diff --git a/lib/reducers/services-access-token-reducer.js b/lib/reducers/services-access-token-reducer.js --- a/lib/reducers/services-access-token-reducer.js +++ b/lib/reducers/services-access-token-reducer.js @@ -3,6 +3,8 @@ import { logOutActionTypes, setAccessTokenActionType, + identityLogInActionTypes, + identityRegisterActionTypes, } from '../actions/user-actions.js'; import { setNewSessionActionType } from '../keyserver-conn/keyserver-conn-types.js'; import type { BaseAction } from '../types/redux-types.js'; @@ -24,6 +26,11 @@ return null; } else if (action.type === logOutActionTypes.started) { return null; + } else if ( + action.type === identityLogInActionTypes.success || + action.type === identityRegisterActionTypes.success + ) { + return action.payload.accessToken; } return state; } diff --git a/lib/selectors/keyserver-selectors.js b/lib/selectors/keyserver-selectors.js --- a/lib/selectors/keyserver-selectors.js +++ b/lib/selectors/keyserver-selectors.js @@ -126,14 +126,15 @@ for (const key in keyserverInfos) { const keyserverInfo = keyserverInfos[key]; - const keyserverAdminUsername = userInfos[key]?.username; + const keyserverAdminUsername = + userInfos[key]?.username ?? `keyserver${key}`; if (!keyserverAdminUsername) { continue; } const keyserverAdminUserInfo = { - id: userInfos[key].id, + id: key, username: keyserverAdminUsername, }; diff --git a/lib/shared/keyserver-utils.js b/lib/shared/keyserver-utils.js --- a/lib/shared/keyserver-utils.js +++ b/lib/shared/keyserver-utils.js @@ -7,10 +7,13 @@ getVersionActionTypes, } from '../actions/device-actions.js'; import { urlsToIDsSelector } from '../selectors/keyserver-selectors.js'; +import type { VersionResponse } from '../types/device-types.js'; import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; import { useSelector } from '../utils/redux-utils.js'; -function useIsKeyserverURLValid(keyserverURL?: string): () => Promise { +function useIsKeyserverURLValid( + keyserverURL?: string, +): () => Promise { const urlsToIDs: { +[keyserverID: string]: ?string } = useSelector(urlsToIDsSelector); @@ -50,7 +53,7 @@ return React.useCallback(async () => { if (!keyserverURL) { - return false; + return null; } const getVersionPromise = getVersionCall(); @@ -58,10 +61,10 @@ // We don't care about the result; just need to make sure this doesn't throw try { - await getVersionPromise; - return true; + const { versionResponses } = await getVersionPromise; + return versionResponses[Object.keys(versionResponses)[0]]; } catch (e) { - return false; + return null; } }, [dispatchActionPromise, getVersionCall, keyserverURL]); } diff --git a/lib/utils/services-utils.js b/lib/utils/services-utils.js --- a/lib/utils/services-utils.js +++ b/lib/utils/services-utils.js @@ -7,7 +7,7 @@ // If this is true then we're using the identity service for auth. After we // auth, the identity service gives us a CSAT, which we can use to auth with // other Comm services. -const usingCommServicesAccessToken = false; +const usingCommServicesAccessToken = true; // If this is true, then the app is able to support multiple keyservers. This // requires the use of Tunnelbroker and the backup service to persist and sync diff --git a/native/account/log-in-panel.react.js b/native/account/log-in-panel.react.js --- a/native/account/log-in-panel.react.js +++ b/native/account/log-in-panel.react.js @@ -45,6 +45,7 @@ import PasswordInput from './password-input.react.js'; import { authoritativeKeyserverID } from '../authoritative-keyserver.js'; import SWMansionIcon from '../components/swmansion-icon.react.js'; +import { commCoreModule } from '../native-modules.js'; import { useSelector } from '../redux/redux-utils.js'; import { nativeLogInExtraInfoSelector } from '../selectors/account-selectors.js'; import type { KeyPressEvent } from '../types/react-native.js'; @@ -54,6 +55,7 @@ UserNotFoundAlertDetails, } from '../utils/alert-messages.js'; import Alert from '../utils/alert.js'; +import { getContentSigningKey } from '../utils/crypto-utils.js'; import type { StateContainer } from '../utils/state-container.js'; export type LogInState = { @@ -322,6 +324,13 @@ username: this.usernameInputText, password: this.passwordInputText, }); + + const ed25519 = await getContentSigningKey(); + await commCoreModule.setCommServicesAuthMetadata( + result.userID, + ed25519, + result.accessToken, + ); return result; } catch (e) { if (e.message === 'user not found') { diff --git a/native/account/registration/registration-server-call.js b/native/account/registration/registration-server-call.js --- a/native/account/registration/registration-server-call.js +++ b/native/account/registration/registration-server-call.js @@ -25,6 +25,7 @@ useNativeSetUserAvatar, useUploadSelectedMedia, } from '../../avatars/avatar-hooks.js'; +import { commCoreModule } from '../../native-modules.js'; import { useSelector } from '../../redux/redux-utils.js'; import { nativeLogInExtraInfoSelector } from '../../selectors/account-selectors.js'; import { @@ -34,6 +35,7 @@ UnknownErrorAlertDetails, } from '../../utils/alert-messages.js'; import Alert from '../../utils/alert.js'; +import { getContentSigningKey } from '../../utils/crypto-utils.js'; import { setNativeCredentials } from '../native-credentials.js'; import { useLegacySIWEServerCall, @@ -85,6 +87,14 @@ username: accountSelection.username, password: accountSelection.password, }); + + const ed25519 = await getContentSigningKey(); + await commCoreModule.setCommServicesAuthMetadata( + result.userID, + ed25519, + result.accessToken, + ); + return result; } catch (e) { if (e.message === 'username reserved') { diff --git a/native/profile/add-keyserver.react.js b/native/profile/add-keyserver.react.js --- a/native/profile/add-keyserver.react.js +++ b/native/profile/add-keyserver.react.js @@ -49,8 +49,8 @@ return; } - const isKeyserverURLValid = await isKeyserverURLValidCallback(); - if (!isKeyserverURLValid) { + const keyserverVersionData = await isKeyserverURLValidCallback(); + if (!keyserverVersionData) { setShowErrorMessage(true); return; } @@ -60,7 +60,7 @@ dispatch({ type: addKeyserverActionType, payload: { - keyserverAdminUserID: currentUserID, + keyserverAdminUserID: keyserverVersionData.ownerID, newKeyserverInfo, }, }); diff --git a/web/account/account-hooks.js b/web/account/account-hooks.js --- a/web/account/account-hooks.js +++ b/web/account/account-hooks.js @@ -6,10 +6,7 @@ import * as React from 'react'; import uuid from 'uuid'; -import { - initialEncryptedMessageContent, - getPrekeyValueFromBlob, -} from 'lib/shared/crypto-utils.js'; +import { initialEncryptedMessageContent } from 'lib/shared/crypto-utils.js'; import { OlmSessionCreatorContext } from 'lib/shared/olm-session-creator-context.js'; import type { SignedIdentityKeysBlob, @@ -258,16 +255,12 @@ const { picklingKey, pickledAccount } = notificationAccount; account.unpickle(picklingKey, pickledAccount); - const notificationsPrekey = getPrekeyValueFromBlob( - notificationsInitializationInfo.prekey, - ); - const session = new olm.Session(); session.create_outbound( account, notificationsIdentityKeys.curve25519, notificationsIdentityKeys.ed25519, - notificationsPrekey, + notificationsInitializationInfo.prekey, notificationsInitializationInfo.prekeySignature, notificationsInitializationInfo.oneTimeKey, ); @@ -334,16 +327,12 @@ const { picklingKey, pickledAccount } = primaryAccount; account.unpickle(picklingKey, pickledAccount); - const contentPrekey = getPrekeyValueFromBlob( - contentInitializationInfo.prekey, - ); - const session = new olm.Session(); session.create_outbound( account, contentIdentityKeys.curve25519, contentIdentityKeys.ed25519, - contentPrekey, + contentInitializationInfo.prekey, contentInitializationInfo.prekeySignature, contentInitializationInfo.oneTimeKey, ); diff --git a/web/modals/keyserver-selection/add-keyserver-modal.react.js b/web/modals/keyserver-selection/add-keyserver-modal.react.js --- a/web/modals/keyserver-selection/add-keyserver-modal.react.js +++ b/web/modals/keyserver-selection/add-keyserver-modal.react.js @@ -46,8 +46,8 @@ return; } - const isKeyserverURLValid = await isKeyserverURLValidCallback(); - if (!isKeyserverURLValid) { + const keyserverVersionData = await isKeyserverURLValidCallback(); + if (!keyserverVersionData) { setShowErrorMessage(true); return; } @@ -57,7 +57,7 @@ dispatch({ type: addKeyserverActionType, payload: { - keyserverAdminUserID: currentUserID, + keyserverAdminUserID: keyserverVersionData.ownerID, newKeyserverInfo, }, }); diff --git a/web/redux/action-types.js b/web/redux/action-types.js --- a/web/redux/action-types.js +++ b/web/redux/action-types.js @@ -45,18 +45,6 @@ const threadKeyserverID = thread ? extractKeyserverIDFromID(thread) : null; for (const keyserverID of allKeyserverIDs) { - // As of Nov 2023, the only validation we have for adding a new keyserver - // is we check if the keyserver URL is valid. This is not a very - // extensive check, and gives the user the feeling of a false sucesses - // when they add new keyservers to the keyserver store. ENG-5371 tracks - // the task for initialzing a proper connection with the newly added - // keyserver, and at that point we can make the validation checks - // for adding a new keyserver more extensive. However, for the time being - // we need to add this check below so that we aren't trying to make calls - // to nonexistant keyservers that are in our keyserver store. - if (keyserverID !== authoritativeKeyserverID) { - continue; - } const clientUpdatesCurrentAsOf = allUpdatesCurrentAsOf[keyserverID]; const keyserverExcludedData: ExcludedData = { threadStore: !!excludedData.threadStore && !!clientUpdatesCurrentAsOf,