* Handle when `aud` OIDC claim is an Array
The `aud` claim of OIDC id_tokens [can be an array](ce6d694639/src/Claims.ts (L92)) but the existing logic
incorrectly assumes `aud` is always a string.
This PR adds the necessary check.
* Clarify `aud` OIDC claim check
* Fix for prettier
---------
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
* Save the key backup key to secret storage
When setting up secret storage, if we have a key backup key in cache
(like we do for the cross signing secrets).
* Add test
* Get the key directly from the olmMachine
saves converting it needlessly into a buffer to turn it back into
a base64 string
* Overwrite backup keyin storage if different
* Fix test
* Add integ test
* Test failure case for sonar
* Unused import
* Missed return
* Also check active backup version
* WIP support for state_after
* Fix sliding sync sdk / embedded tests
* Allow both state & state_after to be undefined
Since it must have allowed state to be undefined previously: the test
had it as such.
* Fix limited sync handling
* Need to use state_after being undefined
if state can be undefined anyway
* Make sliding sync sdk tests pass
* Remove deprecated interfaces & backwards-compat code
* Remove useless assignment
* Use updates unstable prefix
* Clarify docs
* Remove additional semi-backwards compatible overload
* Update unstable prefixes
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix test
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add test for MSC4222 behaviour
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Improve coverage
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Fix tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Tidy
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add comments to explain why things work as they are.
* Fix sync accumulator for state_after sync handling
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Revert "Fix room state being updated with old (now overwritten) state and emitting for those updates. (#4242)"
This reverts commit 957329b218.
* Fix Sync Accumulator toJSON putting start timeline state in state_after field
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Update tests
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Add test case
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Iterate
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Hugh Nimmo-Smith <hughns@matrix.org>
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>
Co-authored-by: Timo <toger5@hotmail.de>
* Ensure we disambiguate display names which look like MXIDs
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Make tests clearer
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---------
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
* Handle M_MAX_DELAY_EXCEEDED errors
Use a lower delay time if the server rejects a delay as too long.
* Add test
* Lint test
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Robin <robin@robin.town>
* Test computed expiry timeout value
---------
Co-authored-by: Robin <robin@robin.town>
* MatrixRTCSession: handle rate limit errors
* Lint
* Handle ratelimiting for non-legacy state setting
Each request must be retried, as the non-legacy flow involves a sequence
of requests that must resolve in order.
* Fix broken test
* Check for MSC3757 instead of the unmerged MSC3779
* Move helper out of beforeEach
* Test ratelimit errors
* Send/receive error details with widgets
* Fix embedded client tests
* Use all properties of error responses
* Lint
* Rewrite ternary expression as if statement
* Put typehints on overridden functions
* Lint
* Update matrix-widget-api
* Don't @link across packages
as gendoc fails when doing so.
* Add a missing docstring
* Set widget response error string to correct value
* Test conversion to/from widget error payloads
* Test processing errors thrown by widget transport
* Lint
* Test processing errors from transport.sendComplete
* Update src with globalThis
* Update spec with globalThis
* Replace in more spec/ places
* More changes to src/
* Add a linter rule for global
* Prettify
* lint
* Include HTTP response headers in MatrixError
* Lint
* Support MSC4041 / Retry-After header
* Fix tests
* Remove redundant MatrixError parameter properties
They are inherited from HTTPError, so there is no need to mark them as
parameter properties.
* Comment that retry_after_ms is deprecated
* Properly handle colons in XHR header values
Also remove the negation in the if-condition for better readability
* Improve Retry-After parsing and docstring
* Revert ternary operator to if statements
for readability
* Reuse resolved Headers for Content-Type parsing
* Treat empty Content-Type differently from null
* Add MatrixError#isRateLimitError
This is separate from MatrixError#getRetryAfterMs because it's possible
for a rate-limit error to have no Retry-After time, and having separate
methods to check each makes that more clear.
* Ignore HTTP status code when getting Retry-After
because status codes other than 429 may have Retry-After
* Catch Retry-After parsing errors
* Add test coverage for HTTP error headers
* Update license years
* Move safe Retry-After lookup to global function
so it can more conveniently check if an error is a MatrixError
* Lint
* Inline Retry-After header value parsing
as it is only used in one place and doesn't need to be exported
* Update docstrings
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Use bare catch
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Give HTTPError methods for rate-limit checks
and make MatrixError inherit them
* Cover undefined errcode in rate-limit check
* Update safeGetRetryAfterMs docstring
Be explicit that errors that don't look like rate-limiting errors will
not pull a retry delay value from the error.
* Use rate-limit helper functions in more places
* Group the header tests
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add CryptoApi. encryptToDeviceMessages
Deprecate Crypto. encryptAndSendToDevices and MatrixClient. encryptAndSendToDevices
* Overload MatrixClient. encryptAndSendToDevices instead of deprecating
* Revert "Overload MatrixClient. encryptAndSendToDevices instead of deprecating"
This reverts commit 6a0d8e2638.
