8a0d4836 Don't send read syncs or read receipts for messages with errors (#1596) 2017-10-23 16:16:01 -07:00
Scott Nonnenberg
f68604c412 models/conversation: Refer to proper error variable (#1569) 2017-10-18 11:58:44 -07:00
Lilia
52cc8355a6 Feature: Blue check marks for read messages if opted in (#1489)
* Refactor delivery receipt event handler

* Rename the delivery receipt event

For less ambiguity with read receipts.

* Rename synced read event

For less ambiguity with read receipts from other Signal users.

* Add support for incoming receipt messages

Handle ReceiptMessages, which may include encrypted delivery receipts or read
receipts from recipients of our sent messages.

// FREEBIE

* Rename ReadReceipts to ReadSyncs

* Render read messages with blue double checks

* Send read receipts to senders of incoming messages

// FREEBIE

* Move ReadSyncs to their own file

// FREEBIE

* Fixup old comments on read receipts (now read syncs)

And some variable renaming for extra clarity.

// FREEBIE

* Add global setting for read receipts

Don't send read receipt messages unless the setting is enabled.
Don't process read receipts if the setting is disabled.

// FREEBIE

* Sync read receipt setting from mobile

Toggling this setting on your mobile device should sync it to Desktop. When
linking, use the setting in the provisioning message.

// FREEBIE

* Send receipt messages silently

Avoid generating phantom messages on ios

// FREEBIE

* Save recipients on the outgoing message models

For accurate tracking and display of sent/delivered/read state, even if group
membership changes later.

// FREEBIE

* Fix conversation type in profile key update handling

// FREEBIE

* Set recipients on synced sent messages

* Render saved recipients in message detail if available

For older messages, where we did not save the intended set of recipients at the
time of sending, fall back to the current group membership.

// FREEBIE

* Record who has been successfully sent to

// FREEBIE

* Record who a message has been delivered to

* Invert the not-clickable class

* Fix readReceipt setting sync when linking

* Render per recipient sent/delivered/read status

In the message detail view for outgoing messages, render each recipient's
individual sent/delivered/read status with respect to this message, as long as
there are no errors associated with the recipient (ie, safety number changes,
user not registered, etc...) since the error icon is displayed in that case.

*Messages sent before this change may not have per-recipient status lists
and will simply show no status icon.

// FREEBIE

* Add configuration sync request

Send these requests in a one-off fashion when:
  1. We have just setup from a chrome app import
  2. We have just upgraded to read-receipt support

// FREEBIE

* Expose sendRequestConfigurationSyncMessage

// FREEBIE

* Fix handling of incoming delivery receipts - union with array

FREEBIE
2017-10-04 15:28:43 -07:00
Scott Nonnenberg
10a38297b8 Only show notifications when done with sync (#1507)
This prevents the parade of notifications if a machine wakes up from
sleep. Basically covers situations that the loading screen doesn't
already.

When disabled, notifications will be cached until they are subsequently
re-enabled, at which time all the pending notifications will be summarized.

From the background page, notifications are disabled during connection attempts
until an empty event. This means we can always safely call conversation.notify
to queue a notification for the next batch, dropping some options from message
and conversation model methods.

We've also moved the calls to check window focus and draw attention to the
window, which were previously included in the conversation model, but are now
performed by the Notification system, because the time that the notification is
displayed might be some time after the message is added by the conversation, so
decisions about focus and attention should be made in that moment and not
before.

// FREEBIE
2017-09-29 09:15:28 -07:00
Scott Nonnenberg
314b29e426
Redact group ids in logging
FREEBIE
2017-09-25 16:41:57 -07:00
Scott Nonnenberg
2786baf2b5 Additional logging when we can't decrypt a user's profile (#1483)
Found a number of 'Illegal buffer' errors in an Electron log submitted
today. As far as I can tell, these same profiles are succeedig for me,
so it's time to collect more data.

FREEBIE
2017-09-18 15:33:08 -07:00
Lilia
ae190fed44
Profiles (#1453)
* Add AES-GCM encryption for profiles

With tests.

* Add profileKey to DataMessage protobuf

// FREEBIE

* Decrypt and save profile names

// FREEBIE

* Save incoming profile keys

* Move pad/unpad to crypto module

// FREEBIE

* Support fetching avatars from the cdn

// FREEBIE

* Translate failed authentication errors

When AES-GCM authentication fails, webcrypto returns a very generic error. The
same error is thrown for invalid length inputs, but our earlier checks in
decryptProfile should rule out those failure modes and leave us safe to assume
that we either had bad ciphertext or the wrong key.

// FREEBIE

* Handle profile avatars (wip) and log decrypt errors

// FREEBIE

* Display profile avatars

Synced contact avatars will still override profile avatars.

* Display profile names in convo list

Only if we don't have a synced contact name.

// FREEBIE

* Make cdn url an environment config

Use different ones for staging and production

// FREEBIE

* Display profile name in conversation header

* Display profile name in group messages

* Update conversation header if profile avatar changes

// FREEBIE

* Style profile names small with ~

* Save profileKeys from contact sync messages

// FREEBIE

* Save profile keys from provisioning messages

For standalone accounts, generate a random profile key.

// FREEBIE

* Special case for one-time sync of our profile key

Android will use a contact sync message to sync a profile key from Android
clients who have just upgraded and generated their profile key. Normally we
should receive this data in a provisioning message.

// FREEBIE

* Infer profile sharing from synced data messages

* Populate profile keys on outgoing messages

Requires that `profileSharing` be set on the conversation.

// FREEBIE

* Support for the profile key update flag

When receiving a message with this flag, don't init a message record, just
process the profile key and move on.

// FREEBIE

* Display profile names in group member list

* Refresh contact's profile on profile key changes

// FREEBIE

* Catch errors on profile save

// FREEBIE

* Save our own synced contact info

Don't return early if we get a contact sync for our own number

// FREEBIE
2017-09-14 17:04:00 -07:00
lilia
bd7f4febaa
Remove dead code
These are all unused, obsolete, or no-op functions at this point.

// FREEBIE
2017-09-14 16:53:45 -07:00
lilia
859d49b3f4
Use relative paths
// FREEBIE
2017-09-14 16:53:34 -07:00
Scott Nonnenberg
69af8d2651 Don't show notification for verified state change with yourself (#1454)
* Don't show notifications for verified state change with yourself

It's confusing to users, and it really doesn't mean anything anyway.

FREEBIE

* Add log statement that we've suppressed a verified notification

FREEBIE
2017-09-08 11:14:01 -07:00
Scott Nonnenberg
d8ce198f55 Fetch conversations once, clean up ConversationController API (#1420)
* Fetch conversations once, clean up ConversationController API

Race conditions around re-fetching have caused some problems recently,
so this removes the need to re-fetch conversations. They are fetched
once or saved once, and that is it. All interaction goes through the
ConversationController, which is the central source of truth.

We have two rules for Conversations:

1. If a conversation is in the ConversationController it doesn't need
   to be fetched, but its initial fetch/save might be in progress. You
   can wait for that fetch/save with conversation.initialPromise.
2. If a conversation is not already in the ConversationController, it's
   not yet in the database. It needs to be added to the
   ConversationController and saved to the database.

FREEBIE

* Remove Conversation.fetch() call in Message.handleDataMessage()

FREEBIE

* ConversationController.API cleanup: Fix two missing spots

FREEBIE
2017-09-01 09:10:41 -07:00
Scott Nonnenberg
680f7d8b57 Additional logging for perf analysis and cross-device debuging
- How long it takes to get a message through the pre-send checks
- How long it takes to open a conversation for the first time
- The timestamp of any message we send to corellate with other logs
- Add conversation ID to 'decrypt old identity key errors' start/end

FREEBIE
2017-08-17 08:54:38 -07:00
Scott Nonnenberg
8700112f6d Decrypt any IncomingIdentityKeyError still sticking around
FREEBIE
2017-08-12 13:17:53 -07:00
Scott Nonnenberg
e57f155403 Handle rejections from protocol layer (due to missing records)
isVerified and isUntrusted both went to the protocol layer, but were not
prepared for rejected promises resulting from missing records. This
prevented send in large groups where there has never been a message
exchanged with one of the members.

