Handle cross-signing keys missing locally and/or from secret storage #31367
+589
−323
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If cross-signing keys are missing both locally and in 4S, show a new toast saying that identity needs resetting, rather than saying that the device needs to be verified.
- move enum from SetupEncryptionToast to DeviceListener - DeviceListener has public method to get device state - DeviceListener emits events to update device state
brings RecoveryPanelOutOfSync in line with SetupEncryptionToast behaviour
rather than using its own logic
5 tasks
kaylendog
reviewed
Dec 10, 2025
Contributor
kaylendog
left a comment
kaylendog
left a comment
There was a problem hiding this comment.
Some linting hints from Sonar, plus a few suggestions. Looks fine, otherwise!
src/components/views/settings/tabs/user/EncryptionUserSettingsTab.tsx
Outdated
Show resolved
Hide resolved
src/components/views/settings/tabs/user/EncryptionUserSettingsTab.tsx
Outdated
Show resolved
Hide resolved
Co-authored-by: Skye Elliot <[email protected]>
uhoreg
force-pushed
the
key_storage_out_of_sync_cross_signing
branch
from
fb83e3e to
edc4d81
Compare
kaylendog
approved these changes
Dec 11, 2025
Contributor
kaylendog
left a comment
kaylendog
left a comment
There was a problem hiding this comment.
Wonderful, I think this is fine now!
florianduros
requested changes
Dec 11, 2025
Comment on lines
+68
to
+96
| /** | ||
| * The state of the device and the user's account. | ||
| */ | ||
| export enum DeviceState { | ||
| /** | ||
| * The device is in a good state. | ||
| */ | ||
| OK = "ok", | ||
| /** | ||
| * The user needs to set up recovery. | ||
| */ | ||
| SET_UP_RECOVERY = "set_up_recovery", | ||
| /** | ||
| * The device is not verified. | ||
| */ | ||
| VERIFY_THIS_SESSION = "verify_this_session", | ||
| /** | ||
| * Key storage is out of sync (keys are missing locally, from recovery, or both). | ||
| */ | ||
| KEY_STORAGE_OUT_OF_SYNC = "key_storage_out_of_sync", | ||
| /** | ||
| * Key storage is not enabled, and has not been marked as purposely disabled. | ||
| */ | ||
| TURN_ON_KEY_STORAGE = "turn_on_key_storage", | ||
| /** | ||
| * The user's identity needs resetting, due to missing keys. | ||
| */ | ||
| IDENTITY_NEEDS_RESET = "identity_needs_reset", | ||
| } |
Member
There was a problem hiding this comment.
Can we use string union? It allows more flexibility
Comment on lines
+76
to
+85
| await deviceListener.whilePaused(async () => { | ||
| await accessSecretStorage(async () => { | ||
| // Reset backup if needed. | ||
| if (needsBackupReset) { | ||
| await resetKeyBackupAndWait(crypto); | ||
| } else if (await matrixClient.isKeyBackupKeyStored()) { | ||
| await crypto.loadSessionBackupPrivateKeyFromSecretStorage(); | ||
| } | ||
| }); | ||
| }); |
Member
There was a problem hiding this comment.
what is happening if this promises are rejected?
Comment on lines
+27
to
+31
| return render( | ||
| <MatrixClientContext.Provider value={MatrixClientPeg.safeGet()}> | ||
| <RecoveryPanelOutOfSync onFinish={onFinish} onForgotRecoveryKey={onForgotRecoveryKey} /> | ||
| </MatrixClientContext.Provider>, | ||
| ); |
Member
There was a problem hiding this comment.
Suggested change
| return render( | |
| <MatrixClientContext.Provider value={MatrixClientPeg.safeGet()}> | |
| <RecoveryPanelOutOfSync onFinish={onFinish} onForgotRecoveryKey={onForgotRecoveryKey} /> | |
| </MatrixClientContext.Provider>, | |
| ); | |
| return render(<RecoveryPanelOutOfSync onFinish={onFinish} onForgotRecoveryKey={onForgotRecoveryKey} />, withClientContextRenderOptions(matrixClient)); |
| describe("<RecoveyPanelOutOfSync />", () => { | ||
| function renderComponent(onFinish = jest.fn(), onForgotRecoveryKey = jest.fn()) { | ||
| return render(<RecoveryPanelOutOfSync onFinish={onFinish} onForgotRecoveryKey={onForgotRecoveryKey} />); | ||
| stubClient(); |
Member
There was a problem hiding this comment.
Avoid using MatrixClientPeg.safeGet(), prefer to create the matrix client and put it an a context
Suggested change
| stubClient(); | |
| createTestClient(); |
Comment on lines
+59
to
+61
| .mockImplementation(async (func = async (): Promise<void> => {}) => { | ||
| return await func(); | ||
| }); |
Member
There was a problem hiding this comment.
Do we really need to call the function in mockImplementation? Or returning a promise for accessSecretStorage is enough?
Suggested change
| .mockImplementation(async (func = async (): Promise<void> => {}) => { | |
| return await func(); | |
| }); | |
| .mockResolvedValue(undefined) |
| } | ||
|
|
||
| afterEach(() => { | ||
| jest.restoreAllMocks(); |
Member
There was a problem hiding this comment.
Suggested change
| jest.restoreAllMocks(); | |
| jest.clearAllMocks() |
|
|
||
| const user = userEvent.setup(); | ||
| mocked(accessSecretStorage) | ||
| .mockClear() |
Member
There was a problem hiding this comment.
With jest.clearAllMocks() in afteEach, this not necessary
| expect(accessSecretStorage).toHaveBeenCalled(); | ||
| expect(onFinish).toHaveBeenCalled(); | ||
|
|
||
| expect(MatrixClientPeg.safeGet().getCrypto()!.resetKeyBackup).toHaveBeenCalled(); |
| return this.deviceState; | ||
| } | ||
|
|
||
| private async setDeviceState(newState: DeviceState, logSpan: LogSpan): Promise<void> { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #31187 and parts of #30438
Best to review this commit-by-commit
Checklist
public/exportedsymbols have accurate TSDoc documentation.