experimental support for warning users when unknown devices show up in a room.

hopefully a step towards fixing https://github.com/vector-im/riot-web/issues/2143
2025-08-09 10:22:46 +03:00 · 2017-01-21 05:10:51 +00:00
parent 49e6fd3c60
commit fb820fa9a7
4 changed files with 90 additions and 3 deletions
--- a/src/crypto/algorithms/megolm.js
+++ b/src/crypto/algorithms/megolm.js
@@ -388,6 +388,10 @@ MegolmEncryption.prototype._shareKeyWithDevices = function(session, devicesByUse
 MegolmEncryption.prototype.encryptMessage = function(room, eventType, content) {
    const self = this;
    return this._getDevicesInRoom(room).then(function(devicesInRoom) {
+        // check if any of these devices are not yet known to the user.
+        // if so, warn the user so they can verify or ignore.
+        self._checkForUnknownDevices(devicesInRoom);
+
        return self._ensureOutboundSession(devicesInRoom);
    }).then(function(session) {
        const payloadJson = {
@@ -415,6 +419,38 @@ MegolmEncryption.prototype.encryptMessage = function(room, eventType, content) {
    });
 };

+/**
+ * Checks the devices we're about to send to and see if any are entirely
+ * unknown to the user.  If so, warn the user, and mark them as known to
+ * give the user a chance to go verify them before re-sending this message.
+ */
+MegolmEncryption.prototype._checkForUnknownDevices = function(devicesInRoom) {
+    const unknownDevices = {};
+
+    Object.keys(devicesInRoom).forEach(userId=>{
+        Object.keys(devicesInRoom[userId]).forEach(deviceId=>{
+            const device = devicesInRoom[userId][deviceId];
+            if (device.isUnverified() && !device.isKnown()) {
+                // mark the devices as known to the user, given we're about to
+                // yell at them.
+                //this._crypto.setDeviceVerification(userId, device.deviceId,
+                //                                   undefined, undefined, true);
+                if (!unknownDevices[userId]) {
+                    unknownDevices[userId] = {};
+                }
+                unknownDevices[userId][deviceId] = device;
+            }
+        });
+    });
+
+    if (Object.keys(unknownDevices).length) {
+        // it'd be kind to pass unknownDevices up to the user in this error
+        throw new base.UnknownDeviceError(
+            "This room contains unknown devices which have not been verified. " +
+            "We strongly recommend you verify them before continuing.", unknownDevices);
+    }
+};
+
 /**
 * Get the list of unblocked devices for all users in the room
 *
@@ -433,6 +469,9 @@ MegolmEncryption.prototype._getDevicesInRoom = function(room) {
    // have a list of the user's devices, then we already share an e2e room
    // with them, which means that they will have announced any new devices via
    // an m.new_device.
+    //
+    // XXX: what if the cache is stale, and the user left the room we had in common
+    // and then added new devices before joining this one? --Matthew
    return this._crypto.downloadKeys(roomMembers, false).then(function(devices) {
        // remove any blocked devices
        for (const userId in devices) {