Page MenuHomePhabricator

Turn migration 38 into a no-op
ClosedPublic

Authored by marcin on Apr 8 2024, 5:14 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 8, 10:35 PM
Unknown Object (File)
Fri, Nov 8, 1:39 PM
Unknown Object (File)
Fri, Nov 8, 7:14 AM
Unknown Object (File)
Fri, Nov 8, 7:14 AM
Unknown Object (File)
Fri, Nov 8, 7:14 AM
Unknown Object (File)
Fri, Nov 8, 7:14 AM
Unknown Object (File)
Fri, Nov 8, 6:19 AM
Unknown Object (File)
Fri, Nov 8, 5:26 AM
Subscribers

Details

Summary

This differential addresses concerns outlined in the following Linear issue:
https://linear.app/comm/issue/ENG-7638/investigate-android-crash-on-sqlite-migration-38

Test Plan
  1. Revert "Introduce fallback mechanism for notifications decryption if MMKV initialization hasn't been executed yet." and "Implement notifications sessions storage

on top of MMKV. Migrate existing notifs account to SQLite" diffs.

  1. Build Android and iOS app and log in. this leaves the app in legacy state with notifications session in a single flat file.
  2. Reset reverts. Add logging to NotificationsCryptoModule informing that legacy notifications session storage was used to decrypt a notif.
  3. Build the app again. Send two notifs.
  4. Ensure that the first notif results in a log but the second doesn't (session was succesfully migrated to new place).

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

marcin requested review of this revision.Apr 8 2024, 5:30 AM
native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
299–305 ↗(On Diff #38888)

Can you explain these changes?

native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
299–305 ↗(On Diff #38888)

This line migrates existing notifications session from flat file to MMKV.
1 this->cryptoModule is a deserialzed content of the flat file.

  1. notifs session is taken from from `this->cryptoModule.
  2. It is finally persisted to MMKV under the key 256.

This is basically what migration 38 would do but without moving notifs account to SQLite.

One thing I notices - this line has to be wrapped with try catch since before user opens the app after upgrading this line won't work and the user will keep using old session storage until they open the app.

Add a try catch to grafecully handle the case if the user doesn't open the app after upgrading it.

native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
299–305 ↗(On Diff #38888)

Thanks for explaining!

native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp
558–560 ↗(On Diff #38901)

Is legacyCryptoAccountDataKey used currently? Should we delete it from the secure store?

tomek added inline comments.
native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp
975 ↗(On Diff #38901)

Maybe we should set empty migration here to avoid confusion? Now it looks like we are migrating the accounts.

Also, we probably don't need to have a transaction for this migration.

This revision is now accepted and ready to land.Apr 9 2024, 2:53 AM
native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp
558–560 ↗(On Diff #38901)

Is legacyCryptoAccountDataKey used currently?

It is currently used. CommCoreModule already uses this key (the value "cryptoAccountDataKey") to store pickling for content account. See: https://github.com/CommE2E/comm/blob/master/native/cpp/CommonCpp/NativeModules/CommCoreModule.cpp#L443 and https://github.com/CommE2E/comm/blob/master/native/cpp/CommonCpp/NativeModules/CommCoreModule.h#L31
I initially wanted that this migration would use the same pickling key for notifs account.

Should we delete it from the secure store?

Theoretically yes - there is no reason to keep it in secure store. We should keep it in the SQLite as a column in olm_persist_account as we do on the keyserver. This requires migration and separate diff however so not in the scope of this diff. The fact that we keep pickling key for content account is a relict from the period when the SQLite wasn't encrypted and we probably wanted to create some "form" of security.

Remove unnecessary migration function and replace it with dummy lambda that is not run inside transaction.

This revision was automatically updated to reflect the committed changes.