From f79b777dd4a6839df6d904fe0e8c9aef5bf2e044 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 7 Feb 2019 14:39:47 +0000 Subject: [PATCH] Trust on decrypt Add support for trust-on-decrypt (API change, recognise flag on isKeyBackupTrusted). Catch rejection on wrong passphrase / recovery key. Fix remembering whether we are restoring with key or passphrase. Requires https://github.com/matrix-org/matrix-js-sdk/pull/836 --- .../keybackup/RestoreKeyBackupDialog.js | 51 +++++++++---------- .../views/settings/KeyBackupPanel.js | 10 +++- src/i18n/strings/en_EN.json | 8 +-- 3 files changed, 38 insertions(+), 31 deletions(-) diff --git a/src/components/views/dialogs/keybackup/RestoreKeyBackupDialog.js b/src/components/views/dialogs/keybackup/RestoreKeyBackupDialog.js index e5b82baa92..9393f8f526 100644 --- a/src/components/views/dialogs/keybackup/RestoreKeyBackupDialog.js +++ b/src/components/views/dialogs/keybackup/RestoreKeyBackupDialog.js @@ -88,7 +88,7 @@ export default React.createClass({ }); try { const recoverInfo = await MatrixClientPeg.get().restoreKeyBackupWithPassword( - this.state.passPhrase, undefined, undefined, this.state.backupInfo.version, + this.state.passPhrase, undefined, undefined, this.state.backupInfo, ); this.setState({ loading: false, @@ -107,11 +107,11 @@ export default React.createClass({ this.setState({ loading: true, restoreError: null, - restoreType: RESTORE_TYPE_PASSPHRASE, + restoreType: RESTORE_TYPE_RECOVERYKEY, }); try { const recoverInfo = await MatrixClientPeg.get().restoreKeyBackupWithRecoveryKey( - this.state.recoveryKey, undefined, undefined, this.state.backupInfo.version, + this.state.recoveryKey, undefined, undefined, this.state.backupInfo, ); this.setState({ loading: false, @@ -185,32 +185,31 @@ export default React.createClass({ title = _t("Error"); content = _t("Unable to load backup status"); } else if (this.state.restoreError) { - title = _t("Error"); - content = _t("Unable to restore backup"); + if (this.state.restoreError.errcode === MatrixClientPeg.get().RESTORE_BACKUP_ERROR_BAD_KEY) { + if (this.state.restoreType === RESTORE_TYPE_RECOVERYKEY) { + title = _t("Recovery Key Mismatch"); + content =
+

{_t( + "Backup could not be decrypted with this key: " + + "please verify that you entered the correct recovery key.", + )}

+
; + } else { + title = _t("Incorrect Recovery Passphrase"); + content =
+

{_t( + "Backup could not be decrypted with this passphrase: " + + "please verify that you entered the correct recovery passphrase.", + )}

+
; + } + } else { + title = _t("Error"); + content = _t("Unable to restore backup"); + } } else if (this.state.backupInfo === null) { title = _t("Error"); content = _t("No backup found!"); - } else if ( - this.state.recoverInfo && - this.state.recoverInfo.imported === 0 && - this.state.recoverInfo.total > 0 - ) { - title = _t("Error Restoring Backup"); - if (this.state.restoreType === RESTORE_TYPE_RECOVERYKEY) { - content =
-

{_t( - "Backup could not be decrypted with this key: " + - "please verify that you entered the correct recovery key.", - )}

-
; - } else { - content =
-

{_t( - "Backup could not be decrypted with this passphrase: " + - "please verify that you entered the correct recovery passphrase.", - )}

-
; - } } else if (this.state.recoverInfo) { title = _t("Backup Restored"); let failedToDecrypt; diff --git a/src/components/views/settings/KeyBackupPanel.js b/src/components/views/settings/KeyBackupPanel.js index 15856a75f3..f6369c0ade 100644 --- a/src/components/views/settings/KeyBackupPanel.js +++ b/src/components/views/settings/KeyBackupPanel.js @@ -250,13 +250,19 @@ export default class KeyBackupPanel extends React.PureComponent { backupSigStatuses = _t("Backup is not signed by any of your devices"); } + let trustedLocally; + if (this.state.backupSigStatus.trusted_locally) { + trustedLocally = _t("This backup is trusted because it has been restored on this device"); + } + return
{_t("Backup version: ")}{this.state.backupInfo.version}
{_t("Algorithm: ")}{this.state.backupInfo.algorithm}
{clientBackupStatus}
{uploadStatus} -
{backupSigStatuses}

-
+
{backupSigStatuses}
+
{trustedLocally}
+

{ _t("Restore backup") }     diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json index b586d2f8f7..c181d40148 100644 --- a/src/i18n/strings/en_EN.json +++ b/src/i18n/strings/en_EN.json @@ -385,6 +385,7 @@ "Backup has an invalid signature from unverified device ": "Backup has an invalid signature from unverified device ", "Verify...": "Verify...", "Backup is not signed by any of your devices": "Backup is not signed by any of your devices", + "This backup is trusted because it has been restored on this device": "This backup is trusted because it has been restored on this device", "Backup version: ": "Backup version: ", "Algorithm: ": "Algorithm: ", "Restore backup": "Restore backup", @@ -1095,11 +1096,12 @@ "\"%(RoomName)s\" contains devices that you haven't seen before.": "\"%(RoomName)s\" contains devices that you haven't seen before.", "Unknown devices": "Unknown devices", "Unable to load backup status": "Unable to load backup status", + "Recovery Key Mismatch": "Recovery Key Mismatch", + "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.": "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.", + "Incorrect Recovery Passphrase": "Incorrect Recovery Passphrase", + "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.": "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.", "Unable to restore backup": "Unable to restore backup", "No backup found!": "No backup found!", - "Error Restoring Backup": "Error Restoring Backup", - "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.": "Backup could not be decrypted with this key: please verify that you entered the correct recovery key.", - "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.": "Backup could not be decrypted with this passphrase: please verify that you entered the correct recovery passphrase.", "Backup Restored": "Backup Restored", "Failed to decrypt %(failedCount)s sessions!": "Failed to decrypt %(failedCount)s sessions!", "Restored %(sessionCount)s session keys": "Restored %(sessionCount)s session keys",