* test persistCredentials without a pickle key
* test setLoggedIn with pickle key
* lint
* type error
* extract token persisting code into function, persist refresh token
* store has_refresh_token too
* pass refreshToken from oidcAuthGrant into credentials
* rest restore session with pickle key
* retreive stored refresh token and add to credentials
* extract token decryption into function
* remove TODO
* very messy poc
* utils to persist clientId and issuer after oidc authentication
* add dep oidc-client-ts
* persist issuer and clientId after successful oidc auth
* add OidcClientStore
* comments and tidy
* expose getters for stored refresh and access tokens in Lifecycle
* revoke tokens with oidc provider
* test logout action in MatrixChat
* comments
* prettier
* test OidcClientStore.revokeTokens
* put pickle key destruction back
* comment pedantry
* working refresh without persistence
* extract token persistence functions to utils
* add sugar
* implement TokenRefresher class with persistence
* tidying
* persist idTokenClaims
* persist idTokenClaims
* tests
* remove unused cde
* create token refresher during doSetLoggedIn
* tidying
* also tidying
* OidcClientStore.initClient use stored issuer when client well known unavailable
* test Lifecycle.logout
* update Lifecycle test replaceUsingCreds calls
* fix test
* tidy
* test tokenrefresher creation in login flow
* test token refresher
* Update src/utils/oidc/TokenRefresher.ts
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* use literal value for m.authentication
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* improve comments
* fix test mock, comment
* typo
* add sdkContext to SoftLogout, pass oidcClientStore to logout
* fullstops
* comments
* fussy comment formatting
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix incompatibility of Soft Logout with Element-R
This `countSessionsNeedingBackup` isn't available in Element-R, and I don't
really understand the logic behind changing the message when we have sessions
that are awaiting backup. Let's just rip it out.
* i18n
* update snapshot
* Fully move auth types to js-sdk
The SSO buttons were the only consumer of these types, so let's just move them. They've been in the js-sdk for a while now, and webpack is screaming about missing exports (because they're all interfaces and types, which don't exist after transpiling).
* Fix the other cases too
* Spike AXE A11Y testing in Cypress
* Fix NewRoomIntro breaking html/aria list rules
* Fix HeaderButtons breaking aria role semantics rules
* missing type
* Switch left panel from aside to nav and include space panel
* Give the page a main heading of the room name when viewing a room
* Use header landmark on RoomHeader
* Improve aria attributes on composer when autocomplete is closed
* Fix aria-owns on RoomHeader
* Give Spinner an aria role
* Give server picker help button an aria label
* Improve auth aria attributes and semantics
* Improve heading semantics in use case selection screen
* Fix autocomplete attribute to be valid
* Fix heading semantics on login page
* Improve Cypress axe testing
* Add axe tests
* Stop synapse after the timeline tests
* Await spinners to fade before percy snapshotting timeline tests
* Improve naming of plugin
* Update snapshots
* Fix accidental heading change
* Fix double synapse stoppage
* Fix Cypress timeline avatar assertions to be DPI agnostic
* Fix aria attributes on date separators
* delint
* Update snapshots
* Revert style change
* Skip redundant call
* Remove all mentions of Piwik
* Kill off all consumer of the old Piwik Analytics module
* Simplify ModalManager interface
* i18n
* Attempt to fix old e2e tests
* Remove unused component
* Iterate PR
* Code style: Modernize
* Make Soft Logout page support Social Sign On
Fixes https://github.com/vector-im/element-web/issues/21099
This commit does a few things:
* Moves rendering of the flows to functions
* Adds a new login view enum for Password + SSO (mirroring logic from registration)
* Makes an absolute mess of the resulting diff
* Lint & i18n
* Remove spurious typing
MSC: https://github.com/matrix-org/matrix-doc/pull/2918
Fixes https://github.com/vector-im/element-web/issues/18698
Fixes https://github.com/vector-im/element-web/issues/20648
**Requires https://github.com/matrix-org/matrix-js-sdk/pull/2178**
**Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date).
----
This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens.
If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again.
This additionally contains a change to fix soft logout not working, per the issue links above.
Of interest may be the IPC approach which was ultimately declined in favour of this change instead: https://github.com/matrix-org/matrix-react-sdk/pull/7803
This migrates one bucket of files using some amount of Flow typing to mark them
as TypeScript instead. The remaining type errors are fixed in subsequent
commits.
renovate[bot]