Page MenuHomePhabricator
Differential D10578

[lib] Introduce canResolveKeyserverSessionInvalidation
ClosedPublic
Actions

Authored by ashoat on Jan 8 2024, 9:57 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 23, 9:28 PM
Unknown Object (File)
Sun, Mar 23, 9:27 PM
Unknown Object (File)
Sun, Mar 23, 9:27 PM
Unknown Object (File)
Sun, Mar 23, 9:27 PM
Unknown Object (File)
Tue, Mar 18, 9:42 AM
Unknown Object (File)
Fri, Mar 14, 5:57 AM
Unknown Object (File)
Feb 20 2025, 2:54 PM
Unknown Object (File)
Feb 20 2025, 2:54 PM
View All 76 Files
Subscribers
None

Details

Reviewers
inka
varun
tomek
Commits
rCOMMfa1ed5f96213: [lib] Introduce canResolveKeyserverSessionInvalidation
Summary

Previously, to figure out if it was possible to resolve a keyserver session invalidation, we were checking for the presence of the resolveInvalidatedCookie function.

That function was missing on web but present on native, since it required native credentials to work.

Now we can attempt resolution for any client that is usingCommServicesAccessToken, so we want to update the check. Instead of duplicating the code, I introduced a function to handle the check.

Depends on D10577

Test Plan

Will test this by triggering a session invalidation by deleting a cookie from the MariaDB database

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

ashoat created this revision.Jan 8 2024, 9:57 AM
Harbormaster returned this revision to the author for changes because remote builds failed.Jan 8 2024, 10:27 AM
Harbormaster failed remote builds in B25613: Diff 35408!
ashoat requested review of this revision.Jan 8 2024, 10:51 AM
ashoat added a child revision: D10579: [lib] Separate out keyserver utils in action-utils.js into a separate file.Jan 8 2024, 11:40 AM
inka accepted this revision.Jan 9 2024, 3:15 AM
inka added inline comments.
lib/utils/action-utils.js
193–194 ↗(On Diff #35408)

I don't think this is exactly true - we can always try, but it might fail

This revision is now accepted and ready to land.Jan 9 2024, 3:15 AM
ashoat updated this revision to Diff 35431.Jan 9 2024, 6:21 AM

Add "try to" to comment

Harbormaster completed remote builds in B25632: Diff 35431.Jan 9 2024, 6:45 AM
Closed by commit rCOMMfa1ed5f96213: [lib] Introduce canResolveKeyserverSessionInvalidation (authored by ashoat). · Explain WhyJan 10 2024, 5:43 AM
This revision was automatically updated to reflect the committed changes.
ashoat added a commit: rCOMMfa1ed5f96213: [lib] Introduce canResolveKeyserverSessionInvalidation.

Revision Contents
Changeset List

PathSize
lib/
utils/
31 lines

Diff 35431

View Options

lib/utils/action-utils.js

// @flow // @flow
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { logOutActionTypes, useLogOut } from '../actions/user-actions.js'; import {
keyserverAuthActionTypes,
logOutActionTypes,
useKeyserverAuth,
useLogOut,
} from '../actions/user-actions.js';
import { extractKeyserverIDFromID } from '../keyserver-conn/keyserver-call-utils.js';
import { filterThreadIDsInFilterList } from '../reducers/calendar-filters-reducer.js';
import { import {
connectionSelector, connectionSelector,
cookieSelector, cookieSelector,
deviceTokenSelector,
} from '../selectors/keyserver-selectors.js'; } from '../selectors/keyserver-selectors.js';
import { IdentityClientContext } from '../shared/identity-client-context.js'; import { IdentityClientContext } from '../shared/identity-client-context.js';
import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js'; import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js';
import type { BaseSocketProps } from '../socket/socket.react.js'; import type { BaseSocketProps } from '../socket/socket.react.js';
import { logInActionSources } from '../types/account-types.js';
import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; import { useDispatchActionPromise } from '../utils/redux-promise-utils.js';
import { useSelector } from '../utils/redux-utils.js'; import { useSelector } from '../utils/redux-utils.js';
import { usingCommServicesAccessToken } from '../utils/services-utils.js'; import { usingCommServicesAccessToken } from '../utils/services-utils.js';
import { ashoatKeyserverID } from '../utils/validation-utils.js'; import { ashoatKeyserverID } from '../utils/validation-utils.js';
type Props = { type Props = {
...BaseSocketProps, ...BaseSocketProps,
+keyserverID: string, +keyserverID: string,
+socketComponent: React.ComponentType<BaseSocketProps>, +socketComponent: React.ComponentType<BaseSocketProps>,
}; };
function KeyserverConnectionHandler(props: Props) { function KeyserverConnectionHandler(props: Props) {
const { socketComponent: Socket, keyserverID, ...rest } = props; const { socketComponent: Socket, keyserverID, ...rest } = props;
const dispatchActionPromise = useDispatchActionPromise(); const dispatchActionPromise = useDispatchActionPromise();
const callLogOut = useLogOut(); const callLogOut = useLogOut();
const keyserverAuth = useKeyserverAuth();
const hasConnectionIssue = useSelector( const hasConnectionIssue = useSelector(
state => !!connectionSelector(keyserverID)(state)?.connectionIssue, state => !!connectionSelector(keyserverID)(state)?.connectionIssue,
); );
const cookie = useSelector(cookieSelector(keyserverID)); const cookie = useSelector(cookieSelector(keyserverID));
const keyserverDeviceToken = useSelector(deviceTokenSelector(keyserverID));
// We have an assumption that we should be always connected to Ashoat's
// keyserver. It is possible that a token which it has is correct, so we can
// try to use it. In worst case it is invalid and our push-handler will try
// to fix it.
ashoatUnsubmitted
Not Done
Inline Actions

