Page MenuHomePhabricator
Differential D12605

[lib] Broadcast device list update during primary logout
ClosedPublic
Actions

Authored by bartek on Jun 28 2024, 2:18 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 4:12 AM
Unknown Object (File)
Mon, Nov 18, 8:47 AM
Unknown Object (File)
Thu, Nov 14, 4:43 AM
Unknown Object (File)
Tue, Nov 12, 6:14 AM
Unknown Object (File)
Tue, Nov 12, 5:07 AM
Unknown Object (File)
Tue, Nov 12, 3:19 AM
Unknown Object (File)
Mon, Nov 11, 8:43 PM
Unknown Object (File)
Fri, Nov 8, 3:26 AM
View All 67 Files
Subscribers
ashoat
tomek

Details

Reviewers
kamil
Commits
rCOMM4e321a00594d: [lib] Broadcast device list update during primary logout
Summary

Calling LogOutPrimaryDevice RPC performs device list update on Identity. After this is done (but before local Redux and DB is cleared) we need to broadcast new device list to peers.

Depends on D12604

Test Plan

Tested it on natvie and web - the update is broadcasted despite being already logged out

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek created this revision.Jun 28 2024, 2:18 AM
bartek held this revision as a draft.
Herald added subscribers: tomek, ashoat. · View Herald TranscriptJun 28 2024, 2:18 AM
Harbormaster completed remote builds in B29982: Diff 41781.Jun 28 2024, 2:34 AM
ashoat added a comment.Jul 1 2024, 5:40 PM

Did you forget to submit this one?

lib/actions/user-actions.js
265–266 ↗(On Diff #41781)

This seems like a risky assumption. How do you know it's safe?

bartek added a child revision: D12636: [lib] Add Primary Device Logout P2P message type.Jul 2 2024, 5:02 AM
bartek published this revision for review.Jul 2 2024, 5:57 AM
bartek edited the test plan for this revision. (Show Details)
bartek added inline comments.Jul 2 2024, 11:45 PM
lib/actions/user-actions.js
265–266 ↗(On Diff #41781)

Yes, this is risky. It works because we call await logOut() directly: At this point, we called Identity and Authoritative Keyserver logout endpoints, but locally are still logged in, including having active Tunnelbroker connection.
The whole primaryDeviceLogOut() (this hook) is then called in dispatchActionPromise which clears the CSAT and triggers Tunnelbroker context to reset the connection.

Discussed this with @kamil and we think there's no good way of doing this. The worst-case scenario is that peers won't receive the update and will keep having (now logged-out) secondary devices on their peer lists.
The other alternative is broadcasting the update before calling the RPC. However, peers treat Identity Service as a source of truth _(we agreed to do so)_, so if they process the "device list updated" messages too early, Identity will still have the old device list. It is updated on Identity during the RPC call.

If we wouldn't treat Identity as a source of truth, we could attach the new device list to the update message. But in current state, peers will ignore it anyway and still ask Identity.
If we're really concerned about this, one way is to add a lastDeviceListTimestamp field to the broadcasted "device list updated" P2P message, so peers, when asking Identity, could compare the timestamps and possibly wait-and-retry (with some timeout) fetching it until timestamps match.

kamil accepted this revision.Jul 3 2024, 3:33 AM
kamil added inline comments.
lib/actions/user-actions.js
265–266 ↗(On Diff #41781)

Agree with that.

Additionally, another solution is that we can have some mechanism that remembers the last communication with any user device and after some time interval asks the Identity for device list, to heal from the worst-case scenario finally.

This revision is now accepted and ready to land.Jul 3 2024, 3:33 AM
ashoat added inline comments.Jul 3 2024, 7:05 AM
lib/actions/user-actions.js
265–266 ↗(On Diff #41781)

To be clear, is there really any risk here? It sounds like the Redux action won't be dispatched until await broadcastDeviceListUpdates concludes, which means that the Tunnelbroker connection won't be closed until after? Or is there a concern that Tunnelbroker will close the connection once the CSAT is invalidated by identity (during await logOut)?

bartek added inline comments.Jul 3 2024, 8:09 AM
lib/actions/user-actions.js
265–266 ↗(On Diff #41781)

It sounds like the Redux action won't be dispatched until await broadcastDeviceListUpdates concludes, which means that the Tunnelbroker connection won't be closed until after?

Yes, exactly!

Or is there a concern that Tunnelbroker will close the connection once the CSAT is invalidated by identity (during await logOut)?

No, this is not the case here. The only case when Tunnelbroker will drop the connection is Primary device Backup Restore (TB drops connection with the old primary device to let the new primary device connect).

To be clear, is there really any risk here?

Looks like no risks are coming from our business logic. The only risk appears to be if the Tunnelbroker connection is closed due to network issues. But this one is already described in ENG-8380.

Closed by commit rCOMM4e321a00594d: [lib] Broadcast device list update during primary logout (authored by bartek). · Explain WhyJul 4 2024, 1:37 AM
This revision was automatically updated to reflect the committed changes.
bartek added a commit: rCOMM4e321a00594d: [lib] Broadcast device list update during primary logout.

Revision Contents
Changeset List

PathSize
lib/
actions/
19 lines

Diff 42003

View Options

lib/actions/user-actions.js

Loading...