diff --git a/apps/web/playwright/e2e/crypto/logout.spec.ts b/apps/web/playwright/e2e/crypto/logout.spec.ts index 6cf02f3408a..64bfd9122ad 100644 --- a/apps/web/playwright/e2e/crypto/logout.spec.ts +++ b/apps/web/playwright/e2e/crypto/logout.spec.ts @@ -30,7 +30,7 @@ test.describe("Logout tests", () => { const currentDialogLocator = page.locator(".mx_Dialog"); await expect( - currentDialogLocator.getByRole("heading", { name: "You'll lose access to your encrypted messages" }), + currentDialogLocator.getByRole("heading", { name: "You're about to lose access to your encrypted chats" }), ).toBeVisible(); }); @@ -51,7 +51,7 @@ test.describe("Logout tests", () => { await expect(currentDialogLocator.getByText("Are you sure you want to Remove this device?")).toBeVisible(); }); - test("Logout directly if the user has no room keys", async ({ page, app }) => { + test("Ask to set up recovery on logout even if not in encrypted room", async ({ page, app }) => { await createRoom(page, "Clear room", false); await sendMessageInCurrentRoom(page, "Hello public world!"); @@ -60,7 +60,10 @@ test.describe("Logout tests", () => { await locator.getByRole("menuitem", { name: "All settings", exact: true }).click(); await page.getByRole("button", { name: "Remove this device", exact: true }).click(); - // Should have logged out directly - await expect(page.getByRole("heading", { name: "Be in your element" })).toBeVisible(); + const currentDialogLocator = page.locator(".mx_Dialog"); + + await expect( + currentDialogLocator.getByRole("heading", { name: "You're about to lose access to your encrypted chats" }), + ).toBeVisible(); }); }); diff --git a/apps/web/playwright/e2e/crypto/utils.ts b/apps/web/playwright/e2e/crypto/utils.ts index f08863ccdb5..986d1151c85 100644 --- a/apps/web/playwright/e2e/crypto/utils.ts +++ b/apps/web/playwright/e2e/crypto/utils.ts @@ -248,7 +248,7 @@ export async function logIntoElementAndVerify(page: Page, credentials: Credentia * Click the "sign out" option in Element, and wait for the welcome page to load * * @param page - Playwright `Page` object. - * @param discardKeys - if true, expect a "You'll lose access to your encrypted messages" dialog, and dismiss it. + * @param discardKeys - if true, expect a "You're about to lose access to your encrypted chats" dialog, and dismiss it. */ export async function logOutOfElement(page: Page, discardKeys: boolean = false) { await page.getByRole("button", { name: "User menu" }).click(); @@ -256,7 +256,7 @@ export async function logOutOfElement(page: Page, discardKeys: boolean = false) await page.getByRole("menu", { name: "User menu" }).getByRole("menuitem", { name: "All settings" }).click(); await page.getByRole("button", { name: "Remove this device" }).click(); if (discardKeys) { - await page.getByRole("button", { name: "I don't want my encrypted messages" }).click(); + await page.getByRole("button", { name: "Remove this device anyway" }).click(); } else { await page.locator(".mx_Dialog .mx_QuestionDialog").getByRole("button", { name: "Remove this device" }).click(); } diff --git a/apps/web/playwright/e2e/login/login-consent.spec.ts b/apps/web/playwright/e2e/login/login-consent.spec.ts index 23f10e39bb9..094e73f8b21 100644 --- a/apps/web/playwright/e2e/login/login-consent.spec.ts +++ b/apps/web/playwright/e2e/login/login-consent.spec.ts @@ -342,6 +342,7 @@ test.describe("Login", () => { await page.waitForTimeout(2000); await page.getByRole("menu", { name: "User menu" }).getByRole("menuitem", { name: "All settings" }).click(); await page.getByRole("button", { name: "Remove this device" }).click(); + await page.getByRole("button", { name: "Remove this device anyway" }).click(); await expect(page).toHaveURL(/\/#\/welcome$/); }); }); diff --git a/apps/web/playwright/e2e/login/logout_redirect_url.spec.ts b/apps/web/playwright/e2e/login/logout_redirect_url.spec.ts index 57596de0f4a..ab83394a0db 100644 --- a/apps/web/playwright/e2e/login/logout_redirect_url.spec.ts +++ b/apps/web/playwright/e2e/login/logout_redirect_url.spec.ts @@ -30,6 +30,7 @@ test.describe("logout with logout_redirect_url", () => { await page.waitForTimeout(2000); await page.getByRole("menu", { name: "User menu" }).getByRole("menuitem", { name: "All settings" }).click(); await page.getByRole("button", { name: "Remove this device" }).click(); + await page.getByRole("button", { name: "Remove this device anyway" }).click(); await expect(page).toHaveURL(/\/decoder-ring\/$/); }); diff --git a/apps/web/playwright/e2e/oidc/oidc-native.spec.ts b/apps/web/playwright/e2e/oidc/oidc-native.spec.ts index 21b79a1d130..bc78298937c 100644 --- a/apps/web/playwright/e2e/oidc/oidc-native.spec.ts +++ b/apps/web/playwright/e2e/oidc/oidc-native.spec.ts @@ -76,6 +76,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { const locator = await app.settings.openUserMenu(); await locator.getByRole("menuitem", { name: "All settings", exact: true }).click(); await page.getByRole("button", { name: "Remove this device", exact: true }).click(); + await page.getByRole("button", { name: "Remove this device anyway" }).click(); await revokeAccessTokenPromise; await revokeRefreshTokenPromise; }); @@ -125,6 +126,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { await page.waitForTimeout(2000); await page.getByRole("menu", { name: "User menu" }).getByRole("menuitem", { name: "All settings" }).click(); await page.getByRole("button", { name: "Remove this device" }).click(); + await page.getByRole("button", { name: "Remove this device anyway" }).click(); await expect(page).toHaveURL(/\/#\/welcome$/); // Log in again @@ -159,6 +161,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { await page.waitForTimeout(2000); await page.getByRole("menu", { name: "User menu" }).getByRole("menuitem", { name: "All settings" }).click(); await page.getByRole("button", { name: "Remove this device" }).click(); + await page.getByRole("button", { name: "Remove this device anyway" }).click(); await expect(page).toHaveURL(/\/#\/welcome$/); // Log in again @@ -210,6 +213,10 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => { .getByRole("menuitem", { name: "All settings" }) .click(); await page.getByRole("button", { name: "Remove this device" }).click(); + // Since we have another device, it only shows a normal logout + // confirmation dialog, rather than prompting the user to set up + // recovery. + await page.getByRole("button", { name: "Remove this device" }).click(); await expect(page).toHaveURL(/\/#\/welcome$/); // Log in again diff --git a/apps/web/res/css/views/dialogs/_LogoutDialog.pcss b/apps/web/res/css/views/dialogs/_LogoutDialog.pcss index 8f11f8c7c27..38f2c271650 100644 --- a/apps/web/res/css/views/dialogs/_LogoutDialog.pcss +++ b/apps/web/res/css/views/dialogs/_LogoutDialog.pcss @@ -6,6 +6,22 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com Please see LICENSE files in the repository root for full details. */ -.mx_LogoutDialog_ExportKeyAdvanced { - width: fit-content; +.mx_LogoutDialog { + width: 26rem; + + .mx_EncryptionCard { + gap: 0; + h2 { + text-align: center; + color: var(--cpd-color-text-primary); + } + .mx_EncryptionCard_emphasisedContent { + text-align: center; + margin-bottom: var(--cpd-space-12x); + p { + margin-top: var(--cpd-space-2x); + margin-bottom: 0; + } + } + } } diff --git a/apps/web/src/components/views/dialogs/LogoutDialog.tsx b/apps/web/src/components/views/dialogs/LogoutDialog.tsx index 830e5fb5898..92ebcaf49a9 100644 --- a/apps/web/src/components/views/dialogs/LogoutDialog.tsx +++ b/apps/web/src/components/views/dialogs/LogoutDialog.tsx @@ -7,11 +7,14 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com Please see LICENSE files in the repository root for full details. */ -import React, { lazy } from "react"; -import { logger } from "matrix-js-sdk/src/logger"; +import React, { type JSX } from "react"; import { type MatrixClient } from "matrix-js-sdk/src/matrix"; +import { Button } from "@vector-im/compound-web"; +import ErrorIcon from "@vector-im/compound-design-tokens/assets/web/icons/error-solid"; +import KeyIcon from "@vector-im/compound-design-tokens/assets/web/icons/key"; +import PopOutIcon from "@vector-im/compound-design-tokens/assets/web/icons/pop-out"; +import SignOutIcon from "@vector-im/compound-design-tokens/assets/web/icons/sign-out"; -import Modal from "../../../Modal"; import dis from "../../../dispatcher/dispatcher"; import { type OpenToTabPayload } from "../../../dispatcher/payloads/OpenToTabPayload"; import { Action } from "../../../dispatcher/actions"; @@ -21,39 +24,16 @@ import { MatrixClientPeg } from "../../../MatrixClientPeg"; import QuestionDialog from "./QuestionDialog"; import BaseDialog from "./BaseDialog"; import Spinner from "../elements/Spinner"; -import DialogButtons from "../elements/DialogButtons"; +import { BackupStatus, useKeyBackupStatus } from "../../../hooks/useKeyBackupStatus"; +import { useHasOtherVerifiedDevices } from "../../../hooks/useHasOtherVerifiedDevices"; +import { EncryptionCard } from "../settings/encryption/EncryptionCard"; +import { EncryptionCardButtons } from "../settings/encryption/EncryptionCardButtons"; +import { EncryptionCardEmphasisedContent } from "../settings/encryption/EncryptionCardEmphasisedContent"; interface IProps { onFinished: (success: boolean) => void; } -enum BackupStatus { - /** we're trying to figure out if there is an active backup */ - LOADING, - - /** crypto is disabled in this client (so no need to back up) */ - NO_CRYPTO, - - /** Key backup is active and working */ - BACKUP_ACTIVE, - - /** there is a backup on the server but we are not backing up to it */ - SERVER_BACKUP_BUT_DISABLED, - - /** Key backup is set up but recovery (4s) is not */ - BACKUP_NO_RECOVERY, - - /** backup is not set up locally and there is no backup on the server */ - NO_BACKUP, - - /** there was an error fetching the state */ - ERROR, -} - -interface IState { - backupStatus: BackupStatus; -} - /** * Checks if the `LogoutDialog` should be shown instead of the simple logout flow. * The `LogoutDialog` will check the crypto recovery status of the account and @@ -61,191 +41,120 @@ interface IState { */ export async function shouldShowLogoutDialog(cli: MatrixClient): Promise { const crypto = cli?.getCrypto(); - if (!crypto) return false; - - // If any room is encrypted, we need to show the advanced logout flow - const allRooms = cli!.getRooms(); - for (const room of allRooms) { - const isE2e = await crypto.isEncryptionEnabledInRoom(room.roomId); - if (isE2e) return true; - } - - return false; + return !!crypto; } -export default class LogoutDialog extends React.Component { - public static defaultProps = { - onFinished: function () {}, - }; +export default function LogoutDialog(props: IProps): JSX.Element { + const client = MatrixClientPeg.safeGet(); + const backupStatus = useKeyBackupStatus(client); + const hasOtherVerifiedDevices = useHasOtherVerifiedDevices(client); - public constructor(props: IProps) { - super(props); - - this.state = { - backupStatus: BackupStatus.LOADING, - }; - } - - public componentDidMount(): void { - this.startLoadBackupStatus(); - } - - /** kick off the asynchronous calls to populate `state.backupStatus` in the background */ - private startLoadBackupStatus(): void { - this.loadBackupStatus().catch((e) => { - logger.log("Unable to fetch key backup status", e); - this.setState({ - backupStatus: BackupStatus.ERROR, - }); - }); - } - - private async loadBackupStatus(): Promise { - const client = MatrixClientPeg.safeGet(); - const crypto = client.getCrypto(); - if (!crypto) { - this.setState({ backupStatus: BackupStatus.NO_CRYPTO }); - return; - } - - if ((await crypto.getActiveSessionBackupVersion()) !== null) { - if (await crypto.isSecretStorageReady()) { - this.setState({ backupStatus: BackupStatus.BACKUP_ACTIVE }); - } else { - this.setState({ backupStatus: BackupStatus.BACKUP_NO_RECOVERY }); - } - return; - } - - // backup is not active. see if there is a backup version on the server we ought to back up to. - const backupInfo = await crypto.getKeyBackupInfo(); - this.setState({ backupStatus: backupInfo ? BackupStatus.SERVER_BACKUP_BUT_DISABLED : BackupStatus.NO_BACKUP }); - } - - private onExportE2eKeysClicked = (): void => { - Modal.createDialog( - lazy(() => import("../../../async-components/views/dialogs/security/ExportE2eKeysDialog")), - { - matrixClient: MatrixClientPeg.safeGet(), - }, - ); - }; - - private onFinished = (confirmed?: boolean): void => { + const onFinished = (confirmed?: boolean): void => { if (confirmed) { dis.dispatch({ action: "logout" }); } + props.onFinished(!!confirmed); + }; + + const onLogoutConfirm = (): void => { + dis.dispatch({ action: "logout" }); + // close dialog - this.props.onFinished(!!confirmed); + props.onFinished(true); }; - private onSetRecoveryMethodClick = (): void => { - // Open the user settings dialog to the encryption tab and start the flow to reset encryption + const onGoToSettings = (): void => { + // Open the user settings dialog to the encryption tab and start the flow to get recovery key const payload: OpenToTabPayload = { action: Action.ViewUserSettings, initialTabId: UserTab.Encryption, + props: { + initialEncryptionState: "set_recovery_key", + }, }; dis.dispatch(payload); - // close dialog - this.props.onFinished(true); - }; - - private onLogoutConfirm = (): void => { - dis.dispatch({ action: "logout" }); - - // close dialog - this.props.onFinished(true); + props.onFinished(false); }; - /** - * Show a dialog prompting the user to set up their recovery method. - * - * Either: - * * There is no backup at all ({@link BackupStatus.NO_BACKUP}) - * * There is a backup set up but recovery (4s) is not ({@link BackupStatus.BACKUP_NO_RECOVERY}) - * * There is a backup on the server but we are not connected to it ({@link BackupStatus.SERVER_BACKUP_BUT_DISABLED}) - * * We were unable to pull the backup data ({@link BackupStatus.ERROR}). - * - * In all four cases, we should prompt the user to set up a method of recovery. - */ - private renderSetupRecoveryMethod(): React.ReactNode { - const description = ( -
-

{_t("auth|logout_dialog|setup_secure_backup_description_1")}

-

{_t("auth|logout_dialog|setup_secure_backup_description_2")}

-

{_t("encryption|setup_secure_backup|explainer")}

-
- ); - - const dialogContent = ( -
-
- {description} -
- - - -
- {_t("common|advanced")} -

- -

-
-
- ); - // Not quite a standard question dialog as the primary button cancels - // the action and does something else instead, whilst non-default button - // confirms the action. + // Dialog contents to show a spinner while deciding whether to prompt the + // user to set up recovery + function loading(): JSX.Element { return ( - {dialogContent} + ); } - public render(): React.ReactNode { - switch (this.state.backupStatus) { - case BackupStatus.LOADING: - // while we're deciding if we have backups, show a spinner - return ( - + ); + } + + if (hasOtherVerifiedDevices === undefined) { + return loading(); + } else if (hasOtherVerifiedDevices) { + return confirmLogout(); + } + switch (backupStatus) { + case BackupStatus.LOADING: + return loading(); + + case BackupStatus.NO_CRYPTO: + case BackupStatus.BACKUP_ACTIVE: + return confirmLogout(); + + case BackupStatus.NO_BACKUP: + case BackupStatus.SERVER_BACKUP_BUT_DISABLED: + case BackupStatus.ERROR: + case BackupStatus.BACKUP_NO_RECOVERY: { + return ( + + - - - ); - - case BackupStatus.NO_CRYPTO: - case BackupStatus.BACKUP_ACTIVE: - return ( - - ); - - case BackupStatus.NO_BACKUP: - case BackupStatus.SERVER_BACKUP_BUT_DISABLED: - case BackupStatus.ERROR: - case BackupStatus.BACKUP_NO_RECOVERY: - return this.renderSetupRecoveryMethod(); + +

{_t("auth|logout_dialog|setup_secure_backup_description")}

+ + + + + + + + + ); } } } diff --git a/apps/web/src/hooks/useHasOtherVerifiedDevices.ts b/apps/web/src/hooks/useHasOtherVerifiedDevices.ts new file mode 100644 index 00000000000..58c7a9db824 --- /dev/null +++ b/apps/web/src/hooks/useHasOtherVerifiedDevices.ts @@ -0,0 +1,56 @@ +/* +Copyright 2026 Element Creations Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE files in the repository root for full details. +*/ + +import { type Device, type MatrixClient } from "matrix-js-sdk/src/matrix"; +import { type CryptoApi } from "matrix-js-sdk/src/crypto-api"; + +import { useAsyncMemo } from "./useAsyncMemo.ts"; +import { asyncSome } from "../utils/arrays"; + +/** + * Check whether the user has other verified devices, not counting dehydrated devices. + */ +export async function hasOtherVerifiedDevices( + ownUserId: string, + ownDeviceId: string, + crypto: CryptoApi | undefined, +): Promise { + if (!crypto) return null; + const userDevices: Iterable = (await crypto.getUserDeviceInfo([ownUserId])).get(ownUserId)?.values() ?? []; + + return asyncSome(userDevices, async (device) => { + // Ignore our own device. + if (device.deviceId === ownDeviceId) return false; + + // Ignore dehydrated devices. MSC3814 proposes that devices + // should set a `dehydrated` flag in the device key. + if (device.dehydrated) return false; + + // Ignore devices without an identity key. + if (!device.getIdentityKey()) return false; + + const verificationStatus = await crypto.getDeviceVerificationStatus(ownUserId, device.deviceId); + return !!verificationStatus?.signedByOwner; + }); +} + +/** + * Hook to check whether the user has other verified devices, not counting + * dehydrated devices. + */ +export function useHasOtherVerifiedDevices(client: MatrixClient): boolean | null | undefined { + return useAsyncMemo( + async () => { + const ownUserId = client.getUserId()!; + const ownDeviceId = client.getDeviceId()!; + const crypto = client.getCrypto(); + return await hasOtherVerifiedDevices(ownUserId, ownDeviceId, crypto); + }, + [], + undefined, + ); +} diff --git a/apps/web/src/hooks/useKeyBackupStatus.ts b/apps/web/src/hooks/useKeyBackupStatus.ts new file mode 100644 index 00000000000..be90c6cf78f --- /dev/null +++ b/apps/web/src/hooks/useKeyBackupStatus.ts @@ -0,0 +1,66 @@ +/* +Copyright 2026 Element Creations Ltd. + +SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial +Please see LICENSE files in the repository root for full details. +*/ + +import { type MatrixClient } from "matrix-js-sdk/src/matrix"; + +import { useAsyncMemo } from "./useAsyncMemo.ts"; + +/** + * The status of the user's key backup. + */ +export enum BackupStatus { + /** we're trying to figure out if there is an active backup */ + LOADING, + + /** crypto is disabled in this client (so no need to back up) */ + NO_CRYPTO, + + /** Key backup is active and working */ + BACKUP_ACTIVE, + + /** there is a backup on the server but we are not backing up to it */ + SERVER_BACKUP_BUT_DISABLED, + + /** Key backup is set up but recovery (4s) is not */ + BACKUP_NO_RECOVERY, + + /** backup is not set up locally and there is no backup on the server */ + NO_BACKUP, + + /** there was an error fetching the state */ + ERROR, +} + +/** + * Get the status of the user's key backup. + */ +export function useKeyBackupStatus(client: MatrixClient): BackupStatus { + return useAsyncMemo( + async () => { + const crypto = client.getCrypto(); + if (!crypto) return BackupStatus.NO_CRYPTO; + + try { + if ((await crypto.getActiveSessionBackupVersion()) !== null) { + if (await crypto.isSecretStorageReady()) { + return BackupStatus.BACKUP_ACTIVE; + } else { + return BackupStatus.BACKUP_NO_RECOVERY; + } + } + + // backup is not active. see if there is a backup version on the server we ought to back up to. + const backupInfo = await crypto.getKeyBackupInfo(); + return backupInfo ? BackupStatus.SERVER_BACKUP_BUT_DISABLED : BackupStatus.NO_BACKUP; + } catch { + return BackupStatus.ERROR; + } + }, + [], + BackupStatus.LOADING, + ); +} diff --git a/apps/web/src/i18n/strings/en_EN.json b/apps/web/src/i18n/strings/en_EN.json index 74a978f7004..ada3868af2a 100644 --- a/apps/web/src/i18n/strings/en_EN.json +++ b/apps/web/src/i18n/strings/en_EN.json @@ -219,11 +219,9 @@ "log_in_new_account": "Log in to your new account.", "logout_dialog": { "description": "Are you sure you want to remove this device?", - "megolm_export": "Manually export keys", - "setup_key_backup_title": "You'll lose access to your encrypted messages", - "setup_secure_backup_description_1": "Encrypted messages are secured with end-to-end encryption. Only you and the recipient(s) have the keys to read these messages.", - "setup_secure_backup_description_2": "When