This commit adds a badge to the tray icon that displays the number of
unread messages, if there is any. It is implemented by providing
alternative versions of the icon, that replace the default image when a
message is received.
The badge is rendered graphically as a red circle containing the number
of unread messages. Since a different icon file is needed for each
possible number of unread messages, but this number is clearly
unbounded, only the numbers from 1 to 9 are provided. If there are 10 or
more unread messages, a single badge (depicted as "9+") is used.
Resolves#1917
* api.js: HttpError now preserves more of original error info
* Allow invalid conversation to be added to ConversationController
If a number we don't believe is valid comes in as part of a group, we
fall apart. We event prevent display of that conversation. Because we
have 'isValid()' protections in place for the places we create contacts
from user input in desktop (the search bar), we can temporarily add an
invalid contact to our collection (not saving it to the database) to
unblock this group scenario.
Still investigating what kind of phone number is valid in a mobile app
but not valid for us.
* Finish the debuggable error support
* Fix logging in the case of an invalid number
* Revamp issue and pull request templates, other docs tweaks
`yarn test` now runs all of our tests.
* Remove generated files from the repository
* Update to new Signal support URL
* Prevent the 'Test failed 2 == 1' from test-release in CI
* Another attempt to fix grunt test-release on Appveyor
* grunt test-release: Fail build if test fails
* Lint fix, and move jshint earlier in CI process
No more errors like this in the logs!
```
INFO 2018-01-05T18:33:15.942Z Message.saveErrors: null Error
at file:///C:/Users/Test/AppData/Local/Programs/signal-desktop/resources/app.asar/js/libtextsecure.js:30:33
at file:///C:/Users/Test/AppData/Local/Programs/signal-desktop/resources/app.asar/js/libtextsecure.js:138:3
at file:///C:/Users/Test/AppData/Local/Programs/signal-desktop/resources/app.asar/js/libtextsecure.js:40718:3
```
It has no information in the title, and then the callstack points to
the `new Error()` line in the old `errors.js`.
This change will include the actual error name and message details in
the stack, and will include the original http error stack as well if
provided.
* Preserve disabled state in send-message field on click
Also: get consistent in treatment of 'disabled' property.
* Add some comments explaining how audio recording dismissal works
We've simplified; HTTPS_PROXY or https_proxy is used for all requests.
We also require that only our self-signed certificates are used for
secure traffic. That rules out all SSL-terminating MITM proxies, since
we don't trust their root certificate.
Once we're sure that this system works for people, we'll improve config
on MacOS and Windows.
We pull proxy settings from environment variables:
- HTTPS_PROXY for sending, profile pulls, and attachment download/upload
- WSS_PROXY for connecting to the websocket for receiving messages
- ALL_PROXY to provide one server for both
More details on our proxy handling:
- https://github.com/Rob--W/proxy-from-env#environment-variables
- https://github.com/TooTallNate/node-proxy-agent
This is the natural way of things for Linux. My understanding is that
most proxies on MacOS are system-wide and transparent, so it's not so
urgent. But Windows will likely require further UI for configuration.
Will need to do some testing with Windows users.
* Emoji: Ensure that all clicks work by using emoji data directly
* Eliminate a number of unused emoji images from final build
* Re-add the generic sheets directory, which we partially filter
* Re-enable libtextsecure unit tests, get passing, run in CI
* Save prekeys optimistically, track confirmed, new clean behavior
* Eliminate potential conflicts when rotating on startup
* Remove last symlink: get libtextsecure tests running on windows
* Log the files discovered in logPath
I've encountered some logs which include very old entries; and my
suspicion is that we're not cleaning up old log files properly.
* Log prekey fetches (success and failure), just like signed keys
* Force log file information into the final web-ready log
* Log when we get a blocked numbers sync message
* Save three old signed keys in addition to the current active
* Remove the mystery from all the error-related log messages
* Log successful load of signed key - to help debug prekey errors
* removeSignedPreKey: Don't hang or crash in error cases
* Log on top-level unhandled promise rejection
* Remove trailing comma in param list, Electron 1.6 does not like
* Harden top-level error handler for strange object shapes
* Retry failed signed key rotation; start rotation when registered (#1772)
* rotateSignedPrekeys: Fix 'res is not defined' error
* If the server rejects key rotation, don't retry immediately
* Force a signed key rotation on launch of any new version
* web requests: Don't fail if JSON not well-formed in error cases
Turns out that before our move to node-fetch, we ignored JSON.parse()
failures: https://github.com/WhisperSystems/Signal-Desktop/pull/1552/files#diff-1103a6aff0f28b6066715c6994278767L37518
* Update to libsignal v1.2.0, delete sessions on reset session
Previously we only archived sessions when sending or receiving a
'reset secure session, which didn't match up with the mobile apps.
* Script for beta config; unique data dir, in-app env/type display
To release a beta build, increment the version and add -beta-N to the
end, then go through all the standard release activities.
The prepare-build npm script then updates key bits of the package.json
to ensure that the beta build can be installed alongside a production
build. This includes a new name ('Signal Beta') and a different location
for application data.
Note: Beta builds can be installed alongside production builds.
As part of this, a couple new bits of data are shown across the app:
- Environment (development or test, not shown if production)
- App Instance (disabled in production; used for multiple accounts)
These are shown in:
- The window title - both environment and app instance. You can tell
beta builds because the app name, preceding these data bits, is
different.
- The about window - both environment and app instance. You can tell
beta builds from the version number.
- The header added to the debug log - just environment. The version
number will tell us if it's a beta build, and app instance isn't
helpful.
* Turn on single-window mode in non-production modes
Because it's really frightening when you see 'unable to read from db'
errors in the console.
* aply.sh: More instructions for initial setup and testing
* Gruntfile: Get consistent with use of package.json datas
* Linux: manually update desktop keys, since macros not available
This fix is related about issue #1587
window.drawAttention() repositioned to allow complete control over notifications by settings. It now does not draw attention when the notifications are off.
* Add emoji button and popup panel
This integrates a simple third party emoji panel with a few css overrides to
correct some relative paths and colors.
The trickiest thing about this is ensuring we don't break the layout, which is
acheived through precise control over the panel's height, and prodigious calls
to updateMessageFieldSize.
// FREEBIE
* Don't close emoji panel on click, do close on send
To better facilitate multiple emoji entry.
// FREEBIE
* Make panel emojis bigger and higher resolution
// FREEBIE
* Move paperclip button to the right of the microphone
This makes our bottom-bar button arrangement more comfortable and consistent
with Android.
// FREEBIE
* Move emoji picker padding to inner container
* Insert emojis at cursor position
Don't just append to the end like a n00b! Also handle selected text correctly.
https://stackoverflow.com/questions/11076975
// FREEBIE
* A few visual tweaks to reduce visual complexity of emoji panel
- No gray buffer on the right side of the emoji panel
- No gray buffer between message compose text box and emoji window
- The scroll bar for the emojis is the same as our normal scrollbars
I got a 413 (Rate limit exceeded) error from the server while fetching prekeys.
The client tried to parse the response as json since we expect json from the
prekey endpoint, which threw an exception because the response was not json.
