-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
state of secure join error handling #4704
Comments
Thanks for writing this down! You say Bob is always modal, but dc_join_securejoin() is only fully blocking when joining a group and returns immediately otherwise. There is an ongoing process allocated though. Should the UIs always perform the Bob operation as blocking? You say that errors are shown as toasts for Alice. To my understanding currently errors are shown to both Bob and Alice as toast. But there is also the class of protocol failures (and success) which is being sent to the 1:1 chat, again for both sides I think. I'm wondering if we should never show a toast from the dc_join_securejoin() call and rather return the error, leaving it to the UI to handle that error. The FFI can not carry much error information but perhaps just a we failed message is enough and the user can retry. For messages in handle_securejoin_message (the protocol handling) the situation is trickier, as there is no-where to report errors. I've been wondering if it would be possible to set and (ephemeral, in-memory only) error state to the 1:1 flag for these. E.g. sending a device message to the 1:1 chat could result in errors, so what do you do? Being able to set an error flag with a message on the 1:1 chat would be interesting. Or maybe have it as a small queue/list even. If the app is killed this would be lost (so there is no DB involved and we can implement this with less code that could error itself. Ideally we can do this in a way the rust compiler can guarantee us no errors. |
you're totally right, i've forgotten about this change. yes, bob is also modeless in case of one-to-one-join, i've adapted the initial post to that fact.
no, the change is intended and very useful as allows writing and using the chat immediately and also works when one of Alice or Bob is offline, see
when Bob joins a group and therefore a modal dialog is shown, in case of
protocol-success is added to the 1:1 chat - why not just add errors there as well?
i assume you are talking about if we already have the maybe we should avoid duplicate errors reported there, but i think this is what you meant by:
otoh, maybe this case is rare enough to ignore it, typically the other side will abort the progress as well. maybe, no really sure, we can also stop returning |
Entirely agree with reporting errors in the 1:1 chat where possible, and some of the errors are already shown there. One reasonable thing to do could be to reserve a numberic value in https://github.com/deltachat/deltachat-core-rust/blob/0c03024b97568034bed594bac60ed7647cda98a2/deltachat-ffi/deltachat.h#L4727-L4739 for failures where this is not possible. E.g. |
that would be similar to DC_EVENT_CONFIGURE progress where however, i would not emit the same code for "error added to 1-to-1 chat" and "no message could be added to 1-to-1 chat" as otherwise the ui might show duplicate error messages which is annoying. so, maybe better only repot |
there are some recent discussion about error handling in secure-join.
this thread is to sum up things a bit and order the partly complicated flows.
some definitions
Alice is the inviter who shows the qr-code.
the ui stays modeless and does not go to a special state on Alice's device, secure-join runs in background from the view of Alice
Bob is the joiner who scans the qr-code from Alice
current state
current state is that errors on progress on modeless ui show up as "toasts".
for the modal dialog, errors are captured and shown in an alert-dialog on failure (this capturing takes place on android/ios, not sure about desktop).
success is indicated by an info-message in the Alice-Bob chat on both sides.
discussion
my 2 cents:
technically, the capturing and later alert- is error-prone and a bit hard to handle. we recently removed this need-to-capture from dc_configure(), ui-wise, however, this would not make a difference.
on Alice's side, having concrete errors as toasts are easily overseen, esp. as the progress may take longer under bad circumstances. there was the suggestion to put these errors to the device-chat, however, i would prefer putting them to the Alice-Bob chat.
The text was updated successfully, but these errors were encountered: