Merge pull request #4277 from matrix-org/dbkr/trust_cross_signing_flag

Add a flag to control whether cross-signing signatures are trusted
2020-03-26 12:19:14 +00:00 · 2020-03-26 12:19:14 +00:00 · 6d90307ff7
parent 9933ecbbf6 a9e7bf9899
commit 6d90307ff7
9 changed files with 123 additions and 0 deletions
--- a/res/css/_components.scss
+++ b/res/css/_components.scss
@ -186,6 +186,7 @@
@import "./views/settings/_AvatarSetting.scss";
@import "./views/settings/_CrossSigningPanel.scss";
@import "./views/settings/_DevicesPanel.scss";
+@import "./views/settings/_E2eAdvancedPanel.scss";
@import "./views/settings/_EmailAddresses.scss";
@import "./views/settings/_IntegrationManager.scss";
@import "./views/settings/_KeyBackupPanel.scss";
--- a/res/css/views/settings/_E2eAdvancedPanel.scss
+++ b/res/css/views/settings/_E2eAdvancedPanel.scss
@ -0,0 +1,20 @@
+/*
+Copyright 2020 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+.mx_E2eAdvancedPanel_settingLongDescription {
+    margin-right: 150px;
+}
+
--- a/src/MatrixClientPeg.js
+++ b/src/MatrixClientPeg.js
@ -148,6 +148,9 @@ class _MatrixClientPeg {
            // check that we have a version of the js-sdk which includes initCrypto
            if (!SettingsStore.getValue("lowBandwidth") && this.matrixClient.initCrypto) {
                await this.matrixClient.initCrypto();
+                this.matrixClient.setCryptoTrustCrossSignedDevices(
+                    !SettingsStore.getValue('e2ee.manuallyVerifyAllSessions'),
+                );
                StorageManager.setCryptoInitialised(true);
            }
        } catch (e) {
--- a/src/components/views/rooms/MemberTile.js
+++ b/src/components/views/rooms/MemberTile.js
@ -65,6 +65,7 @@ export default createReactClass({
                });
                if (isRoomEncrypted) {
                    cli.on("userTrustStatusChanged", this.onUserTrustStatusChanged);
+                    cli.on("deviceVerificationChanged", this.onDeviceVerificationChanged);
                    this.updateE2EStatus();
                } else {
                    // Listen for room to become encrypted
@ -88,6 +89,7 @@ export default createReactClass({
        if (cli) {
            cli.removeListener("RoomState.events", this.onRoomStateEvents);
            cli.removeListener("userTrustStatusChanged", this.onUserTrustStatusChanged);
+            cli.removeListener("deviceVerificationChanged", this.onDeviceVerificationChanged);
        }
    },

@ -110,6 +112,11 @@ export default createReactClass({
        this.updateE2EStatus();
    },

+    onDeviceVerificationChanged: function(userId, deviceId, deviceInfo) {
+        if (userId !== this.props.member.userId) return;
+        this.updateE2EStatus();
+    },
+
    updateE2EStatus: async function() {
        const cli = MatrixClientPeg.get();
        const { userId } = this.props.member;
--- a/src/components/views/settings/E2eAdvancedPanel.js
+++ b/src/components/views/settings/E2eAdvancedPanel.js
@ -0,0 +1,39 @@
+/*
+Copyright 2020 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import React from 'react';
+
+import * as sdk from '../../../index';
+import {_t} from "../../../languageHandler";
+import {SettingLevel} from "../../../settings/SettingsStore";
+
+const SETTING_MANUALLY_VERIFY_ALL_SESSIONS = "e2ee.manuallyVerifyAllSessions";
+
+const E2eAdvancedPanel = props => {
+    const SettingsFlag = sdk.getComponent('views.elements.SettingsFlag');
+    return <div className="mx_SettingsTab_section">
+        <span className="mx_SettingsTab_subheading">{_t("Advanced")}</span>
+
+        <SettingsFlag name={SETTING_MANUALLY_VERIFY_ALL_SESSIONS}
+            level={SettingLevel.DEVICE}
+        />
+        <div className="mx_E2eAdvancedPanel_settingLongDescription">{_t(
+            "Individually verify each session used by a user to mark it as trusted, not trusting cross-signed devices.",
+        )}</div>
+    </div>;
+};
+
+export default E2eAdvancedPanel;
--- a/src/components/views/settings/tabs/user/SecurityUserSettingsTab.js
+++ b/src/components/views/settings/tabs/user/SecurityUserSettingsTab.js
@ -281,6 +281,8 @@ export default class SecurityUserSettingsTab extends React.Component {
            );
        }