This change prevents us from treating the response as json unless it has the
Content-Type header set accordingly.
If for some reason, the client and server disagree on whether the response
should be or is json, we'll default to treating it as text.
// FREEBIE
* Online/offline: Always stop timer, don't connect if closed
* Sockets: Send our own close event faster, shutdown only on close
Seems that we were too-aggressively disconnecting from all socket
events. Also, we should be able to send our own close event a lot
faster with no ill effects.
* Catch-up libtextsecure changes
* Use node-fetch instead of xhr
* Remove XMLHttpRequest.js
// FREEBIE
* Avoid calling json() on non json responses
Previously we would catch and swallow JSON parsing errors resulting from an
empty response, though empty responses are normal from a few endpoints, like
requesting sms or voice registration codes.
Since the JSON parsing call is now handled internally by node-fetch, we have to
keep closer track of our expected response type to avoid throwing an exception.
// FREEBIE
* Wait to manually disconnect after receiving 'offline' event
We've received Linux logs indicating that we can get offline/online
blips - only 30ms between the two events. The app was never realy
offline. So this change slows the whole disconnect process down.
* Handle offline startup: register for online event, don't connect
* Remove reload options, new file/help menus, tools/log at bottom
* Further menus refactor: install handlers at template creation
* WIP: Further tune menus, add custom about window
* New About window, new help menu items, menu labels now i18n
* Default device name on registration is now computer hostname
The OS of the device makes sense for those of us testing across a lot of
different OSes. And maybe for a user with just one desktop device. But
most users with multiple desktop devices are using the same OS for both.
* About window: Only show window when content is ready
* Fix typo in app/menu.js
* Update to the latest version of autosize.js
* gitignore: Restrict 'dist' matches to the root dist folder
The global search for 'dist' caused problems when updateing bower
components.
* A couple minor version updates: ByteBuffer, filesize, intlTel
moment-with-localse, ProtoBuf
* Add setting to hide menu bar
Add a setting in the themes section to hide the menu bar.
The menu bar is not needed in everyday use and might not fit in with
signals dark theme. The hidden menu bar can still be shown by pressing
alt.
autoHideMenuBar is added to windowConfig and saved and restored on
startup to prevent flickering.
* Trigger events only when related setting changes
Set the event to trigger on instanciation of the view.
Notification settings no longer reapply the theme or menu bar settings.
* Save window state when closing the window
When not moving or resizing the window, no BrowserWindow config would be
created and saved.
* Ensure that our preload.js setImmediate call finds right function
FREEBIE
* Our own socket close event, better logging, unregistration
FREEBIE
* Return CLOSED for NetworkStatusView if we've fully disconnected
* background.js: Remove messageReceiver = null, log in connect()
A null messageReciever makes the NetworkStatusView think we're online.
FREEBIE
* Refactor delivery receipt event handler
* Rename the delivery receipt event
For less ambiguity with read receipts.
* Rename synced read event
For less ambiguity with read receipts from other Signal users.
* Add support for incoming receipt messages
Handle ReceiptMessages, which may include encrypted delivery receipts or read
receipts from recipients of our sent messages.
// FREEBIE
* Rename ReadReceipts to ReadSyncs
* Render read messages with blue double checks
* Send read receipts to senders of incoming messages
// FREEBIE
* Move ReadSyncs to their own file
// FREEBIE
* Fixup old comments on read receipts (now read syncs)
And some variable renaming for extra clarity.
// FREEBIE
* Add global setting for read receipts
Don't send read receipt messages unless the setting is enabled.
Don't process read receipts if the setting is disabled.
// FREEBIE
* Sync read receipt setting from mobile
Toggling this setting on your mobile device should sync it to Desktop. When
linking, use the setting in the provisioning message.
// FREEBIE
* Send receipt messages silently
Avoid generating phantom messages on ios
// FREEBIE
* Save recipients on the outgoing message models
For accurate tracking and display of sent/delivered/read state, even if group
membership changes later.
// FREEBIE
* Fix conversation type in profile key update handling
// FREEBIE
* Set recipients on synced sent messages
* Render saved recipients in message detail if available
For older messages, where we did not save the intended set of recipients at the
time of sending, fall back to the current group membership.
// FREEBIE
* Record who has been successfully sent to
// FREEBIE
* Record who a message has been delivered to
* Invert the not-clickable class
* Fix readReceipt setting sync when linking
* Render per recipient sent/delivered/read status
In the message detail view for outgoing messages, render each recipient's
individual sent/delivered/read status with respect to this message, as long as
there are no errors associated with the recipient (ie, safety number changes,
user not registered, etc...) since the error icon is displayed in that case.
*Messages sent before this change may not have per-recipient status lists
and will simply show no status icon.
// FREEBIE
* Add configuration sync request
Send these requests in a one-off fashion when:
1. We have just setup from a chrome app import
2. We have just upgraded to read-receipt support
// FREEBIE
* Expose sendRequestConfigurationSyncMessage
// FREEBIE
* Fix handling of incoming delivery receipts - union with array
FREEBIE
An immediate response to the user request to see the log, and then we
show the real data as soon as we've loaded it from disk.
Changes:
- the IPC exchange to get the log data is now async
- the API to fetch the log on the client side now returns a Promise
- in the main process, the only disk access done synchronoously is
reading the contents of the log directory. The JSON parsing of the
resultant log data is now split up into three chunks.
- We only send three keys from each log item to the renderer process:
msg, time, level. Previously we sent the entire log entry with extra
keys: hostname, pid, name.
FREEBIE
This should allow us to get an insight into auto-update behavior and
other low-level behaviors happening in the Electron process which would
be useful for debugging.
FREEBIE
This partially reverts commit 1b444a5e23.
Because support for system-level notification sound settings is inconsistent
across Win/Linux/OSX, do the simplest thing that will produce consistent
behavior on all platforms: suppress the system sound by always passing the
`silent: true` option, and play our own sound clip (copied from ios).
// FREEBIE
Without this change, there's a race condition for the notification we
show when we get the 'empty' event after a large backlog download. Four
messages may have come in, but the last might not be notified. So the
count shown would be three. And then, when the final message's notify()
call finishes, another notification would be shown.
FREEBIE
This prevents the parade of notifications if a machine wakes up from
sleep. Basically covers situations that the loading screen doesn't
already.
When disabled, notifications will be cached until they are subsequently
re-enabled, at which time all the pending notifications will be summarized.
From the background page, notifications are disabled during connection attempts
until an empty event. This means we can always safely call conversation.notify
to queue a notification for the next batch, dropping some options from message
and conversation model methods.
We've also moved the calls to check window focus and draw attention to the
window, which were previously included in the conversation model, but are now
performed by the Notification system, because the time that the notification is
displayed might be some time after the message is added by the conversation, so
decisions about focus and attention should be made in that moment and not
before.
// FREEBIE
* Disconnect from socket faster on complete loss of network access
Today we wait for a keepalive request to fail; this change forces
disconnect in the case that the browser tells us that we're now offline.
FREEBIE
* MessageReceiver: don't react to errors after explicit close()
FREEBIE
Rather than throw an error, just log call messages and drop them. This way we
distinguish them from incorrectly encoded content messages or new types of
messages we don't support yet, and don't insert unnecessary red flags and
stacktraces in debug logs.
