Merge pull request #4277 from matrix-org/dbkr/trust_cross_signing_flag

Add a flag to control whether cross-signing signatures are trusted
pull/21833/head
David Baker 2020-03-26 12:19:14 +00:00 committed by GitHub
commit 6d90307ff7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 123 additions and 0 deletions

View File

@ -186,6 +186,7 @@
@import "./views/settings/_AvatarSetting.scss"; @import "./views/settings/_AvatarSetting.scss";
@import "./views/settings/_CrossSigningPanel.scss"; @import "./views/settings/_CrossSigningPanel.scss";
@import "./views/settings/_DevicesPanel.scss"; @import "./views/settings/_DevicesPanel.scss";
@import "./views/settings/_E2eAdvancedPanel.scss";
@import "./views/settings/_EmailAddresses.scss"; @import "./views/settings/_EmailAddresses.scss";
@import "./views/settings/_IntegrationManager.scss"; @import "./views/settings/_IntegrationManager.scss";
@import "./views/settings/_KeyBackupPanel.scss"; @import "./views/settings/_KeyBackupPanel.scss";

View File

@ -0,0 +1,20 @@
/*
Copyright 2020 The Matrix.org Foundation C.I.C.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
.mx_E2eAdvancedPanel_settingLongDescription {
margin-right: 150px;
}

View File

@ -148,6 +148,9 @@ class _MatrixClientPeg {
// check that we have a version of the js-sdk which includes initCrypto // check that we have a version of the js-sdk which includes initCrypto
if (!SettingsStore.getValue("lowBandwidth") && this.matrixClient.initCrypto) { if (!SettingsStore.getValue("lowBandwidth") && this.matrixClient.initCrypto) {
await this.matrixClient.initCrypto(); await this.matrixClient.initCrypto();
this.matrixClient.setCryptoTrustCrossSignedDevices(
!SettingsStore.getValue('e2ee.manuallyVerifyAllSessions'),
);
StorageManager.setCryptoInitialised(true); StorageManager.setCryptoInitialised(true);
} }
} catch (e) { } catch (e) {

View File

@ -65,6 +65,7 @@ export default createReactClass({
}); });
if (isRoomEncrypted) { if (isRoomEncrypted) {
cli.on("userTrustStatusChanged", this.onUserTrustStatusChanged); cli.on("userTrustStatusChanged", this.onUserTrustStatusChanged);
cli.on("deviceVerificationChanged", this.onDeviceVerificationChanged);
this.updateE2EStatus(); this.updateE2EStatus();
} else { } else {
// Listen for room to become encrypted // Listen for room to become encrypted
@ -88,6 +89,7 @@ export default createReactClass({
if (cli) { if (cli) {
cli.removeListener("RoomState.events", this.onRoomStateEvents); cli.removeListener("RoomState.events", this.onRoomStateEvents);
cli.removeListener("userTrustStatusChanged", this.onUserTrustStatusChanged); cli.removeListener("userTrustStatusChanged", this.onUserTrustStatusChanged);
cli.removeListener("deviceVerificationChanged", this.onDeviceVerificationChanged);
} }
}, },
@ -110,6 +112,11 @@ export default createReactClass({
this.updateE2EStatus(); this.updateE2EStatus();
}, },
onDeviceVerificationChanged: function(userId, deviceId, deviceInfo) {
if (userId !== this.props.member.userId) return;
this.updateE2EStatus();
},
updateE2EStatus: async function() { updateE2EStatus: async function() {
const cli = MatrixClientPeg.get(); const cli = MatrixClientPeg.get();
const { userId } = this.props.member; const { userId } = this.props.member;

View File

@ -0,0 +1,39 @@
/*
Copyright 2020 The Matrix.org Foundation C.I.C.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import React from 'react';
import * as sdk from '../../../index';
import {_t} from "../../../languageHandler";
import {SettingLevel} from "../../../settings/SettingsStore";
const SETTING_MANUALLY_VERIFY_ALL_SESSIONS = "e2ee.manuallyVerifyAllSessions";
const E2eAdvancedPanel = props => {
const SettingsFlag = sdk.getComponent('views.elements.SettingsFlag');
return <div className="mx_SettingsTab_section">
<span className="mx_SettingsTab_subheading">{_t("Advanced")}</span>
<SettingsFlag name={SETTING_MANUALLY_VERIFY_ALL_SESSIONS}
level={SettingLevel.DEVICE}
/>
<div className="mx_E2eAdvancedPanel_settingLongDescription">{_t(
"Individually verify each session used by a user to mark it as trusted, not trusting cross-signed devices.",
)}</div>
</div>;
};
export default E2eAdvancedPanel;

