Two tweaks:
* `httpBackend.flush()` now returns a value, so we can't pass its result
straight into `done()`.
* In one of the megolm tests, we need to wait for the device query to finish
before marking the relevant device as known. One easy way to do this is
actually to try sending the message first - that will block until the device
query completes.
89ced198 added some code which flagged our own device list as in need of an
update. However, 8d502743 then added code such that we invalidate *all* members
of e2e rooms on the first initialsync - which should include ourselves. We can
therefore remove the redundant special-case, which mostly serves to simplify
the tests.
Much of this transformation has been done automatically:
* add expect import to each file
* replace `not.to` with `toNot`
* replace `to[Not]Be{Undefined,Null}` with equivalents
* replace `jasmine.createSpy(...)` with `except.createSpy`, and `andCallFake`
with `andCall`
Also:
* replace `jasmine.createSpyObj` with manual alternatives
* replace `jasmine.Clock` with `lolex`
Remove some we don't care about. Set some other ones we do care
about but don't currently adhere to to warn. Set the max warnings
threshold to the current number of warnings, so we don't introduce
more of them. Fix a bunch of legit lint errors and add exceptions
to various places in the test code that does funny things with
'this'.
If we have shared the session with a device which is subsequently blacklisted,
we need to start a new session for the next message.
Rather than doing this proactively (which would be subject to false-positives
and require slightly awkward tracking of who we had shared the session with),
we check the list of who we have shared the session with on each send, and
start a new session if any of them are blocked.
Fixes https://github.com/vector-im/riot-web/issues/2146.
Two main changes here:
* when we get an m.new_device event for a device we know about, ignore it
* Batch up the m.new_device events received during initialsync and spam out
all the queries at once.
Instead of trying to maintain a list of devices we need to share with, just
check all the devices for all the users on each send.
This should fix https://github.com/vector-im/vector-web/issues/2568, and
generally mean we're less likely to get out of sync.
We have decided that signing one-time keys is the lesser of two evils;
accordingly, use a new key algorithm type (`signed_curve25519`), sign the
one-time keys that we upload to the server, and verify the signatures on those
we download.
This will mean that develop won't be able to talk to master, but hey, we're in
beta.
Update a failing test to include user_id and device_id in the right place.
Remove one of the cases since it's somewhat redundant to
matrix-client-crypto-spec anyway.
Check that the user_id and device_id in device query responses match those that
we expect.
This resolves an unknown-key attack whereby Eve can re-sign Bob's keys with her
own key, thus getting Alice to send her messages which she can then forward to
Bob, making Bob think that Alice sent the messages to him.
Previously, the API for uploadContent differed wildly depending on whether you
were on a browser with XMLHttpRequest or node.js with the HTTP system
library. This lead to great confusion, as well as making it hard to test the
browser behaviour.
The browser version expected a File, which could be sent straight to
XMLHttpRequest, whereas the node.js version expected an object with a `stream`
property. Now, we no longer recommend the `stream` property (though maintain it
for backwards compatibility) and instead expect the first argument to be the
thing to upload. To support the different ways of passing `type` and `name`,
they can now either be properties of the first argument (which will probably
suit browsers), or passed in as explicit `opts` (which will suit the node.js
users).
Even more crazily, the browser version returned the value of the `content_uri`
property of the result, while the node.js returned the raw JSON. Both flew in
the face of the convention of the js-sdk, which is to return the entire parsed
result object. Hence, add `rawResponse` and `onlyContentUri` options, which
grandfather in those behaviours.
9e89e71e broke uploadContent, making it set 'json=true' on the request, so that
we would try to turn raw content into JSON. It also misguidedly set a
client-side timeout of 30s.
Fix that, and add some tests to check uploadContent works.
In mock-request: distinguish between an expectation (ExpectedRequest)
and an actual request (Request). Add support for checking the headers, and the
request options in general, to Request.
In what I hoped would be a five-minute refactor to help clean up an annoying
not-really-used codepath, but turned into a bit of a hackathon on the tests,
create Olm sessions lazily in Olm rooms, just as we do in megolm rooms, which
allows us to avoid having to get the member list before configuring e2e in a
room.
When we got a redaction event, we were adding the entire (circular) MatrixEvent
object for the redaction to the redacted event, which would then cause
exceptions down the line (particularly when dealing with gappy timelines).
We should only be adding the raw event.
Fixes (hopefully) https://github.com/vector-im/vector-web/issues/1389.