* Feedback from code review
* Use temporary pre-release build of @matrix-org/matrix-sdk-crypto-wasm
* Deduplicate user IDs
* Test for RustCrypto implementation
* Use ensureSessionsForUsers()
* Encrypt to-device messages in parallel
* Use release version of matrix-sdk-crypto-wasm
* Upgrade matrix-sdk-crypto-wasm to v8
* Sync with develop
* Add test for olmlib CryptoApi
* Fix link
* Feedback from review
* Move libolm implementation to better place in file
* FIx doc
* Integration test
* Make sure test device is known to client
* Feedback from review
* Do not rotate MatrixRTC media encryption key when a new member joins a call
This change reverts https://github.com/matrix-org/matrix-js-sdk/pull/4422.
Instead, the rotation when a new member joins will be reintroduced as part of supporting to-device based MatrixRTC encryption key distribution.
* Improve function name
* Refactor/simplify Promises in MatrixRTCSession
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
* Fix+document+test leaveRoomSession's return value
* Throw instead of using expect in teardown
because lint rules forbid using expect outside of test functions
---------
Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
* Prepare delayed call leave events more reliably
- Try sending call join after preparing delayed leave
- On leave, send delayed leave instead of a new event
* Don't rely on errcodes for retry logic
because they are unavailable in widget mode
* Make arrow method readonly
SonarCloud rule typescript:S2933
* Test coverage for restarting delayed call leave
* Remove unneeded unstable_features mock
It's unneeded because all affected methods are mocked
* Move used Crypto event into crypto api
* Use new crypto events in rust crypto
* Remove `WillUpdateDevices` event from CryptoApi
* Use new crypto events in old crypto events
* Compute type of CryptoEvent enum
* Rename CryptoEvent and CryptoEventHandlerMap as legacy
* - Rename `RustCryptoEvent` as `CryptoEvent`
- Declare `CryptoEventHandlerMap` into the crypto api
* Add `WillUpdateDevices` back to new crypto events to avoid circular imports between old crypto and the cryto api
* Extends old crypto handler map with the new crypto map
* Review fixes
* Add more explicit documentations
* Move `SecretEncryptedPayload` in `src/utils/@types`
* Move `encryptAES` to a dedicated file. Moved in a utils folder.
* Move `deriveKeys` to a dedicated file in order to share it
* Move `decryptAES` to a dedicated file. Moved in a utils folder.
* Move `calculateKeyCheck` to a dedicated file. Moved in a utils folder.
* Remove AES functions in `aes.ts` and export new ones for backward compatibility
* Update import to use new functions
* Add `src/utils` entrypoint in `README.md`
* - Rename `SecretEncryptedPayload` to `AESEncryptedSecretStoragePayload`.
- Move into `src/@types`
* Move `calculateKeyCheck` into `secret-storage.ts`.
* Move `deriveKeys` into `src/utils/internal` folder.
* - Rename `encryptAES` on `encryptAESSecretStorageItem`
- Change named export by default export
* - Rename `decryptAES` on `decryptAESSecretStorageItem`
- Change named export by default export
* Update documentation
* Update `decryptAESSecretStorageItem` doc
* Add lnk to spec for `calculateKeyCheck`
* Fix downstream tests
* crypto: configure key sharing strategy based on deviceIsolationMode
fix eslint import error
cryptoMode was renamed to deviceIsolationMode
post rebase fix: Device Isolation mode name changes
* Fix outdated docs referring to old cryptomode
* code review: better comment for globalBlacklistUnverifiedDevices option
* RoomEncryptor: Use appropriate default for getBlacklistUnverifiedDevices
* do not provide a default value for DeviceIsolationMode for encryption
* Update src/rust-crypto/RoomEncryptor.ts
---------
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Implement `UserVerificationStatus.needsUserApproval`
Expose the `identityNeedsUserApproval` flag from the rust crypto crate.
* Add CryptoApi.pinCurrentUserIdentity
Expose `pinCurrentMasterKey` from the rust crypto api.
* Test data: add second cross-signing key for Bob
* Add tests for verification status
* Don't share full key history for RTC per-participant encryption
Also record stats for how many keys have been sent/received and age of those received
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Robin <robin@robin.town>
* Add comment about why we track total age of events
---------
Co-authored-by: Robin <robin@robin.town>
* Retry event decryption failures on first failure
* Suggestion from code review
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Use origin server timestamp for calculating group call membership expiry
* Fix tests
* Docs
* Refactor comments to reflect that the logic hasn't changed
* Make comment maintainable
* Fix up merge
* Fix test
* Handle MatrixRTC encryption keys arriving out of order
* Apply suggestions from code review
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Suggestion from code review
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Resend MatrixRTC encryption keys if a membership has changed
* JSDoc
* Update src/matrixrtc/MatrixRTCSession.ts
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
* Add note about using Set. symmetricDifference() when available
* Always store latest fingerprints
Should reduce unnecessary retransmits
* Refactor
---------
Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
