Page MenuHomePhabricator

[keyserver][lib][web] set up anonymous connection with tunnelbroker on keyserver and handle DEVICE_LIST_UPDATE_SUCCESS
ClosedPublic

Authored by varun on May 21 2024, 7:24 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 16, 10:03 AM
Unknown Object (File)
Sun, Nov 10, 1:38 AM
Unknown Object (File)
Fri, Nov 8, 11:19 AM
Unknown Object (File)
Oct 15 2024, 4:16 PM
Unknown Object (File)
Oct 15 2024, 4:16 PM
Unknown Object (File)
Oct 15 2024, 4:16 PM
Unknown Object (File)
Oct 15 2024, 4:15 PM
Unknown Object (File)
Oct 15 2024, 1:26 AM
Subscribers

Details

Summary

the keyserver needs to be able to establish an anonymous connection with tunnelbroker in order to receive the message indicating that it has been added to the user's device list.
once it has been added, it needs to auth with the identity service (next diff).

this diff just establishes the anonymous connection and parses the DEVICE_LIST_UPDATE_SUCCESS message from tunnelbroker.

Test Plan
const { primaryDeviceID: receivedPrimaryDeviceID, userID } =
  qrCodeAuthMessage;
console.log(receivedPrimaryDeviceID, userID);

added the above lines to tunnelbroker-socket.js and confirmed that the user ID and primaryDeviceID were received

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

keyserver/src/keyserver.js
123 ↗(On Diff #40470)

eventually, the QR code auth workflow will replace the password login logic in this else-case. we will still want to check if the user already has a valid token in the metadata table, first, though. i'll factor that check out of verifyUserLoggedIn and add it to the above condition (i.e. if (userDoesntHaveToken && shouldDisplayQRCodeInTerminal))

varun requested review of this revision.May 21 2024, 7:51 AM
keyserver/src/socket/tunnelbroker-socket.js
53 ↗(On Diff #40470)

Generally this AES encryption key is QR-auth-specific. So this is not the best place for this
Other TB message types are going to be encrypted via Olm, cc @kamil

lib/utils/conversion-utils.js
158 ↗(On Diff #40470)

This initially wasn't in lib/ because on native TextEncoder isn't supported.

It can stay here, but we should add a comment that on native we should use functions from native/backup/conversion-utils.js instead

lib/utils/conversion-utils.js
158 ↗(On Diff #40470)

ah got it. will add a comment

keyserver/src/socket/tunnelbroker.js
54 ↗(On Diff #40470)

How will we close this connection later, once the login has completed?

General logic looks okay.
I initially had mixed feelings about code structure of TunnelbrokerSocket but I have no better ideas. This is something we can always refactor later.

keyserver/src/socket/tunnelbroker-socket.js
53 ↗(On Diff #40470)

If it's going to stay here, we can give it more specific name

keyserver/src/socket/tunnelbroker.js
54 ↗(On Diff #40470)

I think there'll be a close() function returned from this function at a later stage

This revision is now accepted and ready to land.May 22 2024, 7:43 AM
keyserver/src/socket/tunnelbroker.js
54 ↗(On Diff #40470)

yeah later in the stack i close the connection after getting an access token from identity so that it can be reopened as an authenticated connection