+        const E2eAdvancedPanel = sdk.getComponent('views.settings.E2eAdvancedPanel');
+
        return (
            <div className="mx_SettingsTab mx_SecurityUserSettingsTab">
                <div className="mx_SettingsTab_heading">{_t("Security & Privacy")}</div>
@ -311,6 +313,7 @@ export default class SecurityUserSettingsTab extends React.Component {
                </div>
                {this._renderIgnoredUsers()}
                {this._renderManageInvites()}
+                <E2eAdvancedPanel />
            </div>
        );
    }
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@ -432,6 +432,7 @@
    "Enable message search in encrypted rooms": "Enable message search in encrypted rooms",
    "Keep secret storage passphrase in memory for this session": "Keep secret storage passphrase in memory for this session",
    "How fast should messages be downloaded.": "How fast should messages be downloaded.",
+    "Manually verify all remote sessions": "Manually verify all remote sessions",
    "Collecting app version information": "Collecting app version information",
    "Collecting logs": "Collecting logs",
    "Uploading report": "Uploading report",
@ -603,6 +604,7 @@
    "Public Name": "Public Name",
    "Last seen": "Last seen",
    "Failed to set display name": "Failed to set display name",
+    "Individually verify each session used by a user to mark it as trusted, not trusting cross-signed devices.": "Individually verify each session used by a user to mark it as trusted, not trusting cross-signed devices.",
    "Disable Notifications": "Disable Notifications",
    "Enable Notifications": "Enable Notifications",
    "Securely cache encrypted messages locally for them to appear in search results, using ": "Securely cache encrypted messages locally for them to appear in search results, using ",
--- a/src/settings/Settings.js
+++ b/src/settings/Settings.js
@ -16,6 +16,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

+import {MatrixClient} from 'matrix-js-sdk';
+
 import {_td} from '../languageHandler';
 import {
    AudioNotificationsEnabledController,
@ -24,6 +26,7 @@ import {
 } from "./controllers/NotificationControllers";
 import CustomStatusController from "./controllers/CustomStatusController";
 import ThemeController from './controllers/ThemeController';
+import PushToMatrixClientController from './controllers/PushToMatrixClientController';
 import ReloadOnChangeController from "./controllers/ReloadOnChangeController";
 import {RIGHT_PANEL_PHASES} from "../stores/RightPanelStorePhases";

@ -525,4 +528,12 @@ export const SETTINGS = {
        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS_WITH_CONFIG,
        default: true,
    },
+    "e2ee.manuallyVerifyAllSessions": {
+        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
+        displayName: _td("Manually verify all remote sessions"),
+        default: false,
+        controller: new PushToMatrixClientController(
+            MatrixClient.prototype.setCryptoTrustCrossSignedDevices, true,
+        ),
+    },
 };
--- a/src/settings/controllers/PushToMatrixClientController.js
+++ b/src/settings/controllers/PushToMatrixClientController.js
@ -0,0 +1,37 @@
+/*
+Copyright 2020 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { MatrixClientPeg } from '../../MatrixClientPeg';
+
+/**
+ * When the value changes, call a setter function on the matrix client with the new value
+ */
+export default class PushToMatrixClientController {
+    constructor(setter, inverse) {
+        this._setter = setter;
+        this._inverse = inverse;
+    }
+
+    getValueOverride(level, roomId, calculatedValue, calculatedAtLevel) {
+        return null; // no override
+    }
+
+    onChange(level, roomId, newValue) {
+        // XXX does this work? This surely isn't necessarily the effective value,
+        // but it's what NotificationsEnabledController does...
+        this._setter.call(MatrixClientPeg.get(), this._inverse ? !newValue : newValue);
+    }
+}