Page MenuHomePhabricator

Encrypt notifications for web clients supporting decryption
ClosedPublic

Authored by marcin on Oct 27 2023, 6:36 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 26, 10:14 AM
Unknown Object (File)
Fri, Nov 15, 2:48 AM
Unknown Object (File)
Sun, Nov 3, 5:21 AM
Unknown Object (File)
Oct 27 2024, 8:54 PM
Unknown Object (File)
Oct 23 2024, 3:22 AM
Unknown Object (File)
Oct 23 2024, 3:12 AM
Unknown Object (File)
Oct 23 2024, 2:14 AM
Unknown Object (File)
Oct 23 2024, 1:59 AM
Subscribers

Details

Summary

This differential encrypts notifications for sufficiently new web clients.

Test Plan
  1. Change FUTURE_CODE_VERSION flag to 0.
  2. Open web client.
  3. Add console.log() to log data received in service-worker and early return to skip this notification.
  4. Send web notification.
  5. Examine service-worker logs - ensure that encrypted payload is visible.
  6. Using mariadb console ensure that version field of olm_session associated with cookie_id of current web client increments with each notication.

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

It looks correct, but I don't have enough knowledge of how notifs work so not accepting, to let others see

keyserver/src/push/send.js
1079–1081 ↗(On Diff #32461)

shouldn't we use hasMinCodeVersion?

1289 ↗(On Diff #32461)

Let's keep it consistent after changing param name

lib/types/notif-types.js
36 ↗(On Diff #32461)

why not string?

keyserver/src/push/send.js
1079–1081 ↗(On Diff #32461)

Yeah, would be better to use hasMinCodeVersion. In some places in send.js we don't use it because we don't pass in the full platformDetails, but here it would be easiser. (It would probably be best to refactor to always use hasMinCodeVersion so it's easier to grep for code that can be deleted when we bump the minimum supported client in verifyClientSupported, but that's outside the scope of this diff)

lib/types/notif-types.js
36 ↗(On Diff #32461)

Always better to be have more specific types

  1. Use hasMinCodeVersion.
  2. Rename sendWebNotification -> sendWebNotifications.

Extract plain text web notification payload to separate type.

lib/types/notif-types.js
36 ↗(On Diff #32461)

We do similar for Android notifications. This field is just supposed to indicate that the notifications should have been encrypted but the encryption process failed. That said it will never have different value than '1'.

This revision is now accepted and ready to land.Nov 7 2023, 3:25 AM

USe NEXT_CODE_VERSION and isStaff