CryptoApi.resetEncryption should always create a new key backup (#4648)

* fix(crypto api): `resetEncryption` always calls `resetKeyBackup` * test(crypto api): update `resetEncryption` tests * chore(crypto api): add logging in `resetEncryption`
2025-11-23 17:02:25 +03:00 · 2025-01-23 16:35:37 +01:00
parent c0e30ceca0
commit ed397d99ed
3 changed files with 13 additions and 29 deletions
--- a/spec/unit/rust-crypto/rust-crypto.spec.ts
+++ b/spec/unit/rust-crypto/rust-crypto.spec.ts
@@ -1896,22 +1896,6 @@ describe("RustCrypto", () => {
        });

        it("reset should reset 4S, backup and cross-signing", async () => {
-            // We don't have a key backup
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", {});
-
-            const rustCrypto = await makeTestRustCrypto(makeMatrixHttpApi(), undefined, undefined, secretStorage);
-
-            const authUploadDeviceSigningKeys = jest.fn();
-            await rustCrypto.resetEncryption(authUploadDeviceSigningKeys);
-
-            // The default key id should be deleted
-            expect(secretStorage.setDefaultKeyId).toHaveBeenCalledWith(null);
-            expect(await rustCrypto.getActiveSessionBackupVersion()).toBeNull();
-            // The new cross signing keys should be uploaded
-            expect(authUploadDeviceSigningKeys).toHaveBeenCalledWith(expect.any(Function));
-        });
-
-        it("key backup should be re-enabled after reset", async () => {
            // When we will delete the key backup
            let backupIsDeleted = false;
            fetchMock.delete("path:/_matrix/client/v3/room_keys/version/1", () => {
@@ -1923,6 +1907,13 @@ describe("RustCrypto", () => {
                return backupIsDeleted ? {} : testData.SIGNED_BACKUP_DATA;
            });

+            // A new key backup should be created after the reset
+            let newKeyBackupInfo!: KeyBackupInfo;
+            fetchMock.post("path:/_matrix/client/v3/room_keys/version", (res, options) => {
+                newKeyBackupInfo = JSON.parse(options.body as string);
+                return { version: "2" };
+            });
+
            // We consider the key backup as trusted
            jest.spyOn(RustBackupManager.prototype, "isKeyBackupTrusted").mockResolvedValue({
                trusted: true,
@@ -1933,13 +1924,6 @@ describe("RustCrypto", () => {
            // We have a key backup
            expect(await rustCrypto.getActiveSessionBackupVersion()).not.toBeNull();

-            // A new key backup should be created after the reset
-            let newKeyBackupInfo!: KeyBackupInfo;
-            fetchMock.post("path:/_matrix/client/v3/room_keys/version", (res, options) => {
-                newKeyBackupInfo = JSON.parse(options.body as string);
-                return { version: "2" };
-            });
-
            const authUploadDeviceSigningKeys = jest.fn();
            await rustCrypto.resetEncryption(authUploadDeviceSigningKeys);

--- a/src/crypto-api/index.ts
+++ b/src/crypto-api/index.ts
@@ -401,7 +401,7 @@ export interface CryptoApi {
     * - Disable backing up room keys and delete any existing backups.
     * - Remove the default secret storage key from the account data (ie: the recovery key).
     * - Reset the cross-signing keys.
-     * - Re-enable backing up room keys if enabled before.
+     * - Create a new key backup.
     *
     * @param authUploadDeviceSigningKeys - Callback to authenticate the upload of device signing keys.
     *      Used when resetting the cross signing keys.
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -1477,7 +1477,7 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
     * Implementation of {@link CryptoApi#resetEncryption}.
     */
    public async resetEncryption(authUploadDeviceSigningKeys: UIAuthCallback<void>): Promise<void> {
-        const backupEnabled = (await this.backupManager.getActiveBackupVersion()) !== null;
+        this.logger.debug("resetEncryption: resetting encryption");

        // Disable backup, and delete all the backups from the server
        await this.backupManager.deleteAllKeyBackupVersions();
@@ -1491,10 +1491,10 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
            authUploadDeviceSigningKeys,
        });

-        // If key backup was enabled, we create a new backup
-        if (backupEnabled) {
+        // Create a new key backup
        await this.resetKeyBackup();
-        }
+
+        this.logger.debug("resetEncryption: ended");
    }

    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////