// FREEBIE
- Logging is available in main process as well as renderer process, and
entries all go to one set of rotating files. Log entries in the
renderer process go to DevTools as well as the console. Entries from
the main process only show up in the console.
- We save three days of logs, one day per file in %userData%/logs
- The 'debug' object store is deleted in a new database migration
- Timestamps and level included in the new log we generate for publish
as well as the devtools
- The bunyan API is exposed via windows.log (providing the ability to
log at different levels, and save objects instead of just text), so we
can move our code to it over time.
FREEBIE
ConversationView responds to drag/drop events by forwarding them to its file
input. The file input stops propagation and handles the event only if the data
transfer is type file. This means that any other data type (text, img, etc...)
causes an recursive loop of event propagation, eventually resulting in logging a
"RangeError: Maximum call stack size exceeded".
Fix by only forwarding files to the file input.
// FREEBIE
Found a number of 'Illegal buffer' errors in an Electron log submitted
today. As far as I can tell, these same profiles are succeedig for me,
so it's time to collect more data.
FREEBIE
* Upgrade emoji deps and move to node_modules
Add support for Emoji 3.0 and switch from bower to yarn for managing emoji
dependencies.
// FREEBIE
* Delete old emoji deps
// FREEBIE
* Don't copy emoji on windows
It is no longer necessary since the symlinked image dir is gone.
// FREEBIE
* Update emoji test
// FREEBIE
* Fix emoji tests; remove all overrides of emoji-js functions
FREEBIE
* Add AES-GCM encryption for profiles
With tests.
* Add profileKey to DataMessage protobuf
// FREEBIE
* Decrypt and save profile names
// FREEBIE
* Save incoming profile keys
* Move pad/unpad to crypto module
// FREEBIE
* Support fetching avatars from the cdn
// FREEBIE
* Translate failed authentication errors
When AES-GCM authentication fails, webcrypto returns a very generic error. The
same error is thrown for invalid length inputs, but our earlier checks in
decryptProfile should rule out those failure modes and leave us safe to assume
that we either had bad ciphertext or the wrong key.
// FREEBIE
* Handle profile avatars (wip) and log decrypt errors
// FREEBIE
* Display profile avatars
Synced contact avatars will still override profile avatars.
* Display profile names in convo list
Only if we don't have a synced contact name.
// FREEBIE
* Make cdn url an environment config
Use different ones for staging and production
// FREEBIE
* Display profile name in conversation header
* Display profile name in group messages
* Update conversation header if profile avatar changes
// FREEBIE
* Style profile names small with ~
* Save profileKeys from contact sync messages
// FREEBIE
* Save profile keys from provisioning messages
For standalone accounts, generate a random profile key.
// FREEBIE
* Special case for one-time sync of our profile key
Android will use a contact sync message to sync a profile key from Android
clients who have just upgraded and generated their profile key. Normally we
should receive this data in a provisioning message.
// FREEBIE
* Infer profile sharing from synced data messages
* Populate profile keys on outgoing messages
Requires that `profileSharing` be set on the conversation.
// FREEBIE
* Support for the profile key update flag
When receiving a message with this flag, don't init a message record, just
process the profile key and move on.
// FREEBIE
* Display profile names in group member list
* Refresh contact's profile on profile key changes
// FREEBIE
* Catch errors on profile save
// FREEBIE
* Save our own synced contact info
Don't return early if we get a contact sync for our own number
// FREEBIE
This adds a new copy:deps task into the overall default task, and it
needs to be run before running the product for the first time, and after
upgrading audio-related deps.
FREEBIE
This removes our custom notification sound in favor of the system sound, and
ensures that the system sound is disabled if the user unchecks the audio
notification option.
// FREEBIE
* main.js: check for truthiness of mainwindow, not === null
FREEBIE
* background.js: Connect to websocket even if we are unlinked
We know registration isn't done, but it has been done before. So instead
of sitting tight, we connect to the socket to start everything up and
attempt to the websocket once more.
FREEBIE
* Add certificate pinning on https service requests
Make https requests to the server using node apis instead of browser apis, so we
can specify our own CA list, which contains only our own CA.
This protects us from MITM by a rogue CA.
As a bonus, this let's us drop the use of non-standard ports and just use good
ol' default 443 all the time, at least for http requests.
// FREEBIE
* Make certificateAuthorities an option on requests
Modify node-based xhr implementation based on driverdan/node-XMLHttpRequest,
adding support for setting certificate authorities on each request.
This allows us to pin our master CA for requests to the server and cdn but not
to the s3 attachment server, for instance. Also fix an exception when sending
binary data in a request: it is submitted as an array buffer, and must be
converted to a node Buffer since we are now using a node based request api.
// FREEBIE
* Import node-based xhr implementation
Add a copy of https://github.com/driverdan/node-XMLHttpRequest@86ff70e, and
expose it to the renderer in the preload script.
In later commits this module will be extended to support custom certificate
authorities.
// FREEBIE
* Support "arraybuffer" responseType on requests
When fetching attachments, we want the result as binary data rather than a utf8
string. This lets our node-based XMLHttpRequest honor the responseType property
if it is set on the xhr.
Note that naively using the raw `.buffer` from a node Buffer won't work, since
it is a reuseable backing buffer that is often much larger than the actual
content defined by the Buffer's offset and length.
Instead, we'll prepare a return buffer based on the response's content length
header, and incrementally write chunks of data into it as they arrive.
// FREEBIE
* Switch to self-signed server endpoint
* Log more error info on failed requests
With the node-based xhr, relevant error info are stored in statusText and
responseText when a request fails.
// FREEBIE
* Add node-based websocket w/ support for custom CA
// FREEBIE
* Support handling array buffers instead of blobs
Our node-based websocket calls onmessage with an arraybuffer instead of a blob.
For robustness (on the off chance we switch or update the socket implementation
agian) I've kept the machinery for converting blobs to array buffers.
// FREEBIE
* Destroy all wacky server ports
// FREEBIE
If the 'empty' event is fired between the updateInbox() call and the
new InboxView() call afterwards, then the loading screen will never go
away. We fix that by immediately creating the InboxView but only adding
it to the DOM when the backing data is ready.
FREEBIE
Just send an event from the main process to the renderer,
The latter routes it the appropriate view method.
For now it's a no-op unless the main window exists and it is showing the inbox,
which will be addressed in a future commit.
// FREEBIE
Change the placeholder content for when notifications are configured for
count-only or sender-only. Remove some options that are no longer
supported.
// FREEBIE
Since we no longer have support for list-style notifications, stop
coalescing notifications into batches and just show contents of the last
message received. Also open the window when clicking on a notification
if it has previously been closed.
// FREEBIE
All Whisper.events listeners are now defined and bound in background.js,
and we no longer need global methods for opening the inbox and
conversation views, as those are handled by AppView or internally by
InboxView.
// FREEBIE
Add buttons for switching between the linking flow and the standalone
registration flow. The button and standalone registration are only
availble in a development environment.
