Add API to withdraw verification requirement CryptoAPI.withdrawVerificationRequirement (#4646)

* API to withdraw verification `CryptoAPi.withdrawVerificationRequirement` * review: use set up function instead of beforeEach
2025-11-23 17:02:25 +03:00 · 2025-01-28 11:41:37 +01:00
parent 7d8cbd6ef0
commit a2fd06bdf9
4 changed files with 81 additions and 0 deletions
--- a/spec/unit/rust-crypto/rust-crypto.spec.ts
+++ b/spec/unit/rust-crypto/rust-crypto.spec.ts
@@ -1582,6 +1582,57 @@ describe("RustCrypto", () => {
        });
    });

+    describe("withdraw verification", () => {
+        function createTestSetup(): { olmMachine: Mocked<RustSdkCryptoJs.OlmMachine>; rustCrypto: RustCrypto } {
+            const olmMachine = {
+                getIdentity: jest.fn(),
+            } as unknown as Mocked<RustSdkCryptoJs.OlmMachine>;
+            const rustCrypto = new RustCrypto(
+                logger,
+                olmMachine,
+                {} as MatrixClient["http"],
+                TEST_USER,
+                TEST_DEVICE_ID,
+                {} as ServerSideSecretStorage,
+                {} as CryptoCallbacks,
+            );
+            return { olmMachine, rustCrypto };
+        }
+
+        it("throws an error for an unknown user", async () => {
+            const { rustCrypto } = createTestSetup();
+            await expect(rustCrypto.withdrawVerificationRequirement("@alice:example.com")).rejects.toThrow(
+                "Cannot withdraw verification of unknown user",
+            );
+        });
+
+        it("Calls withdraw for other identity", async () => {
+            const { olmMachine, rustCrypto } = createTestSetup();
+            const identity = {
+                withdrawVerification: jest.fn(),
+            } as unknown as Mocked<RustSdkCryptoJs.OtherUserIdentity>;
+
+            olmMachine.getIdentity.mockResolvedValue(identity);
+
+            await rustCrypto.withdrawVerificationRequirement("@bob:example.com");
+
+            expect(identity.withdrawVerification).toHaveBeenCalled();
+        });
+
+        it("Calls withdraw for own identity", async () => {
+            const { olmMachine, rustCrypto } = createTestSetup();
+            const ownIdentity = {
+                withdrawVerification: jest.fn(),
+            } as unknown as Mocked<RustSdkCryptoJs.OwnUserIdentity>;
+
+            olmMachine.getIdentity.mockResolvedValue(ownIdentity);
+
+            await rustCrypto.withdrawVerificationRequirement("@alice:example.com");
+
+            expect(ownIdentity.withdrawVerification).toHaveBeenCalled();
+        });
+    });
+
    describe("key backup", () => {
        it("is started when rust crypto is created", async () => {
            // `RustCrypto.checkKeyBackupAndEnable` async call is made in background in the RustCrypto constructor.
--- a/src/crypto-api/index.ts
+++ b/src/crypto-api/index.ts
@@ -221,6 +221,15 @@ export interface CryptoApi {
     */
    pinCurrentUserIdentity(userId: string): Promise<void>;

+    /**
+     * Remove the requirement for this identity to be verified, and pin it.
+     *
+     * This is useful if the user was previously verified but is not anymore
+     * ({@link UserVerificationStatus.wasCrossSigningVerified}) and it is not possible to verify him again now.
+     *
+     */
+    withdrawVerificationRequirement(userId: string): Promise<void>;
+
    /**
     * Get the verification status of a given device.
     *
--- a/src/crypto/index.ts
+++ b/src/crypto/index.ts
@@ -1576,6 +1576,13 @@ export class Crypto extends TypedEventEmitter<CryptoEvent, CryptoEventHandlerMap
        throw new Error("not implemented");
    }

+    /**
+     * Implementation of {@link Crypto.CryptoApi.withdrawVerificationRequirement}.
+     */
+    public async withdrawVerificationRequirement(userId: string): Promise<void> {
+        throw new Error("not implemented");
+    }
+
    /**
     * Check whether a given device is trusted.
     *
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -699,6 +699,20 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
        await userIdentity.pinCurrentMasterKey();
    }

+    /**
+     * Implementation of {@link CryptoApi#withdrawVerificationRequirement}.
+     */
+    public async withdrawVerificationRequirement(userId: string): Promise<void> {
+        const userIdentity: RustSdkCryptoJs.OtherUserIdentity | RustSdkCryptoJs.OwnUserIdentity | undefined =
+            await this.getOlmMachineOrThrow().getIdentity(new RustSdkCryptoJs.UserId(userId));
+
+        if (userIdentity === undefined) {
+            throw new Error("Cannot withdraw verification of unknown user");
+        }
+
+        await userIdentity.withdrawVerification();
+    }
+
    /**
     * Implementation of {@link CryptoApi#isCrossSigningReady}
     */