Use server name instead of homeserver url to allow well-known lookups during QR OIDC reciprocation (#4233)

* Use server name instead of homeserver url to allow well-known lookups during QR OIDC reciprocation Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Iterate Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2025-08-09 10:22:46 +03:00 · 2024-06-18 14:03:14 +01:00
parent 987ec1e62f
commit c55289ec65
8 changed files with 33 additions and 32 deletions
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
    ],
    "dependencies": {
        "@babel/runtime": "^7.12.5",
-        "@matrix-org/matrix-sdk-crypto-wasm": "^5.0.0",
+        "@matrix-org/matrix-sdk-crypto-wasm": "^6.0.0",
        "another-json": "^0.2.0",
        "bs58": "^5.0.0",
        "content-type": "^1.0.4",
--- a/spec/integ/rendezvous/MSC4108SignInWithQR.spec.ts
+++ b/spec/integ/rendezvous/MSC4108SignInWithQR.spec.ts
@@ -54,9 +54,7 @@ function makeMockClient(opts: { userId: string; deviceId: string; msc4108Enabled
            return opts.deviceId;
        },
        baseUrl,
-        getHomeserverUrl() {
-            return baseUrl;
-        },
+        getDomain: () => "example.com",
        getDevice: jest.fn(),
        getCrypto: jest.fn(() => crypto),
        getAuthIssuer: jest.fn().mockResolvedValue({ issuer: "https://issuer/" }),
@@ -157,19 +155,19 @@ describe("MSC4108SignInWithQR", () => {
            client = makeMockClient({ userId: "@alice:example.com", deviceId: "alice", msc4108Enabled: true });

            const ourChannel = new MSC4108SecureChannel(ourMockSession);
-            const qrCodeData = QrCodeData.from_bytes(
-                await ourChannel.generateCode(QrCodeMode.Reciprocate, client.getHomeserverUrl()),
+            const qrCodeData = QrCodeData.fromBytes(
+                await ourChannel.generateCode(QrCodeMode.Reciprocate, client.getDomain()!),
            );
-            const opponentChannel = new MSC4108SecureChannel(opponentMockSession, qrCodeData.public_key);
+            const opponentChannel = new MSC4108SecureChannel(opponentMockSession, qrCodeData.publicKey);

            ourLogin = new MSC4108SignInWithQR(ourChannel, true, client);
            opponentLogin = new MSC4108SignInWithQR(opponentChannel, false);
        });

-        it("should be able to connect with opponent and share homeserver url & check code", async () => {
+        it("should be able to connect with opponent and share server name & check code", async () => {
            await Promise.all([
                expect(ourLogin.negotiateProtocols()).resolves.toEqual({}),
-                expect(opponentLogin.negotiateProtocols()).resolves.toEqual({ homeserverBaseUrl: client.baseUrl }),
+                expect(opponentLogin.negotiateProtocols()).resolves.toEqual({ serverName: client.getDomain() }),
            ]);

            expect(ourLogin.checkCode).toBe(opponentLogin.checkCode);
--- a/spec/unit/rendezvous/channels/MSC4108SecureChannel.spec.ts
+++ b/spec/unit/rendezvous/channels/MSC4108SecureChannel.spec.ts
@@ -44,9 +44,9 @@ describe("MSC4108SecureChannel", () => {
        } as unknown as MSC4108RendezvousSession;
        const channel = new MSC4108SecureChannel(mockSession);

-        const qrCodeData = QrCodeData.from_bytes(await channel.generateCode(QrCodeMode.Reciprocate, baseUrl));
+        const qrCodeData = QrCodeData.fromBytes(await channel.generateCode(QrCodeMode.Reciprocate, baseUrl));
        const { initial_message: ciphertext } = new Ecies().establish_outbound_channel(
-            qrCodeData.public_key,
+            qrCodeData.publicKey,
            "MATRIX_QR_CODE_LOGIN_INITIATE",
        );
        mocked(mockSession.receive).mockResolvedValue(ciphertext);
@@ -65,9 +65,9 @@ describe("MSC4108SecureChannel", () => {
        mocked(mockSession.receive).mockResolvedValue("");
        await expect(channel.connect()).rejects.toThrow("No response from other device");

-        const qrCodeData = QrCodeData.from_bytes(await channel.generateCode(QrCodeMode.Reciprocate, baseUrl));
+        const qrCodeData = QrCodeData.fromBytes(await channel.generateCode(QrCodeMode.Reciprocate, baseUrl));
        const { initial_message: ciphertext } = new Ecies().establish_outbound_channel(
-            qrCodeData.public_key,
+            qrCodeData.publicKey,
            "NOT_REAL_MATRIX_QR_CODE_LOGIN_INITIATE",
        );

@@ -88,9 +88,9 @@ describe("MSC4108SecureChannel", () => {
            } as unknown as MSC4108RendezvousSession;
            channel = new MSC4108SecureChannel(mockSession);