// FREEBIE
Traditionally, NODE_ENV refers to an environment variable. For clarity,
let's keep it that way and don't reuse it in the renderer. Also, add a
note about explicitly overriding env vars for node-config.
// FREEBIE
Add the buildExpiration config and add it to the renderer's config
object. Use grunt to write the build expiration to
config/local-production.json which will override the default value (no
expiration) in production. Finally, run this grunt task as part of the
build process.
// FREEBIE
Introduce a top level view for navigating between the inbox and the
installer, enabling an in-window relink flow. Navigation is driven
through the openInbox and openInstaller global events.
// FREEBIE
Add environment-specific configs under `./config` and integrate with the
build system. Also changes package.json `files` from blacklist to
whitelist.
// FREEBIE
Database logging is helpful as a debugging tool, but it creates an
infinite loop with the debug log, which wants to write to the database,
which wants to write to the log, which wants to write to the database,
which wants to write to the log, which wants to write to the database,
which wants to write to the log, which wants to write to the database...
// FREEBIE
Just use the english locale for now. Load locale data from the
filesystem in the main process and pass it to the renderer preload
script via ipc. Note that we need the locale data to be available by the
time view scripts are loaded.
// FREEBIE
Set NODE_ENV at run time or build time to switch the app between dev and
production modes.
At build time, the current NODE_ENV will be included in the packaged
app's package.json file. At runtime we read NODE_ENV from package.json,
but also allow the local environment variable to override. A query
string parsed by a preload script exposes the value to the renderer,
which then determines whether we use the staging or production server.
Additionally, different environments have different user data
directories.
// FREEBIE
Nothing stops us from rendering the inbox in the background page, since
it is no longer a background page at all. TODO: intercept window close
events to hide this window instead of closing it unless the app is quit
explicitly.
// FREEBIE
Because export might take a couple minutes, we now set expectations
that it might take 'several minutes' instead of just 'please wait.'
We also promote 'Install new Signal Desktop' from a text link in the
instructions to a button. This is important on the 'Completed' screen
because it is bigger and to the left of the 'Export Again' button, which
previously drew primary focus on that screen.
Lastly, we also remove the title-specific element of the support link,
so we're resilient to title changes in the future.
FREEBIE
On a recent trip through a CPU profile taken while Signal Desktop
churned through a large backlog of messages, it was clear that
console.log was a major source of time spent, primarily the sort
operation required after every new entry is added to the Backbone
collection. So, three different techniques to combat this:
1) Reduce the maximum number of entries in the collection from 5k to 2k
2) No more logging of add/update/remove queue in MessageReceiver
3) No more log entries in Message.handleDataMessage main codepath
FREEBIE
* Don't show notifications for verified state change with yourself
It's confusing to users, and it really doesn't mean anything anyway.
FREEBIE
* Add log statement that we've suppressed a verified notification
FREEBIE
* Export: limit attachment names to 30 chars, tests for helper fns
Also, reintroduce last contact date in conversation dir name
FREEBIE
* MessageView tests: Fix failures during blanket coverage run
FREEBIE
When we relied on the actual value of the color property to be supplied
to the updateColor change event listener, sometimes it would be null.
Then the conversation bubbles would have no color at all, making the
text hard to read.
FREEBIE
* Fetch all conversations on startup of app, not on inbox load
A recent change to fetch conversations less didn't take into account all
that can happen in the app without the inbox loaded. That only happens
when the window is shown, and messages can come in with the app in the
background. In that case, the conversation wouldn't have been loaded
from the database, but would be saved to the database anyway, losing
data.
This change fetches all conversations as soon as the the data store is
ready for a fetch. It also introduces failsafe throws to ensure that
synchronous ConversationController accesses don't happen until the
initial fetch is complete. A new getUnsafe() method was required to
account for some of the model setup that happens during that initial
conversation fetch.
Fixes#1428
FREEBIE
* Fix tests: ConversationController.load() required before get()
FREEBIE
* Fetch conversations once, clean up ConversationController API
Race conditions around re-fetching have caused some problems recently,
so this removes the need to re-fetch conversations. They are fetched
once or saved once, and that is it. All interaction goes through the
ConversationController, which is the central source of truth.
We have two rules for Conversations:
1. If a conversation is in the ConversationController it doesn't need
to be fetched, but its initial fetch/save might be in progress. You
can wait for that fetch/save with conversation.initialPromise.
2. If a conversation is not already in the ConversationController, it's
not yet in the database. It needs to be added to the
ConversationController and saved to the database.
FREEBIE
* Remove Conversation.fetch() call in Message.handleDataMessage()
FREEBIE
* ConversationController.API cleanup: Fix two missing spots
FREEBIE
When processing a contact sync with embedded identity key verification info, we
were running overlapping async fetch/save operations on the same conversation
model, causing a race that tends to clobber updates to the contact info.
In this change we extend the application-level contact info handler to block on
a subsequent call to the verification handler, which effectively serializes the
fetch/save calls, and relieves the need for the message receiver to trigger a
seperate event concerning the verification info on contact sync messages.
Fixes#1408
// FREEBIE
* On export, don't print out entire group id, just last three chars
FREEBIE
* Export: Limit conversation dirs to 30 characters of original name
FREEBIE
* Redact groups ids on import as well
FREEBIE
* InboxView: Protect against nonexistent loading screen
FREEBIE
* Add support for backup and restore
This first pass works for all stores except messages, pending some scaling
improvements.
// FREEBIE
* Import of messages and attachments
Properly sanitize filenames. Logging information that will help with
debugging but won't threaten privacy (no contact or group names),
where the on-disk directories have this information to make things
human-readable
FREEBIE
* First fully operational single-action export and import!
FREEBIE
* Add migration export flow
A banner alert leads to a blocking ui for the migration. We close the socket and
wait for incoming messages to drain before starting the export.
FREEBIE
* A number of updates for the export flow
1. We don't immediately pop the directory selection dialog box, instead
showing an explicit 'choose directory' button after explaining what is
about to happen
2. We show a 'submit debug log' button on most steps of the process
3. We handle export errors and encourage the user to double-check their
filesystem then submit their log
4. We are resilient to restarts during the process
5. We handle the user cancelling out of the directory selection dialog
differently from other errors.
6. The export process is now serialized: non-messages, then messages.
7. After successful export, show where the data is on disk
FREEBUE
* Put migration behind a flag
FREEBIE
* Shut down websocket before proceeding with export
FREEBIE
* Add MigrationView to test/index.html to fix test
FREEBIE
* Remove 'Submit Debug Log' button when the export process is complete
FREEBIE
* Create a 'Signal Export' directory below user-chosen dir
This cleans things up a bit so we don't litter the user's target
directory with lots of stuff.
FREEBIE
* Clarify MessageReceiver.drain() method comments
FREEBIE
* A couple updates for clarity - event names, else handling
Also the removal of wait(), which wasn't used anywhere.
FREEBIE
* A number of wording updates for the export flow
FREEBIE
* Export complete: put dir on its own line, make text selectable
FREEBIE
There's really no reason to retry encryption errors again if they've
already been made user-visible in a conversation.
Also, refactor e->error in background.js onError(), since both e and ev
in this method made it too easy to make a mistake.
- How long it takes to get a message through the pre-send checks
- How long it takes to open a conversation for the first time
- The timestamp of any message we send to corellate with other logs
- Add conversation ID to 'decrypt old identity key errors' start/end
FREEBIE
Because we do a number of async checks before allowing the real send to
begin, on a slow matchine or when doing a lot of work (like receiving a
lot of messages) there can be a noticeable delay between hitting Enter
and the clearing of the text in the message box. In fact, newly-typed
text can be added to the previous message if the delay is long enough.
This prevents any interaction with the message box until the send has
either been prevented or has started.
FREEBIE
Discovered a user log where expiring message checks were happening
constantly. This ensures that a very large timeout doesn't roll over
into immediate callbacks.
FREEBIE
isVerified and isUntrusted both went to the protocol layer, but were not
prepared for rejected promises resulting from missing records. This
prevented send in large groups where there has never been a message
exchanged with one of the members.
FREEBIE
I believe this to be the reason behind some of the high resource usage
on startup. If a lot of read receipts come in for disappearing messages,
this method can be called many, many times very quickly.
FREEBIE
Not sure exactly how to think about Chrome app lifetimes, so we're
being conservative. We only show the full-application loading screen
once, on first display of the inbox.
FREEBIE
Model operations are vulnerable to exceptions thrown by event handlers.
Because this can interrupt really important data operations, it's better
to let the operation continue and log the error. In all likelihood it's
a view-related problem, and that shouldn't cause any data operation to
fail.
FREEBIE
Fix too-aggressive verification notifications on startup by starting a
conversation with the right initial verified state, and then making sure
to fetch() before setting a new verified state.
FREEBIE
On every click, even when sub-panes were open, we were calling
markRead(), which would save the conversation model with the new
unreadCount. The KeyVerificationPanelView was wired up to the change
event on conversation, so it would render with the results of that
update, then finally the user's intended update.
FREEBIE
This removes our support for the New Key/DEFAULT case, which iOS will
sync to us. Why? Because it ensures that in out of date scenarios, we
don't lose the higher-security state we were in previously.
FREEBIE
Tabbing right after entering the view would cause everythign to go crazy
as focus went back to the pane you were just on. This change both sets
the proper focus on load of that view (on the cancel button) and hides
other panes when they aren't active, only making them visible again when
they are once again the 'top' pane.
FREEBIE
New experience in the Message Detail view when outgoing identity key
errors happen, matching the Android View.
'View' button is only shown on outgoing key errors right now.
When a contact with an outgoing identity key error is clicked, they are
taken to a view like the popup that comes up on Android: an explanation
of what happened and three options: 'Show Safety Number', 'Send Anyway',
and 'Cancel'
Contacts are now sorted alphabetically, with the set of contacts with
errors coming before the rest.
FREEBIE
If the key has changed, saveIdentity will archive sibling sessions, but not the
session for the device it was called on. Therefore we have to archive that one
by hand.
Also switch from saving the identity of an OutgoingIdentityKeyError to just
triggering a profile fetch, mostly for consistency, simplicity, and DRYness.
// FREEBIE
This can happen with unknown groups, where we don't know the list of
members but we're receiving messages. It's generally not a good
experience, but we shouldn't crash.
FREEBIE
These were failing because ByteBuffers from the protobufs need to be converted
to ArrayBuffers. Fixed by useing the existing handler in MessageReceiver to
process verified messages from contact sync messages and dispatch them as their
own events, reducing some complexity on the application side.
// FREEBIE
In some cases, due to promise chaining and error propagation, we were
calling registerError more than once for a given error. This would then
cause the overall callback for the send operation to be called with a
partial set of errors, as well as duplicates.
Note: we do need to find a way to attach identityKey to the
OutgoingIdentityKeyError in the case where it comes directly from the
encrypt() instead of our pre-key operations.
FREEBIE
First construct a null message of random size and contents and send it to the
destination. Then include that same padding in the verification sync.
Note that the sync message is additionally randomly padded like all other sync
messages.
This lets Verified sync messages appear the same as normal sync message traffic.
// FREEBIE
Just log em for debugging. Also update the error messge thrown when we get a
content message with no supported properties. It may be empty or may just have
an unrecognized field.
// FREEBIE
Sessions established with the previous identity should no longer be used for
sending, so we should close them.
Since we've added this call to saveIdentity, we can omit the call to it after
profile fetches.
// FREEBIE
processVerifiedMessage checks the current state of the database against the
identity key from an incoming verification sync message to determine whether or
how to update our local record.
When syncing a DEFAULT status and we have no local record, it's a no-op, but
we'll log it.
When syncing a DEFAULT status and we have non-default record with the same key,
mark it as default.
When syncing a VERIFIED status and either:
1. we have no key on record,
2. we have have a different key on record, or
3. we have the same key on record, but not verified
mark it as verified.
Otherwise do nothing.
References: https://github.com/WhisperSystems/Signal-Android/blob/master/src/org/thoughtcrime/securesms/util/IdentityUtil.java#L129
// FREEBIE
Ensure processVerified resolves
The shield matches the Android app's key change notification, and the
clock icon was easy to do and makes it easier to visually distinguish
those items in the conversation history.
FREEBIE
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.
// FREEBIE
We also show more errors than we used to in the MessageDetail screen
to help make it clear what is happening, and why the user would need to
re-send.
FREEBIE
It doesn't run today - it depends on RecipientsInputView, which depends
on Backbone.TypeaheadCollection which doesn't currently exist in the
product.
FREEBIE
Not yet using the new APIs, but ready to. Still to do:
- Send sync messages on trust decisions
- Respond to received trust decision sync messages
- Show trust decisions in the conversation history
- In that rare situation where a sent message ends up with a key error
make it easy to retry the send.
FREEBIE
Also:
- All the necessary wire-up to update things in real time. If you have
a safety number page up via a group member view as well as via a 1:1
conversation with that contact, they'll both be updated as the
underlying model changes. Similarly, the overall group will update
in real-time as members change.
- A bit of special-casing for yourself in a group conversation - you're
shown as 'me' and are not clickable, where normally that would take you
to the Safety Number screen for that contact. You are also not included
in the trust calculations for a given group.
FREEBIE
Reduce ambiguity in between the record itself, which now stores other
information besides the public key, and its `publicKey` attribute, which
contains an ArrayBuffer of key material.
This model is internal to SignalProtocolStore.
// FREEBIE
Previously we would only clear the publicKey since that was the only attribute,
but now we should delete the entire record. This method is currently only called
from tests.
// FREEBIE
saveIdentityWithAtttributes allows directly setting all properties of an
identity key record. In AccountManager we use it to save our own identity
key after a new registration.
Previously we would remove the existing key first in order to coerce firstUse to
true, but now we can simply set it explicitly, along with a VERIFIED status.
// FREEBIE
This will enforce that all identity record attributes are valid and present
before allowing the record to be saved. This is necessary since we will be
exposing a lower-level method to save an identity with explicit values for
firstUse, nonblockingApproval, and verified status.
Previously we only expected these errors to occur when decrypting prekey
messages, so we need to add handling for them in the case of a normal message.
