209 lines
8.7 KiB
TypeScript
209 lines
8.7 KiB
TypeScript
|
/*
|
||
|
Copyright 2024 New Vector Ltd.
|
||
|
Copyright 2023 The Matrix.org Foundation C.I.C.
|
||
|
|
||
|
SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
|
||
|
Please see LICENSE files in the repository root for full details.
|
||
|
*/
|
||
|
|
||
|
import { mocked, Mocked } from "jest-mock";
|
||
|
import { IBootstrapCrossSigningOpts } from "matrix-js-sdk/src/crypto";
|
||
|
import { MatrixClient, Device } from "matrix-js-sdk/src/matrix";
|
||
|
import { SecretStorageKeyDescriptionAesV1, ServerSideSecretStorage } from "matrix-js-sdk/src/secret-storage";
|
||
|
import { IDehydratedDevice } from "matrix-js-sdk/src/crypto/dehydration";
|
||
|
import { CryptoApi, DeviceVerificationStatus } from "matrix-js-sdk/src/crypto-api";
|
||
|
|
||
|
import { SdkContextClass } from "../../../src/contexts/SDKContext";
|
||
|
import { accessSecretStorage } from "../../../src/SecurityManager";
|
||
|
import { SetupEncryptionStore } from "../../../src/stores/SetupEncryptionStore";
|
||
|
import { emitPromise, stubClient } from "../../test-utils";
|
||
|
|
||
|
jest.mock("../../../src/SecurityManager", () => ({
|
||
|
accessSecretStorage: jest.fn(),
|
||
|
}));
|
||
|
|
||
|
describe("SetupEncryptionStore", () => {
|
||
|
const cachedPassword = "p4assword";
|
||
|
let client: Mocked<MatrixClient>;
|
||
|
let mockCrypto: Mocked<CryptoApi>;
|
||
|
let mockSecretStorage: Mocked<ServerSideSecretStorage>;
|
||
|
let setupEncryptionStore: SetupEncryptionStore;
|
||
|
|
||
|
beforeEach(() => {
|
||
|
client = mocked(stubClient());
|
||
|
mockCrypto = {
|
||
|
bootstrapCrossSigning: jest.fn(),
|
||
|
getCrossSigningKeyId: jest.fn(),
|
||
|
getVerificationRequestsToDeviceInProgress: jest.fn().mockReturnValue([]),
|
||
|
getUserDeviceInfo: jest.fn(),
|
||
|
getDeviceVerificationStatus: jest.fn(),
|
||
|
isDehydrationSupported: jest.fn().mockResolvedValue(false),
|
||
|
startDehydration: jest.fn(),
|
||
|
} as unknown as Mocked<CryptoApi>;
|
||
|
client.getCrypto.mockReturnValue(mockCrypto);
|
||
|
|
||
|
mockSecretStorage = {
|
||
|
isStored: jest.fn(),
|
||
|
} as unknown as Mocked<ServerSideSecretStorage>;
|
||
|
Object.defineProperty(client, "secretStorage", { value: mockSecretStorage });
|
||
|
|
||
|
setupEncryptionStore = new SetupEncryptionStore();
|
||
|
SdkContextClass.instance.accountPasswordStore.setPassword(cachedPassword);
|
||
|
});
|
||
|
|
||
|
afterEach(() => {
|
||
|
SdkContextClass.instance.accountPasswordStore.clearPassword();
|
||
|
});
|
||
|
|
||
|
describe("start", () => {
|
||
|
it("should fetch cross-signing and device info", async () => {
|
||
|
const fakeKey = {} as SecretStorageKeyDescriptionAesV1;
|
||
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: fakeKey });
|
||
|
|
||
|
const fakeDevice = new Device({ deviceId: "deviceId", userId: "", algorithms: [], keys: new Map() });
|
||
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
||
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
||
|
);
|
||
|
|
||
|
setupEncryptionStore.start();
|
||
|
await emitPromise(setupEncryptionStore, "update");
|
||
|
|
||
|
// our fake device is not signed, so we can't verify against it
|
||
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
||
|
|
||
|
expect(setupEncryptionStore.keyId).toEqual("sskeyid");
|
||
|
expect(setupEncryptionStore.keyInfo).toBe(fakeKey);
|
||
|
});
|
||
|
|
||
|
it("should spot a signed device", async () => {
|
||
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
||
|
|
||
|
const fakeDevice = new Device({
|
||
|
deviceId: "deviceId",
|
||
|
userId: "",
|
||
|
algorithms: [],
|
||
|
keys: new Map([["curve25519:deviceId", "identityKey"]]),
|
||
|
});
|
||
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
||
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
||
|
);
|
||
|
mockCrypto.getDeviceVerificationStatus.mockResolvedValue(
|
||
|
new DeviceVerificationStatus({ signedByOwner: true }),
|
||
|
);
|
||
|
|
||
|
setupEncryptionStore.start();
|
||
|
await emitPromise(setupEncryptionStore, "update");
|
||
|
|
||
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(true);
|
||
|
});
|
||
|
|
||
|