you remove this device you won't be able to read encrypted messages unless you have the keys for them on your other devices, or backed them up to the server.", - "skip_key_backup": "I don't want my encrypted messages" + "setup_key_backup_title": "You're about to lose access to your encrypted chats", + "setup_secure_backup_description": "This is your only device. If you remove it you'll need a recovery key in order to confirm your digital identity and restore your encrypted chats the next time you sign in.", + "skip_key_backup": "Remove this device anyway" }, "misconfigured_body": "Ask your %(brand)s admin to check your config for incorrect or duplicate entries.", "misconfigured_title": "Your %(brand)s is misconfigured", @@ -1006,9 +1004,6 @@ "set_up_recovery": "Back up your chats", "set_up_recovery_toast_description": "Your chats are automatically backed up with end-to-end encryption. To restore this backup and retain your digital identity when you lose access to all your devices, you will need your recovery key.", "set_up_toast_title": "Set up Secure Backup", - "setup_secure_backup": { - "explainer": "Back up your keys before removing this device to avoid losing them." - }, "turn_on_key_storage": "Turn on key storage", "turn_on_key_storage_description": "This will allow you to view your chat history on any new devices and is required for backup of chats and digital identity.", "udd": { diff --git a/apps/web/src/stores/SetupEncryptionStore.ts b/apps/web/src/stores/SetupEncryptionStore.ts index 9e324b64965..659a524edd1 100644 --- a/apps/web/src/stores/SetupEncryptionStore.ts +++ b/apps/web/src/stores/SetupEncryptionStore.ts @@ -15,12 +15,12 @@ import { CryptoEvent, } from "matrix-js-sdk/src/crypto-api"; import { logger } from "matrix-js-sdk/src/logger"; -import { type Device, type SecretStorage } from "matrix-js-sdk/src/matrix"; +import { type SecretStorage } from "matrix-js-sdk/src/matrix"; import { MatrixClientPeg } from "../MatrixClientPeg"; import { AccessCancelledError, accessSecretStorage } from "../SecurityManager"; -import { asyncSome } from "../utils/arrays"; import { initialiseDehydrationIfEnabled } from "../utils/device/dehydration"; +import { hasOtherVerifiedDevices } from "../hooks/useHasOtherVerifiedDevices"; export enum Phase { Loading = 0, @@ -102,21 +102,10 @@ export class SetupEncryptionStore extends EventEmitter { } const ownUserId = cli.getUserId()!; + const ownDeviceId = cli.getDeviceId()!; const crypto = cli.getCrypto()!; // do we have any other verified devices which are E2EE which we can verify against? - const userDevices: Iterable = - (await crypto.getUserDeviceInfo([ownUserId])).get(ownUserId)?.values() ?? []; - this.hasDevicesToVerifyAgainst = await asyncSome(userDevices, async (device) => { - // Ignore dehydrated devices. MSC3814 proposes that devices - // should set a `dehydrated` flag in the device key. - if (device.dehydrated) return false; - - // ignore devices without an identity key - if (!device.getIdentityKey()) return false; - - const verificationStatus = await crypto.getDeviceVerificationStatus(ownUserId, device.deviceId); - return !!verificationStatus?.signedByOwner; - }); + this.hasDevicesToVerifyAgainst = (await hasOtherVerifiedDevices(ownUserId, ownDeviceId, crypto)) === true; this.phase = Phase.Intro; this.emit("update"); diff --git a/apps/web/test/test-utils/client.ts b/apps/web/test/test-utils/client.ts index 7ab88da0b72..b54951ce42e 100644 --- a/apps/web/test/test-utils/client.ts +++ b/apps/web/test/test-utils/client.ts @@ -160,6 +160,7 @@ export const mockClientMethodsCrypto = (): Partial< }, getCrypto: jest.fn().mockReturnValue({ getUserDeviceInfo: jest.fn(), + getDeviceVerificationStatus: jest.fn().mockResolvedValue(null), getCrossSigningStatus: jest.fn().mockResolvedValue({ publicKeysOnDevice: true, privateKeysInSecretStorage: false, diff --git a/apps/web/test/unit-tests/components/structures/MatrixChat-test.tsx b/apps/web/test/unit-tests/components/structures/MatrixChat-test.tsx index bf53fe8910e..9d4084d2209 100644 --- a/apps/web/test/unit-tests/components/structures/MatrixChat-test.tsx +++ b/apps/web/test/unit-tests/components/structures/MatrixChat-test.tsx @@ -1192,13 +1192,18 @@ describe("", () => { getVersion: jest.fn().mockReturnValue("Version 0"), getVerificationRequestsToDeviceInProgress: jest.fn().mockReturnValue([]), getUserDeviceInfo: jest.fn().mockReturnValue({ - get: jest - .fn() - .mockReturnValue( - new Map([ - ["devid", { dehydrated: false, getIdentityKey: jest.fn().mockReturnValue("k") }], - ]), - ), + get: jest.fn().mockReturnValue( + new Map([ + [ + "devid", + { + deviceId: "devid", + dehydrated: false, + getIdentityKey: jest.fn().mockReturnValue("k"), + }, + ], + ]), + ), }), getUserVerificationStatus: jest .fn() diff --git a/apps/web/test/unit-tests/components/views/dialogs/LogoutDialog-test.tsx b/apps/web/test/unit-tests/components/views/dialogs/LogoutDialog-test.tsx index e1bc70f9d51..40082be4ec7 100644 --- a/apps/web/test/unit-tests/components/views/dialogs/LogoutDialog-test.tsx +++ b/apps/web/test/unit-tests/components/views/dialogs/LogoutDialog-test.tsx @@ -8,11 +8,17 @@ Please see LICENSE files in the repository root for full details. import React from "react"; import { mocked, type MockedObject } from "jest-mock"; -import { type MatrixClient } from "matrix-js-sdk/src/matrix"; -import { type CryptoApi, type KeyBackupInfo } from "matrix-js-sdk/src/crypto-api"; +import { Device, DeviceVerification, type MatrixClient } from "matrix-js-sdk/src/matrix"; +import { type CryptoApi, DeviceVerificationStatus, type KeyBackupInfo } from "matrix-js-sdk/src/crypto-api"; import { fireEvent, render, type RenderResult, screen, waitFor } from "jest-matrix-react"; -import { filterConsole, getMockClientWithEventEmitter, mockClientMethodsCrypto } from "../../../../test-utils"; +import { + filterConsole, + getMockClientWithEventEmitter, + mockClientMethodsCrypto, + mockClientMethodsDevice, + mockClientMethodsUser, +} from "../../../../test-utils"; import LogoutDialog from "../../../../../src/components/views/dialogs/LogoutDialog"; import dispatch from "../../../../../src/dispatcher/dispatcher"; import { Action } from "../../../../../src/dispatcher/actions"; @@ -25,10 +31,13 @@ describe("LogoutDialog", () => { beforeEach(() => { mockClient = getMockClientWithEventEmitter({ ...mockClientMethodsCrypto(), + ...mockClientMethodsUser(), + ...mockClientMethodsDevice(), }); mockCrypto = mocked(mockClient.getCrypto()!); Object.assign(mockCrypto, { + getUserDeviceInfo: jest.fn().mockResolvedValue(new Map()), getActiveSessionBackupVersion: jest.fn().mockResolvedValue(null), }); }); @@ -52,37 +61,131 @@ describe("LogoutDialog", () => { await rendered.findByText("Are you sure you want to remove this device?"); }); + it("shows a regular dialog if the user has another verified device", async () => { + const userId = mockClient.getUserId()!; + mockCrypto.getUserDeviceInfo.mockResolvedValue( + new Map([ + [ + userId, + new Map([ + [ + "otherDevice", + new Device({ + deviceId: "otherDevice", + userId: userId, + algorithms: [], + keys: new Map([["curve25519:otherDevice", "akey"]]), + verified: DeviceVerification.Verified, + dehydrated: false, + }), + ], + ]), + ], + ]), + ); + mockCrypto.getDeviceVerificationStatus.mockResolvedValue(new DeviceVerificationStatus({ signedByOwner: true })); + + const rendered = renderComponent(); + await rendered.findByText("Are you sure you want to remove this device?"); + }); + it("prompts user to set up recovery if backups are enabled but recovery isn't", async () => { mockCrypto.getActiveSessionBackupVersion.mockResolvedValue("1"); mockCrypto.isSecretStorageReady.mockResolvedValue(false); const rendered = renderComponent(); - await rendered.findByText("You'll lose access to your encrypted messages"); + await rendered.findByText("You're about to lose access to your encrypted chats"); }); - it("Prompts user to go to settings if there is a backup on the server", async () => { + it("Prompts user to set up recovery if there is a backup on the server but no secret storage", async () => { mockCrypto.getKeyBackupInfo.mockResolvedValue({} as KeyBackupInfo); const