// FREEBIE
Multiple cases here:
1. setting our own key on registration
1. changing identities from a safety number change dialog
Note that removeIdentityKey runs before saveIdentity, so we'll always end up
with firstUse: true on our own key.
// FREEBIE
saveIdentity is now reponsible for determining firstUse, so we must not remove
the existing key before updating it.
Previously, the implementation provided an extra check against overwritting an
existing key, but that should be done via isTrustedIdentity instead.
// FREEBIE
We can use the same padded plaintext across multiple numbers or attempts rather
than re-creating it every time we encrypt to a particular number.
// FREEBIE
We will now always attempt to mark things unread if this method. If the
conversation's unreadCount gets out of date, set to zero, we will still
do it. If we go through the motions, and nothing is newly marked read,
we will still set the unreadCount to zero.
We queue the job because we often get a whole lot of read receipts at
once, and their markRead calls could very easily overlap given the async
pull from DB.
We also disable read receipts for any message marked read due to a read
receipt. That's a notification explosion we don't need.
FREEBIE
We mark as read everything older than this message - to clean up old
stuff still marked unread in the database. If the user generally doesn't
read in the desktop app, so the desktop app only gets read receipts, we
can very easily end up with messages never marked as read (our previous
early read receipt handling, read receipts never sent because app was
offline).
FREEBIE
Because we only attach AttachmentViews to the DOM when they fire their
'update' event, we were subject to a race condition. If that event fired
after the final Message.render(), then it would be properly attached to
the final DOM node. If it fired early, it would end up missing from
the visible DOM entirely, attached to the old, discarded version of
the message.
This change updates our handling of a second call to loadAttachments().
Instead of bailing out if we've been called before, we attempt to
re-add our child AttachmentViews to the current DOM. But only if the
'update' event has been fired, and if their current parent node is not
what is in the DOM.
FREEBIE
To handle the same 'not quite at the bottom' case that our 30px buffer
gives us for marking messages read, we use the same atBottom() method to
determine whether we should mark everything unread. Saves the effort and
potential missed messages (due to partial pixels, etc.).
FREEBIE
This is no longer guaranteed to be true. If you're scrolled up in a
conversation, you may not have read all messages. Setting the
unreadCount to zero will prevent the user from marking any of their
existing messages as unread until something else happens, like receiving
a read receipt or new message.
FREEBIE
- initialize doesn't need to call update because
MessageView.renderExpiring() calls it immediately
- we don't need the className because that's already present on
the el it attaches to, part of the MessageView's template.
FREEBIE
- Only mark messages read when scrolling if in focus and visible
- Remove last seen indicator when scrolling to the bottom with scroll
down button
- Update last seen indicator when we don't already have one and we're
scrolled up.
FREEBIE
It can be moved if you're not scrolled to the bottom of of the window
or the window doesn't have focus when a new message comes in. Other than
that, it marches up the window until you close and reopen the
conversation, or send a message.
Note that we do NOT mark messages as read if they come in when you are
scrolled up. But we do mark the entire conversation as read if you
switch away from the app and back.
FREEBIE
Re-renders happen when we re-fetch messages from the database, and our
previous technique for loading attachments resulted in a new attachment
view added for every call to render()
This change ensures that a second call to render() does not add any more
attachment views.
FREEBIE
* Remove increment behavior
* Dismiss when new messages arrive but the window is focused
* Update the indicator when window becomes focused.
// FREEBIE
This is to ensure that when there are a lot of unread messages, the user
is given the chance to see all of them by being scrolled to the oldest
new message.
When a new message comes in, the indicator will be incremented.
When the user sends a message or switches away from the conversation,
the last seen indicator will be removed.
FREEBIE
This was supposed to solve the problem of losing group state after a reinstall
by inspecting member registration ids and pre-emptively sending group updates to
those who appear newly re-registered, but it has been unused since 6123c419.
Nowadays there's a protocol for requesting lost group state from other members.
// FREEBIE
Add names and sizes for all attachments except images, and (as with
arbitrary attachments), clicking on the text will open a save dialog.
In the absence of a filename, choose something that makes sense.
Display different icons for different media types, including distinct icons
for voice notes and audio files.
In iOS theme, audio, video, voice, and files are all encapsulated in bubbles.
Closes#804Closes#842Closes#836
// FREEBIE
Check for early read receipts for an incoming messages *after*
processing the expireTimer on that message. Then we can set
expirationStartTime appropriately if an early receipt is found.
Closes#950
// FREEBIE
Bind a single listener to keychange events from the storage interface,
which then looks up relevant conversations and adds notices to them,
with tests.
Previously we would need to instantiate a conversation model in order to
start listening to its key change events. In practice this usually
happens at startup but we shouldn't rely on it, and it incurs higher
overhead since it creates a different listener for each conversation.
// FREEBIE
Sometimes .mov files arrive with content type video/quicktime, but must
be saved to .mov in order for osx to recognize them as videos and open
the appropriate default program, display thumbnails, etc...
// FREEBIE
Make arbitrary files look nicer and display the filename.
If an audio or video element fails to load for any reason, timeout after
a few seconds and render it as an arbitrary file. Also short circuit to
this treatment for common audio and video file types that we know are
going to fail, e.g., proprietary formats from apple.
// FREEBIE
Let install view manage the connection to the provisioning socket as
well as cleaning up the window on completion, simplifying options.js.
Call `remove` so that the view stops listening when the window closes.
Move view script and template to background page.
Adds ability to hide nav if this isn't our first run.
// FREEBIE
Listen for reconnectTimer to display reconnection info. Listen for
unauthorized to update network status immediately after a failed login,
rather than waiting for the normal 5s interval to time out.
// FREEBIE
When we can't connect due to being unlinked, network status indicator
will show an appropriate informational message and a button to open the
installer window to relink.
// FREEBIE
Now that the InboxView is initialized in the background page context, we
can manipulate it more directly, without going through a global function
on the foreground window.
// FREEBIE
Don't wait for background init before rendering inbox.
If the client detects that it has become unlinked, it will not call
`init()`, never fire the deferredInit, and never render the inbox,
but we want to allow users access to their local messages even if they
have (perhaps temporarily) unlinked the desktop client.
Also, prefer not to extend Backbone.Model until/unless we really need
it.
// FREEBIE
This makes the "x" in the search bar always visible when there is
text in the search box, even if the mouse is not hovering, hopefully
making for a clearer UI around search and resolving issue #741
The implementation adds the "x.svg" as a background image to the search
box when it is classed with .active, in addition to the
-webkit-search-cancel-button, which is still there for the actual
functionality but only appears on mouse hover (one tiny snag is that
coloring appears slightly different on hover, at least on my screen -
don't know if this is a problem).
I accounted for both ltr and rtl text-direction by using
getComputedStyle(...).direction to detect from the input's dir="auto"
- if there's a more elegant way to do this, please suggest. An ideal
solution would use the :dir pseudo-class but it's not implemented
in Chrome yet - https://developer.mozilla.org/en-US/docs/Web/CSS/:dir
For now, I added the direction-checking to inbox_view.js. I see that
input.search is also used in new_group_update_view.js and
recipient_input_view.js but neither of these views seem to be in use (?)
and they don't set the .active class anyway, so I ignored them.
