Add API to withdraw verification requirement CryptoAPI.withdrawVerificationRequirement (#4646)

* API to withdraw verification `CryptoAPi.withdrawVerificationRequirement`

* review: use set up function instead of beforeEach

spec/unit/rust-crypto/rust-crypto.spec.ts

@@ -1582,6 +1582,57 @@ describe("RustCrypto", () => {
         });
     });
 
+    describe("withdraw verification", () => {
+        function createTestSetup(): { olmMachine: Mocked<RustSdkCryptoJs.OlmMachine>; rustCrypto: RustCrypto } {
+            const olmMachine = {
+                getIdentity: jest.fn(),
+            } as unknown as Mocked<RustSdkCryptoJs.OlmMachine>;
+            const rustCrypto = new RustCrypto(
+                logger,
+                olmMachine,
+                {} as MatrixClient["http"],
+                TEST_USER,
+                TEST_DEVICE_ID,
+                {} as ServerSideSecretStorage,
+                {} as CryptoCallbacks,
+            );
+            return { olmMachine, rustCrypto };
+        }
+
+        it("throws an error for an unknown user", async () => {
+            const { rustCrypto } = createTestSetup();
+            await expect(rustCrypto.withdrawVerificationRequirement("@alice:example.com")).rejects.toThrow(
+                "Cannot withdraw verification of unknown user",
+            );
+        });
+
+        it("Calls withdraw for other identity", async () => {
+            const { olmMachine, rustCrypto } = createTestSetup();
+            const identity = {
+                withdrawVerification: jest.fn(),
+            } as unknown as Mocked<RustSdkCryptoJs.OtherUserIdentity>;
+
+            olmMachine.getIdentity.mockResolvedValue(identity);
+
+            await rustCrypto.withdrawVerificationRequirement("@bob:example.com");
+
+            expect(identity.withdrawVerification).toHaveBeenCalled();
+        });
+
+        it("Calls withdraw for own identity", async () => {
+            const { olmMachine, rustCrypto } = createTestSetup();
+            const ownIdentity = {
+                withdrawVerification: jest.fn(),
+            } as unknown as Mocked<RustSdkCryptoJs.OwnUserIdentity>;
+
+            olmMachine.getIdentity.mockResolvedValue(ownIdentity);
+
+            await rustCrypto.withdrawVerificationRequirement("@alice:example.com");
+
+            expect(ownIdentity.withdrawVerification).toHaveBeenCalled();
+        });
+    });
+
     describe("key backup", () => {
         it("is started when rust crypto is created", async () => {
             // `RustCrypto.checkKeyBackupAndEnable` async call is made in background in the RustCrypto constructor.

src/crypto-api/index.ts

@@ -221,6 +221,15 @@ export interface CryptoApi {
      */
     pinCurrentUserIdentity(userId: string): Promise<void>;
 
+    /**
+     * Remove the requirement for this identity to be verified, and pin it.
+     *
+     * This is useful if the user was previously verified but is not anymore
+     * ({@link UserVerificationStatus.wasCrossSigningVerified}) and it is not possible to verify him again now.
+     *
+     */
+    withdrawVerificationRequirement(userId: string): Promise<void>;
+
     /**
      * Get the verification status of a given device.
      *

src/crypto/index.ts

@@ -1576,6 +1576,13 @@ export class Crypto extends TypedEventEmitter<CryptoEvent, CryptoEventHandlerMap
         throw new Error("not implemented");
     }
 
+    /**
+     * Implementation of {@link Crypto.CryptoApi.withdrawVerificationRequirement}.
+     */
+    public async withdrawVerificationRequirement(userId: string): Promise<void> {
+        throw new Error("not implemented");
+    }
+
     /**
      * Check whether a given device is trusted.
      *

src/rust-crypto/rust-crypto.ts

@@ -699,6 +699,20 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
         await userIdentity.pinCurrentMasterKey();
     }
 
+    /**
+     * Implementation of {@link CryptoApi#withdrawVerificationRequirement}.
+     */
+    public async withdrawVerificationRequirement(userId: string): Promise<void> {
+        const userIdentity: RustSdkCryptoJs.OtherUserIdentity | RustSdkCryptoJs.OwnUserIdentity | undefined =
+            await this.getOlmMachineOrThrow().getIdentity(new RustSdkCryptoJs.UserId(userId));
+
+        if (userIdentity === undefined) {
+            throw new Error("Cannot withdraw verification of unknown user");
+        }
+
+        await userIdentity.withdrawVerification();
+    }
+
     /**
      * Implementation of {@link CryptoApi#isCrossSigningReady}
      */