Skip to content

Commit

Permalink
feat(crypto): pin identity when we withdraw verification
Browse files Browse the repository at this point in the history
  • Loading branch information
uhoreg committed Nov 15, 2024
1 parent bd5f5f3 commit e6b5489
Showing 1 changed file with 42 additions and 0 deletions.
42 changes: 42 additions & 0 deletions crates/matrix-sdk-crypto/src/identities/user.rs
Original file line number Diff line number Diff line change
Expand Up @@ -803,6 +803,9 @@ impl OtherUserIdentityData {
/// reported to the user. In order to remove this notice users have to
/// verify again or to withdraw the verification requirement.
pub fn withdraw_verification(&self) {
// We also pin when we withdraw, since withdrawing implicitly acknowledges
// the identity change
self.pin();
self.previously_verified.store(false, Ordering::SeqCst)
}

Expand Down Expand Up @@ -1770,6 +1773,45 @@ pub(crate) mod tests {
assert!(other_identity.inner.has_pin_violation());
}

#[async_test]
async fn test_resolve_identity_pin_violation_with_withdraw_verification() {
use test_json::keys_query_sets::IdentityChangeDataSet as DataSet;

let my_user_id = user_id!("@me:localhost");
let machine = OlmMachine::new(my_user_id, device_id!("ABCDEFGH")).await;
machine.bootstrap_cross_signing(false).await.unwrap();

let keys_query = DataSet::key_query_with_identity_a();
let txn_id = TransactionId::new();
machine.mark_request_as_sent(&txn_id, &keys_query).await.unwrap();

// Simulate an identity change
let keys_query = DataSet::key_query_with_identity_b();
let txn_id = TransactionId::new();
machine.mark_request_as_sent(&txn_id, &keys_query).await.unwrap();

let other_user_id = DataSet::user_id();

let other_identity =
machine.get_identity(other_user_id, None).await.unwrap().unwrap().other().unwrap();

// For testing purpose mark it as previously verified
other_identity.mark_as_previously_verified().await.unwrap();

// The identity should need user approval now
assert!(other_identity.identity_needs_user_approval());

// We withdraw verification
other_identity.withdraw_verification().await.unwrap();

// The identity should not need any user approval now
let other_identity =
machine.get_identity(other_user_id, None).await.unwrap().unwrap().other().unwrap();
assert!(!other_identity.identity_needs_user_approval());
// And should not have a pin violation
assert!(!other_identity.inner.has_pin_violation());
}

#[async_test]
async fn test_resolve_identity_verification_violation_with_withdraw() {
use test_json::keys_query_sets::VerificationViolationTestData as DataSet;
Expand Down

0 comments on commit e6b5489

Please sign in to comment.