Update: Amended version a few hours later - fixed and manually tested
color and spacing for iOS and Android Dark themes. Also made some new
SASS variables to make things DRYer and fixed my tab size.
There may come a day when we may need to change this url from the server
side. On that day, clients should continue to operate normally. The
service should be able to change attachment server locations without
requiring a client update.
// FREEBIE
Expiring messages received before 0.31.0 may not have an expires_at time
populated. Loading these messages once will update their expires_at if
it wasn't already set. To avoid loading too many messages into memory,
add them individually, and remove them from the collection as soon as
they are added, allowing them to be garbage collected immediately.
// FREEBIE
Previously if there was no session to remove, the promise returned from
removeSession would never resolve, potentially blocking sending for that
recipient until restart.
// FREEBIE
This reverts commit a768b94471.
d2ddfc7 was enough to fix#989. Removing unregistered members from the
group (as opposed to silently ignorning them) creates greater potential
for getting out of sync with the member lists on other devices.
// FREEBIE
Rotate signed prekey every 48hrs, waiting for online access if
necessary. After a rotation attempt is made, schedule the next run for
48hrs in the future.
We use a timeout to "wake up" and handle the rotation. This timeout gets
set on startup and whenever the next rotation time is changed. For
paranoia's sake, always clear the current timeout before setting the
next one.
Since new registrations necessarily upload new signed keys, we reset the
scheduled time to T+48hrs on `registration_done` events.
// FREEBIE
Previously, updateNumbers would throw an Error, so the whole group
update was discarded.
Signal-Android handles this the same way in
GroupMessageProcessor.handleGroupUpdate().
Closes#1056
If some future client ever sends us an arbitrary timer value which we do
not currently support, present it as a duration in seconds in timer
update messages and ui, where we would otherwise have rendered nothing,
e.g., "You set the timer to ."
// FREEBIE
Don't set lastMessage, let it update itself as needed, such as when
first rendering a conversation list item, and when its messages are
sent, received, or destroyed.
Let received_at be the current time for keychanges. This avoids them
being inserted in the wrong place in the thread.
Use the newmessage event to trigger frontend listeners to add them to
the conversation view if it is open.
Turns out there's no garauntee that Android will send us contact info
with phone numbers in e164 format. When that happens, we fail to update
the correct contact. Fix by performing validation on the incoming number
before attempting to merge changes to the name, avatar, or color.
Fixes#903
Add a special type of collection just for retrieving group ids, which
doesn't incur the overhead of initializing a conversation model along
with all its group members.
There are some cases when we want to initialize a group object without
loading its contacts, such as while processing delivery receipts. We
really only need to load the contacts for a group/convo when we are
rendering it, so let the front end handle those cases (which most of
them do already).
TimestampView's getRelativeTimeSpanString called moment() twice while
calculating the timeout. If there was a minute/hour/day wrap between
these 2 calls, the calculated delay was 0 and thus no timer was
scheduled, since if (this.delay) evaluated to false.
Fixes: #857, #460
// FREEBIE
Usually new elements are inserted in a predictable order relative to the
sort order of the models/collection, but it's not garaunteed. This fixes
up message element insertion to handle the general case where elements
can be added in any order and must be displayed in correct order as
determined by the collection's sort function. In the worst case, we'll
have to iterate over the entire list of elements to find the right spot,
but in practice most of the time we can short circuit based on the index
of the model or by looking for the predecessor or successor of the
element in question.
This breaks the css-purity of our mixin but is necessary in order to
apply the initial offset of the hourglass animation dynamically, since
jquery can't manipulate arbitrary css on psuedo elements.
When initialized, or when expiration-related attributes change, expiring
messages will set timers to self-destruct. On self-destruct they trigger
'expired' events so that frontend listeners can clean up any collections
and views referencing them.
At startup, load all messages pending expiration so they can start their
timers even if they haven't been loaded in the frontend yet.
Todo: Remove expired conversation snippets from the left pane.
Test page loads fixtures and renders the inbox view. This may be useful
for smoke testing style changes or generating screenshots with
pseudo-realistic data.
Includes a couple small changes to get rendering working outside the
app.
Use emojijs for replacing unicode with image tags for display. We were
already using it to replace colons with unicode. Additionally it has
a companion data repo that is kept up to date with images from all
the common image sets.
// FREEBIE
Move away from inline style attributes for setting contact colors.
Apply colors by name via css classes instead. Also lays groundwork
for syncing contact colors.
// FREEBIE
Fix some visual bugs occuring at large font size:
* Contact names break onto the next line after their avatars in
message detail screen
* Settings menu font-size failed to scale
* Handle Content overflow in modals.
// FREEBIE
Let momentjs handle proper pluralization of relative times. This comes
at the sacrifice of displaying 'minutes' in the conversation list
timestamp rather than 'min'. Note that we don't use moment's fromNow
instance method so as to preserve the rounding logic that matches the
Android client.
// FREEBIE
In some cases, we have already received a read receipt for an incoming
message by the time we go to create a notification about it. In this
case, we should skip the notification.
// FREEBIE
This commit stops the MessageView from adding the attachment more than once. Previously an attachment was appended to the MessageView every time an update
event was emitted, which happens when forwarding.
// FREEBIE
This commit changes the inbox to stop video and audio elements when selecting a new conversation, and to not stop such elements when the same
conversation was selected (fixes#391).
// FREEBIE
Despite the "click to save"-description of unsupported file types, clicking them did not save them.
This commit implements a Save-As dialog instead of opening the file in chrome.
// FREEBIE
If a user has no groups, no group sync message is sent. This is a normal
result that should result in a success event rather than a timeout.
// FREEBIE
Add a section under settings for performing a contact sync from your
mobile device. This just re-runs the same import operation that occurs
at install/link time.
// FREEBIE
Fixes a session management problem where, after resolving a conflict
with some contact, that contact would get bad mac as a result of us
sending them a new prekey message before processing a pending conflicted
prekey message received from them earlier.
Fixes#806
// FREEBIE
* libsignal.Curve is now a synchronous interface.
* libsignal.Curve.async is now the asynchronous interface.
* Fixes bugs in session management.
// FREEBIE
The getDeviceObjectsForNumber method returns device objects that contain
nothing but the encodedNumber property. Instead, just deal in deviceIds
until a SignalProtocolAddress is constructed to manage both the number
and deviceId.
// FREEBIE
Now that we simply establish and save a session via SessionBuilder
rather than saving the keys to pass in during encrypt, we can stop
caching them in memory in between the identity key check and the
encryption step.
// FREEBIE
* Apply the same rounding to in message bubbles and conversation list.
Also make them consistent with Android's relative times. Fixes#682
* Show full timestamps when hovering on relative time
* Compute timestamp update delays more precisely:
Set timestamps to self-update as soon as they are able to change
rather than a fixed time since the last update.
* Refactor for customizable/localizable relative times
* Update timestamp tests
* Log timestamp update intervals to help debug #460
In the case of a double send (same message encrypted and sent twice due
to key conflict bug), we would mark the first instance read twice rather
than marking both instances read. Fix by searching for matching messages
that have not yet been marked read.