View File

@ -281,6 +281,8 @@ export default class SecurityUserSettingsTab extends React.Component {
); );
} }
const E2eAdvancedPanel = sdk.getComponent('views.settings.E2eAdvancedPanel');
return ( return (
<div className="mx_SettingsTab mx_SecurityUserSettingsTab"> <div className="mx_SettingsTab mx_SecurityUserSettingsTab">
<div className="mx_SettingsTab_heading">{_t("Security & Privacy")}</div> <div className="mx_SettingsTab_heading">{_t("Security & Privacy")}</div>
@ -311,6 +313,7 @@ export default class SecurityUserSettingsTab extends React.Component {
</div> </div>
{this._renderIgnoredUsers()} {this._renderIgnoredUsers()}
{this._renderManageInvites()} {this._renderManageInvites()}
<E2eAdvancedPanel />
</div> </div>
); );
} }

View File

@ -432,6 +432,7 @@
"Enable message search in encrypted rooms": "Enable message search in encrypted rooms", "Enable message search in encrypted rooms": "Enable message search in encrypted rooms",
"Keep secret storage passphrase in memory for this session": "Keep secret storage passphrase in memory for this session", "Keep secret storage passphrase in memory for this session": "Keep secret storage passphrase in memory for this session",
"How fast should messages be downloaded.": "How fast should messages be downloaded.", "How fast should messages be downloaded.": "How fast should messages be downloaded.",
"Manually verify all remote sessions": "Manually verify all remote sessions",
"Collecting app version information": "Collecting app version information", "Collecting app version information": "Collecting app version information",
"Collecting logs": "Collecting logs", "Collecting logs": "Collecting logs",
"Uploading report": "Uploading report", "Uploading report": "Uploading report",
@ -603,6 +604,7 @@
"Public Name": "Public Name", "Public Name": "Public Name",
"Last seen": "Last seen", "Last seen": "Last seen",
"Failed to set display name": "Failed to set display name", "Failed to set display name": "Failed to set display name",
"Individually verify each session used by a user to mark it as trusted, not trusting cross-signed devices.": "Individually verify each session used by a user to mark it as trusted, not trusting cross-signed devices.",
"Disable Notifications": "Disable Notifications", "Disable Notifications": "Disable Notifications",
"Enable Notifications": "Enable Notifications", "Enable Notifications": "Enable Notifications",
"Securely cache encrypted messages locally for them to appear in search results, using ": "Securely cache encrypted messages locally for them to appear in search results, using ", "Securely cache encrypted messages locally for them to appear in search results, using ": "Securely cache encrypted messages locally for them to appear in search results, using ",

View File

@ -16,6 +16,8 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
import {MatrixClient} from 'matrix-js-sdk';
import {_td} from '../languageHandler'; import {_td} from '../languageHandler';
import { import {
AudioNotificationsEnabledController, AudioNotificationsEnabledController,
@ -24,6 +26,7 @@ import {
} from "./controllers/NotificationControllers"; } from "./controllers/NotificationControllers";
import CustomStatusController from "./controllers/CustomStatusController"; import CustomStatusController from "./controllers/CustomStatusController";
import ThemeController from './controllers/ThemeController'; import ThemeController from './controllers/ThemeController';
import PushToMatrixClientController from './controllers/PushToMatrixClientController';
import ReloadOnChangeController from "./controllers/ReloadOnChangeController"; import ReloadOnChangeController from "./controllers/ReloadOnChangeController";
import {RIGHT_PANEL_PHASES} from "../stores/RightPanelStorePhases"; import {RIGHT_PANEL_PHASES} from "../stores/RightPanelStorePhases";
@ -525,4 +528,12 @@ export const SETTINGS = {
supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS_WITH_CONFIG, supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS_WITH_CONFIG,
default: true, default: true,
}, },
"e2ee.manuallyVerifyAllSessions": {
supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
displayName: _td("Manually verify all remote sessions"),
default: false,
controller: new PushToMatrixClientController(
MatrixClient.prototype.setCryptoTrustCrossSignedDevices, true,
),
},
}; };

View File

@ -0,0 +1,37 @@
/*
Copyright 2020 The Matrix.org Foundation C.I.C.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import { MatrixClientPeg } from '../../MatrixClientPeg';
/**
* When the value changes, call a setter function on the matrix client with the new value
*/
export default class PushToMatrixClientController {
constructor(setter, inverse) {
this._setter = setter;
this._inverse = inverse;
}
getValueOverride(level, roomId, calculatedValue, calculatedAtLevel) {
return null; // no override
}
onChange(level, roomId, newValue) {
// XXX does this work? This surely isn't necessarily the effective value,
// but it's what NotificationsEnabledController does...
this._setter.call(MatrixClientPeg.get(), this._inverse ? !newValue : newValue);
}
}