Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[POSTPONED] Sketch (just TODO comments) for prevent-online-leak #4932

Closed
wants to merge 1 commit into from
Closed

[POSTPONED] Sketch (just TODO comments) for prevent-online-leak #4932

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/chat.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -460,6 +460,10 @@ impl ChatId {
if sync.into() {
chat.add_sync_item(context, ChatAction::Accept).await?;
}

// TODO Check in the sql table `alicestate` whether we need to resume the securejoin protocol.
// If so, remember to also update the `alicestate` table.

Ok(())
}

Expand Down
19 changes: 19 additions & 0 deletions src/securejoin.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,14 @@ pub(crate) async fn handle_securejoin_handshake(
ChatId::create_for_contact(context, contact_id).await?;
}

// TODO Here we need to check that the token isn't too old (no more than 2 days)
// and if it is too old, then we need to put the chat into "Request" state.
// Except if `get_config(Config::IsBot)` is true, in this case we just continue normally.

// When the "Request" state is accepted (`ChatId::accept()`), we need to continue here. Also, we need to
// remember in the database that the user accepted a securejoin and the current timestamp.
// This probably needs to go into a new table `alicestate` or similar

// Alice -> Bob
send_alice_handshake_msg(
context,
Expand Down Expand Up @@ -431,6 +439,17 @@ pub(crate) async fn handle_securejoin_handshake(
info!(context, "Auth verified.",);
context.emit_event(EventType::ContactsChanged(Some(contact_id)));
inviter_progress!(context, contact_id, 600);

// TODO Here we need to check that the token isn't too old
// and if it is too old, then we need to put the chat into "Request" state.

// Except if `get_config(Config::IsBot)` is true, in this case we just continue normally.

// Except if the user already accepted the securejoin above in the last 2 days,
// in this case we just continue normally.

// When the "Request" state is accepted (in `ChatId::accept()`), we need to continue here.

if join_vg {
// the vg-member-added message is special:
// this is a normal Chat-Group-Member-Added message
Expand Down
7 changes: 7 additions & 0 deletions src/sql/migrations.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -749,6 +749,13 @@ CREATE INDEX smtp_messageid ON imap(rfc724_mid);
)
.await?;
}
// TODO we need a new table called `alicestate` or similar for alice's state, which can be (for each chat):
// - Paused at step 3 because the invite code was too old.
// - Resumed by the user clicking "accept" after step 3. We need to save the timestamp when the user clicked "accept".
// - Paused at step 6 because the auth code was too old.
// I think that if it's none of these 3 states, there is no need to save it.

// See https://countermitm.readthedocs.io/en/latest/new.html#setup-contact-protocol

let new_version = sql
.get_raw_config_int(VERSION_CFG)
Expand Down