FREEBIE
2017-08-10 11:21:15 -07:00
Scott Nonnenberg
32e12f7d3c Conversation.notify(): introduce a promise to track completion
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
6f1a2a9b3e Conversation.markRead() - wait for all database saves are complete
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
53f2bfbb57 Animated loading screens on startup and first conversation load
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
3e0fa995dd When finding all groups involving a number, load from DB not memory
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0adc398a6f Fetch conversation before saving in all sync handlers
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
9db0a58260 Whenever adding something to a queue, include a timeout
No more wedged queues!

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1eb450ca35 Conversation: Start w/DEFAULT verified state, avoid null timestamp
Fix too-aggressive verification notifications on startup by starting a
conversation with the right initial verified state, and then making sure
to fetch() before setting a new verified state.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e6859a3684 Ensure that promises always resolve, or that rejections are okay 2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4da1722ee8 Bullet-proof _setVerified and handleDataMessage against rejections
And the weird behavior we get from $.Deferred.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5bba6d3f17 setTrusted() -> setApproved() to dismiss the five-second warning
This change makes sense, since there was already a reference in the code
to the then-nonexistent setApproved()!

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
12914307f1 Improve experience when discovering identity key error on send
New experience in the Message Detail view when outgoing identity key
errors happen, matching the Android View.

'View' button is only shown on outgoing key errors right now.

When a contact with an outgoing identity key error is clicked, they are
taken to a view like the popup that comes up on Android: an explanation
of what happened and three options: 'Show Safety Number', 'Send Anyway',
and 'Cancel'

Contacts are now sorted alphabetically, with the set of contacts with
errors coming before the rest.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
b6cca41a0c Update verification-related strings to better match mobile app
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
f654532fa8 Handle UNVERIFIED sync verification messages (via contact sync)
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
20451cc827 Show verified/keychange notifications when actually relevant
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e91f2d0377 Miscellaneous wire-up to ensure that failures propagate
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
aa83bc1dab Ensure all sessions are archived on profile fetch
If the key has changed, saveIdentity will archive sibling sessions, but not the
session for the device it was called on. Therefore we have to archive that one
by hand.

Also switch from saving the identity of an OutgoingIdentityKeyError to just
triggering a profile fetch, mostly for consistency, simplicity, and DRYness.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
e2ee63efaa m.get('sender') -> m.isIncoming(), filter in getLoadedUnreadCount
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5b46ef3562 Show last seen indicator for keychange/verification notifications
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
5e62d0cfd8 Update identity key after a send error tells us it has changed
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
22208ec3f8 Fix: Conversation.updateVerified fails when convo not yet in db
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
7bfb66b13b processVerifiedMessage: Archive all sessions when key changes
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
d7054f4b63 Archive sessions whenever an identity key changes
Sessions established with the previous identity should no longer be used for
sending, so we should close them.

Since we've added this call to saveIdentity, we can omit the call to it after
profile fetches.

// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
0db2ef9e7f Refactor: combine Conversation.setVerified/setVerifiedDefault
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1e8ae774a2 Differentiate between local and remote trust decisions
FREEBIE
2017-08-04 12:03:25 -07:00
lilia
3acfda3a56 Archive sessions on key changes after profile fetch
// FREEBIE
2017-08-04 12:03:25 -07:00
lilia
4f2f622598 Apply special handling to verification sync messages
// FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
fc39241003 Ensure that we pull verified state only after getting profiles
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
4a1dc46ab3 Fixes to get local verification and sync messages working
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
c43d96904d Move to the real verify/trust APIs
This wires up verification sync messages, verification and trust checks
to the trust store instead of using mocked data.

FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
475d607fd0 Prepare for verification sync messages: receiver, ready to send
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
aebf4b32d6 Conversation.updateLastMessage: fix indent, use of null message
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
1cf9289b1a Add items to conversation history when user verifies/unverifies
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
8d29cb9830 Prevent access to Safety Number when talking to yourself
FREEBIE
2017-08-04 12:03:25 -07:00
Scott Nonnenberg
243cbd8123 Confirmaton on send, banner when 'unverified'
Not yet using the new APIs, but ready to. Still to do:
- Send sync messages on trust decisions
- Respond to received trust decision sync messages
- Show trust decisions in the conversation history
- In that rare situation where a sent message ends up with a key error
  make it easy to retry the send.

FREEBIE
2017-08-04 12:03:25 -07:00