Merge pull request #3995 from matrix-org/jryans/4s-in-mem

Add advanced option to keep secret storage in memory for session
2020-01-31 10:45:57 +00:00 · 2020-01-31 10:45:57 +00:00 · 19ab395c18
parent 68b2454920 788cb24093
commit 19ab395c18
4 changed files with 23 additions and 6 deletions
--- a/src/CrossSigningManager.js
+++ b/src/CrossSigningManager.js
@ -20,6 +20,7 @@ import {MatrixClientPeg} from './MatrixClientPeg';
 import { deriveKey } from 'matrix-js-sdk/src/crypto/key_passphrase';
 import { decodeRecoveryKey } from 'matrix-js-sdk/src/crypto/recoverykey';
 import { _t } from './languageHandler';
+import SettingsStore from './settings/SettingsStore';

 // This stores the secret storage private keys in memory for the JS SDK. This is
 // only meant to act as a cache to avoid prompting the user multiple times
@ -27,7 +28,14 @@ import { _t } from './languageHandler';
 // single secret storage operation, as it will clear the cached keys once the
 // operation ends.
 let secretStorageKeys = {};
-let cachingAllowed = false;
+let secretStorageBeingAccessed = false;
+
+function isCachingAllowed() {
+    return (
+        secretStorageBeingAccessed ||
+        SettingsStore.getValue("keepSecretStoragePassphraseForSession")
+    );
+}

 async function getSecretStorageKey({ keys: keyInfos }) {
    const keyInfoEntries = Object.entries(keyInfos);
@ -37,7 +45,7 @@ async function getSecretStorageKey({ keys: keyInfos }) {
    const [name, info] = keyInfoEntries[0];

    // Check the in-memory cache
-    if (cachingAllowed && secretStorageKeys[name]) {
+    if (isCachingAllowed() && secretStorageKeys[name]) {
        return [name, secretStorageKeys[name]];
    }

@ -71,7 +79,7 @@ async function getSecretStorageKey({ keys: keyInfos }) {
    const key = await inputToKey(input);

    // Save to cache to avoid future prompts in the current session
-    if (cachingAllowed) {
+    if (isCachingAllowed()) {
        secretStorageKeys[name] = key;
    }

@ -104,7 +112,7 @@ export const crossSigningCallbacks = {
 */
 export async function accessSecretStorage(func = async () => { }) {
    const cli = MatrixClientPeg.get();
-    cachingAllowed = true;
+    secretStorageBeingAccessed = true;

    try {
        if (!await cli.hasSecretStorageKey()) {
@ -143,7 +151,9 @@ export async function accessSecretStorage(func = async () => { }) {
        return await func();
    } finally {
        // Clear secret storage key cache now that work is complete
-        cachingAllowed = false;
+        secretStorageBeingAccessed = false;
+        if (!isCachingAllowed()) {
            secretStorageKeys = {};
        }
    }
+}
--- a/src/components/views/settings/tabs/user/LabsUserSettingsTab.js
+++ b/src/components/views/settings/tabs/user/LabsUserSettingsTab.js
@ -66,6 +66,7 @@ export default class LabsUserSettingsTab extends React.Component {
                    <SettingsFlag name={"showHiddenEventsInTimeline"} level={SettingLevel.DEVICE} />
                    <SettingsFlag name={"lowBandwidth"} level={SettingLevel.DEVICE} />
                    <SettingsFlag name={"sendReadReceipts"} level={SettingLevel.ACCOUNT} />
+                    <SettingsFlag name={"keepSecretStoragePassphraseForSession"} level={SettingLevel.DEVICE} />
                </div>
            </div>
        );
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@ -413,6 +413,7 @@
    "Send read receipts for messages (requires compatible homeserver to disable)": "Send read receipts for messages (requires compatible homeserver to disable)",
    "Show previews/thumbnails for images": "Show previews/thumbnails for images",
    "Enable message search in encrypted rooms": "Enable message search in encrypted rooms",
+    "Keep secret storage passphrase in memory for this session": "Keep secret storage passphrase in memory for this session",
    "Collecting app version information": "Collecting app version information",
    "Collecting logs": "Collecting logs",
    "Uploading report": "Uploading report",
--- a/src/settings/Settings.js
+++ b/src/settings/Settings.js
@ -485,4 +485,9 @@ export const SETTINGS = {
        displayName: _td("Enable message search in encrypted rooms"),
        default: true,
    },
+    "keepSecretStoragePassphraseForSession": {
+        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
+        displayName: _td("Keep secret storage passphrase in memory for this session"),
+        default: false,
+    },
 };