// FREEBIE
When deleting all messages in a conversation, the entry in the left pane
should be inserted into the alphabetical portion of the list. To keep it
in this collection, do not nullify active_at.
To ensure the list view is keeping itself correctly sorted, make sure
that resorting behavior is triggered any time a relevant attribute is
changed.
This fixes deleted conversations jumping to the top of the list, and
conversation order scrambling when getting a group or contact sync
message from our master device.
Fixes#734
// FREEBIE
For messages that failed to send due to network errors, this change
allows retrying them directly from the main conversation view rather
than only from the message detail view.
// FREEBIE
Previously, if a message was sent in between the receive time of an
incoming message and the time it is actually added to the conversation's
message collection (which only occurs later after several async
callbacks), the incoming message would be inserted not-at-the-end of the
collection since it is ordered by receive time. This tricked the front
end into assuming the message was an older message instead of a new one.
Fixes#490
// FREEBIE
The onChangeActiveAt listener promotes newly activated conversations to
the top of the inbox. By firing on an 'add' event, if the conversation
list happened to load after the inbox frontend was initialized, each new
entry would be incorrectly moved to the top, effectively reversing the
list.
// FREEBIE
Prevent races between encrypt and decrypt calls, and other read/write
operations on the session store by serializing session io ops per
device.
Possible fix for #535
// FREEBIE
Remove individual messages from Notifications when marked read.
Previously this was only done from the conversation model when marking
the entire conversation as read.
Fixes#717
// FREEBIE
Order conversation list by timestamp instead of active_at. The former is
the send time of the most recent message. The latter is typically the
receive time of that message. This can cause mis-ordering if you send a
message while processing a backlog of incoming messages.
Fixes#617
// FREEBIE
Don't save the change until we successfully process the message, but
make it first so that the user sees the error disappear when the new key
is accepted.
// FREEBIE
Previously, we switched to not updating the notification popup on a
removal, since this usually respawns a new notification popup
unexpectedly. However, when the last relevant notification is cleared
(ie, by opening/reading the thread before the notification times out and
disappears on its own) we should clear the existing popup if there is
one.
// FREEBIE
If the replay failed due to a bad mac or other decryption error for some
other reason we still want to clear the conflict. If it failed because
it's still in conflict then the newly returned error will reflect that
and be saved.
// FREEBIE
This flow broke a bit with transition to modal debug log.
Restructure such that the loading class can be applied to an appropriate
element inside the modal. Ensure that the input elements are hidden when
submit is clicked, the result elements are shown when the log upload is
completed.
// FREEBIE
Untangle these two views into their component parts, consolidating all
the key conflict logic in the key conflict view. Contact view now simply
renders basic contact info and miscellaneous errors but not conflicts or
message errors.
// FREEBIE
Network errors render as a resend dialogue at the top of the message
detail and need not be re-reported in the contact list or errors
section.
// FREEBIE
Occasionally these will fail if they happen to be executed before the
necessary dependencies (storage, ConversationCollection) are declared.
// FREEBIE
This should really only be called once, from background.js.
Calling it twice can cause doubled listeners for the registration_done
event, which in turn leads to duplicate post-registration callbacks,
dual sync requests, and an eventual datastore inconsistency.
Fixes#670
// FREEBIE
Previously, notifications were persistent until explicitly dismissed
from the notification center (a bell icon in the system tray), but that
ui has been removed from chrome*, so now updating on remove is
unexpectedly creating a new notification pop up.
*http://blog.chromium.org/2015/10/streamlining-notifications-on-desktop.htmlFixes#667
// FREEBIE
Because remote clients will delete all sessions in response to an end
session message, regardless of which device it came from, when our
linked device sends an end session message, we must also end all
sessions with the destination.
This change moves the end session flag processing to processDecrypted,
which is shared between handlers of sent messages, data messages, and
messages which are re-tried after resolving identity conflicts.
// FREEBIE
Help debug bad session errors by logging some envelope info about the
message we are about to decrypt. With this, if there is a decryption
error (e.g., bad mac or no session) it is clear from the logs what
number and device message sent the bad message.
Also log when we send and receive end session messages and when we close
sessions for certain devices.
// FREEBIE
Since the introduction of infinite scroll, the delete messages function
has only deleted the currently loaded set of messages in a conversation.
To fix this, we should fetch all the messages and then delete them.
Fixes#645
// FREEBIE
When `millis_since` becomes larger than one week, `delay` becomes
negative and is set to Zero. This causes an infinite loop and therefore
100% CPU usage (single thread).
// FREEBIE
Some basic modifications to the Confirmation Dialog:
* Always attached to <body> regardless of view that called it.
* Always centered horizontally on screen.
* A black semi-transparent overlay is now displayed over everything, and under
the dialog.
* Various other style changes.
fixes#389
// FREEBIE
Previously we would delete our own key from the trust store when
re-linking, in case it changed. We can also immediately take one step
further and store the new key. Typically this happens in the course of
requesting sync info from the master device, except in the case of
standalone clients.
Closes#596
// FREEBIE
* Move install flow i18n logic to install_view.js (from options.js)
* Switch to using placeholders (instead of jQuery) for i18n messages with html.
* Switch to using moustache template instead of jQuery for i18n substitution.
// FREEBIE
Sometimes an error is thrown while processing groups from a group sync
message. We still want to fire the groupsync event when we're done
handling all the data, even if some of it was bad.
Similar in function to an xhr request, a textsecure.SyncRequest object
is initialized from a message sender and receiver pair and initiates a
request for sync from the master device. It later fires a success event
when both contacts and groups are done syncing, or a timeout event after
one minute.
// FREEBIE
Group updates in which nothing change should still display 'Updated the
group'. Previously they would display as empty message bubbles. Fixed by
ensuring that the 'group_update' attribute is set on the model, even if
it is an empty object.
// FREEBIE
Clear the registration flag when we detect that our credentials have
been invalidated, but retain the knowledge that we've been registered
before, so as to preserve post-first-install behaviors like skipping the
introductory install screens, and accessing the main ui.
Fix#541
// FREEBIE
We should not ack envelope protobufs that fail to decode correctly. If
the server happens to send us such a thing it probably indicates a
protocol mismatch between it and the client, in which case the client
needs to update and re-receive the failed message.
// FREEBIE
The user-agent string includes the information needed (OS + Chrome version) and the console.get() function seems just right. The debugLog itself is not manipulated.
Only show sent_at for outgoing messages, matching Android.
The received_at timestamp reflects the time a message was saved locally.
It is necessary on both incoming and outgoing messages for sorting
purposes, but can be confusing in the context of an outgoing message
detail view, since users don't think about themselves "receiving" their
own messages, and may even interpret this as the time that a message was
received by their conversation partner's device.
// FREEBIE
This chrome alarm business is in place to help us wake up and check for
messages when running in the background. Without it, chrome will suspend
our app after a short period of inactivity. Upon waking, if the app
discovers it is not linked, it prompts you to link it. However, if
you've declined registration (i.e., because you already maxed out your
linked device limit, but chrome auto-added the app to another machine),
we should just wait until explicitly launched again.
Fixes#519
// FREEBIE