rendered = renderComponent(); - await rendered.findByText("Go to Settings"); + await rendered.findByText("Get recovery key"); expect(rendered.container).toMatchSnapshot(); jest.spyOn(dispatch, "dispatch"); - fireEvent.click(await screen.findByRole("button", { name: "Go to Settings" })); + fireEvent.click(await screen.findByRole("button", { name: "Get recovery key" })); await waitFor(() => expect(dispatch.dispatch).toHaveBeenCalledWith({ action: Action.ViewUserSettings, initialTabId: UserTab.Encryption, + props: { + initialEncryptionState: "set_recovery_key", + }, }), ); }); - it("Prompts user to go to settings if there is no backup on the server", async () => { + it("Prompts user to set up recovery if there is no backup on the server", async () => { mockCrypto.getKeyBackupInfo.mockResolvedValue(null); const rendered = renderComponent(); - await rendered.findByText("Go to Settings"); + await rendered.findByText("Get recovery key"); expect(rendered.container).toMatchSnapshot(); + }); - fireEvent.click(await screen.findByRole("button", { name: "Manually export keys" })); - await expect(screen.findByRole("heading", { name: "Export room keys" })).resolves.toBeInTheDocument(); + it("Prompts user to set up recovery if there is no backup on the server, and the user has other unverified/dehydrated devices", async () => { + const userId = mockClient.getUserId()!; + const testDeviceId = mockClient.getDeviceId()!; + mockCrypto.getUserDeviceInfo.mockResolvedValue( + new Map([ + [ + userId, + new Map([ + // the current device + [ + testDeviceId, + new Device({ + deviceId: testDeviceId, + userId: userId, + algorithms: [], + keys: new Map([["curve25519:test-device-id", "akey"]]), + verified: DeviceVerification.Verified, + dehydrated: false, + }), + ], + // a dehydrated device + [ + "dehydratedDevice", + new Device({ + deviceId: "otherDevice", + userId: userId, + algorithms: [], + keys: new Map([["curve25519:dehydratedDevice", "akey"]]), + verified: DeviceVerification.Verified, + dehydrated: true, + }), + ], + // an unverified device + [ + "otherDevice", + new Device({ + deviceId: "otherDevice", + userId: userId, + algorithms: [], + keys: new Map([["curve25519:otherDevice", "akey"]]), + verified: DeviceVerification.Unverified, + dehydrated: false, + }), + ], + ]), + ], + ]), + ); + mockCrypto.getDeviceVerificationStatus.mockImplementation(async (_userId: string, deviceId: string) => { + switch (deviceId) { + case testDeviceId: + case "dehydratedDevice": + return new DeviceVerificationStatus({ signedByOwner: true }); + case "otherDevice": + return new DeviceVerificationStatus({ signedByOwner: false }); + default: + throw new Error("Unknown device ID"); + } + }); + + mockCrypto.getKeyBackupInfo.mockResolvedValue(null); + const rendered = renderComponent(); + await rendered.findByText("Get recovery key"); + expect(rendered.container).toMatchSnapshot(); }); describe("when there is an error fetching backups", () => { @@ -92,7 +195,7 @@ describe("LogoutDialog", () => { throw new Error("beep"); }); const rendered = renderComponent(); - await rendered.findByText("Go to Settings"); + await rendered.findByText("Get recovery key"); }); }); }); diff --git a/apps/web/test/unit-tests/components/views/dialogs/__snapshots__/LogoutDialog-test.tsx.snap b/apps/web/test/unit-tests/components/views/dialogs/__snapshots__/LogoutDialog-test.tsx.snap index 1951293f563..8d5fda1084d 100644 --- a/apps/web/test/unit-tests/components/views/dialogs/__snapshots__/LogoutDialog-test.tsx.snap +++ b/apps/web/test/unit-tests/components/views/dialogs/__snapshots__/LogoutDialog-test.tsx.snap @@ -1,6 +1,6 @@ // Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing -exports[`LogoutDialog Prompts user to go to settings if there is a backup on the server 1`] = ` +exports[`LogoutDialog Prompts user to set up recovery if there is a backup on the server but no secret storage 1`] = `
`; -exports[`LogoutDialog Prompts user to go to settings if there is no backup on the server 1`] = ` +exports[`LogoutDialog Prompts user to set up recovery if there is no backup on the server 1`] = `