-            const qrCodeData = QrCodeData.from_bytes(await channel.generateCode(QrCodeMode.Reciprocate, baseUrl));
+            const qrCodeData = QrCodeData.fromBytes(await channel.generateCode(QrCodeMode.Reciprocate, baseUrl));
            const { channel: _opponentChannel, initial_message: ciphertext } = new Ecies().establish_outbound_channel(
-                qrCodeData.public_key,
+                qrCodeData.publicKey,
                "MATRIX_QR_CODE_LOGIN_INITIATE",
            );
            opponentChannel = _opponentChannel;
--- a/src/@types/matrix-sdk-crypto-wasm.d.ts
+++ b/src/@types/matrix-sdk-crypto-wasm.d.ts
@@ -37,4 +37,8 @@ declare module "@matrix-org/matrix-sdk-crypto-wasm" {
            };
        }>;
    }
+
+    interface Device {
+        requestVerification(methods?: any[]): [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest];
+    }
 }
--- a/src/rendezvous/MSC4108SignInWithQR.ts
+++ b/src/rendezvous/MSC4108SignInWithQR.ts
@@ -145,7 +145,7 @@ export class MSC4108SignInWithQR {
        }

        if (this.ourIntent === QrCodeMode.Reciprocate && this.client) {
-            this._code = await this.channel.generateCode(this.ourIntent, this.client.getHomeserverUrl());
+            this._code = await this.channel.generateCode(this.ourIntent, this.client.getDomain()!);
        } else if (this.ourIntent === QrCodeMode.Login) {
            this._code = await this.channel.generateCode(this.ourIntent);
        }
@@ -171,7 +171,7 @@ export class MSC4108SignInWithQR {
     * The scanning device has to discover the homeserver details, if they scanned the code then they already have it.
     * If the new device is the one rendering the QR code then it has to wait be sent the homeserver details via the rendezvous channel.
     */
-    public async negotiateProtocols(): Promise<{ homeserverBaseUrl?: string }> {
+    public async negotiateProtocols(): Promise<{ serverName?: string }> {
        logger.info(`negotiateProtocols(isNewDevice=${this.isNewDevice} didScanCode=${this.didScanCode})`);
        await this.channel.connect();

@@ -194,7 +194,7 @@ export class MSC4108SignInWithQR {
                    await this.send<ProtocolsPayload>({
                        type: PayloadType.Protocols,
                        protocols: ["device_authorization_grant"],
-                        homeserver: this.client?.getHomeserverUrl() ?? "",
+                        homeserver: this.client!.getDomain()!,
                    });
                } else {
                    await this.send<FailurePayload>({
@@ -227,7 +227,7 @@ export class MSC4108SignInWithQR {
                );
            }

-            return { homeserverBaseUrl: payload.homeserver };
+            return { serverName: payload.homeserver };
        } else {
            // MSC4108-Flow: NewScanned - nothing to do
        }
--- a/src/rendezvous/channels/MSC4108SecureChannel.ts
+++ b/src/rendezvous/channels/MSC4108SecureChannel.ts
@@ -54,11 +54,11 @@ export class MSC4108SecureChannel {
    /**
     * Generate a QR code for the current session.
     * @param mode the mode to generate the QR code in, either `Login` or `Reciprocate`.
-     * @param homeserverBaseUrl the base URL of the homeserver to connect to, required for `Reciprocate` mode.
+     * @param serverName the name of the homeserver to connect to, as defined by server discovery in the spec, required for `Reciprocate` mode.
     */
    public async generateCode(mode: QrCodeMode.Login): Promise<Uint8Array>;
-    public async generateCode(mode: QrCodeMode.Reciprocate, homeserverBaseUrl: string): Promise<Uint8Array>;
-    public async generateCode(mode: QrCodeMode, homeserverBaseUrl?: string): Promise<Uint8Array> {
+    public async generateCode(mode: QrCodeMode.Reciprocate, serverName: string): Promise<Uint8Array>;
+    public async generateCode(mode: QrCodeMode, serverName?: string): Promise<Uint8Array> {
        const { url } = this.rendezvousSession;

        if (!url) {
@@ -68,8 +68,8 @@ export class MSC4108SecureChannel {
        return new QrCodeData(
            this.secureChannel.public_key(),
            url,
-            mode === QrCodeMode.Reciprocate ? homeserverBaseUrl : undefined,
-        ).to_bytes();
+            mode === QrCodeMode.Reciprocate ? serverName : undefined,
+        ).toBytes();
    }

    /**
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -1100,10 +1100,9 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
        }

        try {
-            const [request, outgoingRequest]: [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest] =
-                await device.requestVerification(
-                    this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
-                );
+            const [request, outgoingRequest] = device.requestVerification(
+                this._supportedVerificationMethods.map(verificationMethodIdentifierToMethod),
+            );
            await this.outgoingRequestProcessor.makeOutgoingRequest(outgoingRequest);
            return new RustVerificationRequest(
                this.olmMachine,
--- a/yarn.lock
+++ b/yarn.lock
@@ -1925,10 +1925,10 @@
    "@jridgewell/resolve-uri" "^3.1.0"
    "@jridgewell/sourcemap-codec" "^1.4.14"

-"@matrix-org/matrix-sdk-crypto-wasm@^5.0.0":
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/@matrix-org/matrix-sdk-crypto-wasm/-/matrix-sdk-crypto-wasm-5.0.0.tgz#f45a7bccaad218c05bcf9e7c8ca783c9d9a07af4"
-  integrity sha512-37ASjCKSTU5ycGfkP+LUXG4Ok6OAf6vE+1qU6uwWhe6FwadCS3vVWzJYd/3d9BQFwsx4GhFTIAXrW4iLG85rmQ==
+"@matrix-org/matrix-sdk-crypto-wasm@^6.0.0":
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/@matrix-org/matrix-sdk-crypto-wasm/-/matrix-sdk-crypto-wasm-6.0.0.tgz#5e62ff07ee85a2e1b766a116683b7715a5e70c03"
+  integrity sha512-VVXfkIX2qr5Lz8EEUqsv/RBs0hZYoD1TyvtnaaNHW+2WaBo+TXu6Kpz2cQBNvRQbR3GhxDa/ZyQUxZYotORLWg==

 "@matrix-org/olm@3.2.15":
  version "3.2.15"