Add CryptoApi.resetEncryption
#4614
Conversation
florianduros
changed the title
CryptoApi#resetEncryptionCryptoApi.resetEncryption
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
f99e069 to
4029eee
Compare
florianduros
added
T-Feature
florianduros
force-pushed
the
florianduros/reset-encryption
branch
2 times, most recently
from
18fb6e6 to
b033611
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
b033611 to
c1462b7
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
c1462b7 to
dbb5c0f
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
dbb5c0f to
0420edf
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
0420edf to
6ea0cd1
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
6ea0cd1 to
dbd54dc
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
dbd54dc to
9f87c04
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
9f87c04 to
be9f401
Compare
florianduros
force-pushed
the
florianduros/reset-encryption
branch
from
be9f401 to
d4e01c9
Compare
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
| authUploadDeviceSigningKeys, | ||
| }); | ||
|
|
||
| // If key backup was enabled, we create a new backup |
There was a problem hiding this comment.
Why only if backup was enabled?
That means that if there was a backup that was not working (not trusted signed correctly for example), then the resetEncryption flow won't put me back in a working state?
Maybe what we want to check here is if there was a backup server side, or even better do it unless the opt-out flag is set (account data m.org.matrix.custom.backup_disabled)?
There was a problem hiding this comment.
I think that the rust-sdk is ultimatly looking at the opt-out flag m.org.matrix.custom.backup_disabled, but there is also a local setting to force disable
So I believe this code is not consistent with rust.
Even if the rust doc is misleading https://docs.rs/matrix-sdk/latest/matrix_sdk/encryption/recovery/struct.Recovery.html#method.reset_identity
Finally, re-enable key backups (only if they were already enabled)
It is unfortunatly not the same enabled meaning
There was a problem hiding this comment.
As discussed elsewhere: ugh, yes, this is not what Element X is doing.
I think we should just enable backups here, regardless of whether they were enabled before. If you're resetting, you're going to be looking at the settings dialog, so can see if you're being opted in to keybackup against your will; and I'd rather err on the side of just making it work for everyone.
| const backupEnabled = (await this.backupManager.getActiveBackupVersion()) !== null; | ||
|
|
||
| // Disable backup, and delete all the backups from the server | ||
| await this.backupManager.deleteAllKeyBackupVersions(); | ||
|
|
||
| // Disable the recovery key and the secret storage | ||
| await this.secretStorage.setDefaultKeyId(null); | ||
|
|
||
| // Reset the cross-signing keys | ||
| await this.crossSigningIdentity.bootstrapCrossSigning({ | ||
| setupNewCrossSigning: true, | ||
| authUploadDeviceSigningKeys, | ||
| }); | ||
|
|
||
| // If key backup was enabled, we create a new backup | ||
| if (backupEnabled) { | ||
| await this.resetKeyBackup(); | ||
| } |
There was a problem hiding this comment.
while we're here: it would be good to add some logging at the start and end of resetEncryption to make it more obvious what's going on in rageshakes.
Checklist
public/exportedsymbols have accurate TSDoc documentation.Task element-hq/element-web#28977
Require #4615
Add
CryptoApi.resetEncryption.The goal of this new api is to give an easy to reset the current encryption state of the user: