use adapter for to_device requests to have same api as for verif over DM

Riot doesn't fully implement to_device verifications, e.g.
it doesn't send a `request` but immediately sends a `start` event.

Because of this, `crypto.verification.request` doesn't get fired,
as that code path doesn't get triggered. This is why MatrixChat
in the react-sdk was listening for `crypto.verification.start`.

Verification over DM *does* send a `request` event first, so
to have the same API for both methods, we fake the request and
wrap the verifier in it.

src/client.js

@@ -5201,6 +5201,8 @@ module.exports.CRYPTO_ENABLED = CRYPTO_ENABLED;
  * @param {object} data
  * @param {MatrixEvent} data.event the original verification request message
  * @param {Array} data.methods the verification methods that can be used
+ * @param {Number} data.timeout the amount of milliseconds that should be waited
+ *                 before cancelling the request automatically.
  * @param {Function} data.beginKeyVerification a function to call if a key
  *     verification should be performed.  The function takes one argument: the
  *     name of the key verification method (taken from data.methods) to use.

src/crypto/index.js

@@ -2357,8 +2357,8 @@ Crypto.prototype._onKeyVerificationRequest = function(event) {
 
     const content = event.getContent();
     if (!("from_device" in content) || typeof content.from_device !== "string"
-        || !("transaction_id" in content) || typeof content.from_device !== "string"
-        || !("methods" in content) || !(content.methods instanceof Array)
+        || !("transaction_id" in content)
+        || !("methods" in content) || !Array.isArray(content.methods)
         || !("timestamp" in content) || typeof content.timestamp !== "number") {
         logger.warn("received invalid verification request from " + event.getSender());
         // ignore event if malformed
@@ -2434,6 +2434,7 @@ Crypto.prototype._onKeyVerificationRequest = function(event) {
         // notify the application of the verification request, so it can
         // decide what to do with it
         const request = {
+            timeout: VERIFICATION_REQUEST_TIMEOUT,
             event: event,
             methods: methods,
             beginKeyVerification: (method) => {
@@ -2566,6 +2567,31 @@ Crypto.prototype._onKeyVerificationStart = function(event) {
             }
         }
         this._baseApis.emit("crypto.verification.start", verifier);
+
+        // Riot does not implement `m.key.verification.request` while
+        // verifying over to_device messages, but the protocol is made to
+        // work when starting with a `m.key.verification.start` event straight
+        // away as well. Verification over DM *does* start with a request event first,
+        // and to expose a uniform api to monitor verification requests, we mock
+        // the request api here for to_device messages.
+        // "crypto.verification.start" is kept for backwards compatibility.
+
+        // ahh, this will create 2 request notifications for clients that do support the request event
+        // so maybe we should remove emitting the request when actually receiving it *sigh*
+        const requestAdapter = {
+            event,
+            timeout: VERIFICATION_REQUEST_TIMEOUT,
+            methods: [content.method],
+            beginKeyVerification: (method) => {
+                if (content.method === method) {
+                    return verifier;
+                }
+            },
+            cancel: () => {
+                return verifier.cancel("User cancelled");
+            },
+        };
+        this._baseApis.emit("crypto.verification.request", requestAdapter);
     }
 };
 
@@ -2631,6 +2657,7 @@ Crypto.prototype._onTimelineEvent = function(event) {
     }
     const request = {
         event,
+        timeout: VERIFICATION_REQUEST_TIMEOUT,
         methods: content.methods,
         beginKeyVerification: (method) => {
             const verifier = this.acceptVerificationDM(event, method);