Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invisible Crypto: Web: display a warning when an *unverified* user changes identity #2513

Open
richvdh opened this issue Aug 28, 2024 · 2 comments
Open

Invisible Crypto: Web: display a warning when an *unverified* user changes identity #2513

richvdh opened this issue Aug 28, 2024 · 2 comments

Comments

@richvdh
Copy link
Member

richvdh commented Aug 28, 2024
edited by andybalaam
Loading

Followup to #2492. Part of #2491, itself part of Invisible crypto.

When an unverified user changes their identity, we need to make our user aware of this. In the long term, the intention is just to show a notice in the timeline (#2493); however, that is difficult to implement and we need a stop-gap.

This task is for Element Web.

The proposal is to show a warning above the composer, in much the same way as we would for verified users (#2491), but without locking the composer.

Figma designs:
This was referenced Aug 28, 2024
Open
Open
@BillCarsonFr BillCarsonFr mentioned this issue Sep 3, 2024
Merged
1 task
@andybalaam andybalaam mentioned this issue Sep 9, 2024
Open
@andybalaam andybalaam changed the title Invisible Crypto: display a warning when an *unverified* user changes identity Invisible Crypto: Web: display a warning when an *unverified* user changes identity Sep 10, 2024
@richvdh
Copy link
Member Author

richvdh commented Sep 10, 2024
edited
Loading

Implementation notes:

  • in matrix-sdk-crypto, we need to extend UserIdentities to expose identity_needs_user_approval not sure this is needed
  • in matrix-sdk-crypto-wasm, extend UserIdentity and OwnUserIdentity to expose identity_needs_user_approval
  • in matrix-js-sdk, extend RustCrypto.getUserVerificationStatus and UserVerificationStatus to include identityNeedsUserApproval
  • in matrix-react-sdk, create a component which will:
    • on start, call Room.getEncryptionTargetMembers to get a list of users of interest, and then call getUserVerificationStatus on each, to build a list of users with pin violations
    • register callback for room membership updates; when we get one, check if the user is on the target encryption list, and check for pin violations (or remove from list if they have left)
    • register callback for trust updates; when we get one:
      • if the user is not in our list and there is a pin violation, check if they are on the target encryption list, and update the list if so
      • if the user is on our list and there is not a pin violation, remove them immediately

@andybalaam andybalaam assigned andybalaam and unassigned andybalaam Sep 16, 2024
@richvdh richvdh assigned richvdh and unassigned richvdh Sep 18, 2024
@andybalaam
Copy link

andybalaam commented Sep 20, 2024
edited
Loading

It would be great if we can re-use the logic I am writing here matrix-org/matrix-rust-sdk@main...andybalaam/room-identity-stream .

The core logic is inside the crypto crate, so there is some chance we can re-use it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andybalaam @richvdh