it("should ignore the MSC2697 dehydrated device", async () => {
|
||
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
||
|
|
||
|
client.getDehydratedDevice.mockResolvedValue({ device_id: "dehydrated" } as IDehydratedDevice);
|
||
|
|
||
|
const fakeDevice = new Device({
|
||
|
deviceId: "dehydrated",
|
||
|
userId: "",
|
||
|
algorithms: [],
|
||
|
keys: new Map([["curve25519:dehydrated", "identityKey"]]),
|
||
|
});
|
||
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
||
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
||
|
);
|
||
|
|
||
|
setupEncryptionStore.start();
|
||
|
await emitPromise(setupEncryptionStore, "update");
|
||
|
|
||
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
||
|
expect(mockCrypto.getDeviceVerificationStatus).not.toHaveBeenCalled();
|
||
|
});
|
||
|
|
||
|
it("should ignore the MSC3812 dehydrated device", async () => {
|
||
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
||
|
|
||
|
const fakeDevice = new Device({
|
||
|
deviceId: "dehydrated",
|
||
|
userId: "",
|
||
|
algorithms: [],
|
||
|
keys: new Map([["curve25519:dehydrated", "identityKey"]]),
|
||
|
dehydrated: true,
|
||
|
});
|
||
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(
|
||
|
new Map([[client.getSafeUserId(), new Map([[fakeDevice.deviceId, fakeDevice]])]]),
|
||
|
);
|
||
|
|
||
|
setupEncryptionStore.start();
|
||
|
await emitPromise(setupEncryptionStore, "update");
|
||
|
|
||
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
||
|
expect(mockCrypto.getDeviceVerificationStatus).not.toHaveBeenCalled();
|
||
|
});
|
||
|
|
||
|
it("should correctly handle getUserDeviceInfo() returning an empty map", async () => {
|
||
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
||
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(new Map());
|
||
|
|
||
|
setupEncryptionStore.start();
|
||
|
await emitPromise(setupEncryptionStore, "update");
|
||
|
expect(setupEncryptionStore.hasDevicesToVerifyAgainst).toBe(false);
|
||
|
});
|
||
|
});
|
||
|
|
||
|
describe("usePassPhrase", () => {
|
||
|
it("should use dehydration when enabled", async () => {
|
||
|
// mocks for cross-signing and secret storage
|
||
|
mockSecretStorage.isStored.mockResolvedValue({ sskeyid: {} as SecretStorageKeyDescriptionAesV1 });
|
||
|
mockCrypto.getUserDeviceInfo.mockResolvedValue(new Map());
|
||
|
mockCrypto.getDeviceVerificationStatus.mockResolvedValue(
|
||
|
new DeviceVerificationStatus({ signedByOwner: true }),
|
||
|
);
|
||
|
mocked(accessSecretStorage).mockImplementation(async (func?: () => Promise<void>) => {
|
||
|
await func!();
|
||
|
});
|
||
|
|
||
|
// mocks for dehydration
|
||
|
mockCrypto.isDehydrationSupported.mockResolvedValue(true);
|
||
|
const dehydrationPromise = new Promise<void>((resolve) => {
|
||
|
// Dehydration gets processed in the background, after
|
||
|
// `usePassPhrase` returns, so we need to use a promise to make
|
||
|
// sure that it is called.
|
||
|
mockCrypto.startDehydration.mockImplementation(async () => {
|
||
|
resolve();
|
||
|
});
|
||
|
});
|
||
|
client.waitForClientWellKnown.mockResolvedValue({ "org.matrix.msc3814": true });
|
||
|
|
||
|
setupEncryptionStore.start();
|
||
|
await emitPromise(setupEncryptionStore, "update");
|
||
|
|
||
|
await setupEncryptionStore.usePassPhrase();
|
||
|
|
||
|
await dehydrationPromise;
|
||
|
});
|
||
|
});
|
||
|
|
||
|
it("resetConfirm should work with a cached account password", async () => {
|
||
|
const makeRequest = jest.fn();
|
||
|
mockCrypto.bootstrapCrossSigning.mockImplementation(async (opts: IBootstrapCrossSigningOpts) => {
|
||
|
await opts?.authUploadDeviceSigningKeys?.(makeRequest);
|
||
|
});
|
||
|
mocked(accessSecretStorage).mockImplementation(async (func?: () => Promise<void>) => {
|
||
|
await func!();
|
||
|
});
|
||
|
|
||
|
await setupEncryptionStore.resetConfirm();
|
||
|
|
||
|
expect(mocked(accessSecretStorage)).toHaveBeenCalledWith(expect.any(Function), true);
|
||
|
expect(makeRequest).toHaveBeenCalledWith({
|
||
|
identifier: {
|
||
|
type: "m.id.user",
|
||
|
user: "@userId:matrix.org",
|
||
|
},
|
||
|
password: cachedPassword,
|
||
|
type: "m.login.password",
|
||
|
user: "@userId:matrix.org",
|
||
|
});
|
||
|
});
|
||
|
});
|