matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-11-28 05:03:59 +03:00
Code Activity

Fix verification flow

Browse Source
This commit is contained in:
Travis Ralston
2020-01-29 14:43:37 +00:00
parent 76402ec8d7
commit be345a523f
2 changed files with 14 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
src/crypto/verification/QRCode.js
View File

@@ -23,7 +23,7 @@ limitations under the License.
import {VerificationBase as Base} from "./Base"; import {VerificationBase as Base} from "./Base";
import { import {
errorFactory, errorFactory,
newKeyMismatchError, newKeyMismatchError, newUnknownTransactionError,
newUserCancelledError, newUserCancelledError,
newUserMismatchError, newUserMismatchError,
} from './Error'; } from './Error';
@@ -50,15 +50,15 @@ export class ReciprocateQRCode extends Base {
} }
async _doVerification() { async _doVerification() {
const code = await new Promise((resolve, reject) => { if (!this.startEvent) {
this.emit("scan", { // TODO: Support scanning QR codes
done: resolve, throw new Error("It is not currently possible to start verification" +
cancel: () => reject(newUserCancelledError()), "with this method yet.");
}); }
});
const {secret, otherUserKey, keys, targetUserId} = ReciprocateQRCode.splitUrl(code);
const targetUserId = this.startEvent.getSender();
if (!this.userId) { if (!this.userId) {
console.log("Asking to confirm user ID");
await new Promise((resolve, reject) => { await new Promise((resolve, reject) => {
this.emit("confirm_user_id", { this.emit("confirm_user_id", {
userId: targetUserId, userId: targetUserId,
@@ -66,65 +66,19 @@ export class ReciprocateQRCode extends Base {
cancel: () => reject(newUserMismatchError()), cancel: () => reject(newUserMismatchError()),
}); });
}); });
} else if (this.userId !== userId) { } else if (targetUserId !== this.userId) {
throw newUserMismatchError({ throw newUserMismatchError({
expected: this.userId, expected: this.userId,
actual: targetUserId, actual: targetUserId,
}); });
} }
const crossSigningInfo = this._baseApis.getStoredCrossSigningInfo(targetUserId); console.log(this.request);
if (!crossSigningInfo) throw new Error("Missing cross signing info for user"); // this shouldn't happen by now if (this.startEvent.getContent()['secret'] !== this.request.encodedSharedSecret) {
if (crossSigningInfo.getId("master") !== otherUserKey) {
throw newKeyMismatchError(); throw newKeyMismatchError();
} }
if (secret !== this.request.encodedSharedSecret) { const requestEvent = this.request.requestEvent;
throw newQRCodeError(); if (!requestEvent) throw new Error("Missing request event, somehow");
}
// Verify our own keys that were sent in this code too
await this._verifyKeys(this._baseApis.getUserId(), keys, (keyId, device, key) => {
if (device.keys[keyId] !== key) {
throw newKeyMismatchError();
}
});
await this._verifyKeys(targetUserId, [otherUserKey, otherUserKey], (keyId, device, key) => {
if (device.keys[keyId] !== key) {
throw newKeyMismatchError();
}
});
}
static splitUrl(code) {
const match = code.match(MATRIXTO_REGEXP);
const keys = {};
if (!match) {
throw newQRCodeError();
}
const targetUserId = match[1];
const params = match[2].split("&").map(
(x) => x.split("=", 2).map(decodeURIComponent),
);
let action;
let otherUserKey;
let secret;
for (const [name, value] of params) {
if (name === "action") {
action = value;
} else if (name.startsWith("key_")) {
keys[name.substring("key_".length)] = value;
} else if (name === "other_user_key") {
otherUserKey = value;
} else if (name === "secret") {
secret = value;
}
}
if (!secret || !otherUserKey || action !== "verify" || Object.keys(keys).length === 0) {
throw newQRCodeError();
}
return {action, secret, otherUserKey, keys, targetUserId};
} }
} }

1
src/crypto/verification/request/VerificationRequest.js
View File

@@ -651,6 +651,7 @@ export class VerificationRequest extends EventEmitter {
userId, userId,
deviceId, deviceId,
startedByMe ? null : startEvent, startedByMe ? null : startEvent,
this,
); );
} }