Time out verification attempts after 10 minutes of inactivity

Fixes https://github.com/vector-im/riot-web/issues/10117
2025-12-02 17:02:31 +03:00 · 2019-06-19 14:15:58 -06:00
parent 81eefc1377
commit 05ab6ef3ab
1 changed files with 24 additions and 1 deletions
--- a/src/crypto/verification/Base.js
+++ b/src/crypto/verification/Base.js
@@ -22,6 +22,9 @@ limitations under the License.
 import {MatrixEvent} from '../../models/event';
 import {EventEmitter} from 'events';
 import logger from '../../logger';
+import {newTimeoutError} from "./Error";
+
+const timeoutException = new Error("Verification timed out");

 export default class VerificationBase extends EventEmitter {
    /**
@@ -63,6 +66,21 @@ export default class VerificationBase extends EventEmitter {
        this._parent = parent;
        this._done = false;
        this._promise = null;
+        this._transactionTimeoutTimer = null;
+
+        // At this point, the verification request was received so start the timeout timer.
+        this._pingTransaction();
+    }
+
+    _pingTransaction() {
+        console.log("Refreshing/starting the verification transaction timeout timer");
+        clearTimeout(this._transactionTimeoutTimer);
+        setTimeout(() => {
+           if (!this._done) {
+               console.log("Triggering verification timeout");
+               this.cancel(timeoutException);
+           }
+        }, 10 * 60 * 1000); // 10 minutes
    }

    _sendToDevice(type, content) {
@@ -92,6 +110,7 @@ export default class VerificationBase extends EventEmitter {
        } else if (e.getType() === this._expectedEvent) {
            this._expectedEvent = undefined;
            this._rejectEvent = undefined;
+            this._pingTransaction();
            this._resolveEvent(e);
        } else {
            this._expectedEvent = undefined;
@@ -119,7 +138,10 @@ export default class VerificationBase extends EventEmitter {
            if (this.userId && this.deviceId && this.transactionId) {
                // send a cancellation to the other user (if it wasn't
                // cancelled by the other user)
-                if (e instanceof MatrixEvent) {
+                if (e === timeoutException) {
+                    const timeoutEvent = newTimeoutError();
+                    this._sendToDevice(timeoutEvent.getType(), timeoutEvent.getContent());
+                } else if (e instanceof MatrixEvent) {
                    const sender = e.getSender();
                    if (sender !== this.userId) {
                        const content = e.getContent();
@@ -177,6 +199,7 @@ export default class VerificationBase extends EventEmitter {
        });
        if (this._doVerification && !this._started) {
            this._started = true;
+            this._pingTransaction(); // restart the timeout
            Promise.resolve(this._doVerification())
                .then(this.done.bind(this), this.cancel.bind(this));
        }