This logic is a bit confusing.

I guess the reason we decided to store a separate deviceToken per keyserver is because we want to know if we've shared our deviceToken to that keyserver yet, not because we expect to have a different deviceToken per keyserver.

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

ashoat: This logic is a bit confusing. I guess the reason we decided to store a separate `deviceToken`…
tomekAuthorUnsubmitted
Done
Inline Actions

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

Agree. But moving the token to Tunnelbroker will simplify it even more. For now, I don't think it is worth fixing now.

tomek: > It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in…
const ashoatKeyserverDeviceToken = useSelector(
deviceTokenSelector(ashoatKeyserverID),
);
const deviceToken = keyserverDeviceToken ?? ashoatKeyserverDeviceToken;
const navInfo = useSelector(state => state.navInfo);
const calendarFilters = useSelector(state => state.calendarFilters);
const calendarQuery = React.useMemo(() => {
const filters = filterThreadIDsInFilterList(
calendarFilters,
(threadID: string) => extractKeyserverIDFromID(threadID) === keyserverID,
);
return {
startDate: navInfo.startDate,
endDate: navInfo.endDate,
filters,
};
}, [calendarFilters, keyserverID, navInfo.endDate, navInfo.startDate]);
React.useEffect(() => { React.useEffect(() => {
if (hasConnectionIssue) { if (hasConnectionIssue) {
void dispatchActionPromise(logOutActionTypes, callLogOut()); void dispatchActionPromise(logOutActionTypes, callLogOut());
} }
}, [callLogOut, hasConnectionIssue, dispatchActionPromise]); }, [callLogOut, hasConnectionIssue, dispatchActionPromise]);
const identityContext = React.useContext(IdentityClientContext); const identityContext = React.useContext(IdentityClientContext);
invariant(identityContext, 'Identity context should be set'); invariant(identityContext, 'Identity context should be set');
const { identityClient } = identityContext; const { identityClient, getAuthMetadata } = identityContext;
const olmSessionCreator = React.useContext(OlmSessionCreatorContext); const olmSessionCreator = React.useContext(OlmSessionCreatorContext);
invariant(olmSessionCreator, 'Olm session creator should be set'); invariant(olmSessionCreator, 'Olm session creator should be set');
React.useEffect(() => { React.useEffect(() => {
if (!usingCommServicesAccessToken) { if (!usingCommServicesAccessToken) {
return; return;
} }
void (async () => { void (async () => {
try { try {
const keyserverKeys = const keyserverKeys =
await identityClient.getKeyserverKeys(keyserverID); await identityClient.getKeyserverKeys(keyserverID);
// eslint-disable-next-line no-unused-vars
const [notifsSession, contentSession] = await Promise.all([ const [notifsSession, contentSession] = await Promise.all([
olmSessionCreator.notificationsSessionCreator( olmSessionCreator.notificationsSessionCreator(
cookie, cookie,
keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys, keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys,
keyserverKeys.notifInitializationInfo, keyserverKeys.notifInitializationInfo,
keyserverID, keyserverID,
), ),
olmSessionCreator.contentSessionCreator( olmSessionCreator.contentSessionCreator(
keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys, keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys,
keyserverKeys.contentInitializationInfo, keyserverKeys.contentInitializationInfo,
), ),
]); ]);
const { userID, deviceID } = await getAuthMetadata();
invariant(userID, 'userID should be set');
invariant(deviceID, 'deviceID should be set');
const deviceTokenUpdateInput = deviceToken
? { [keyserverID]: { deviceToken } }
: {};
await dispatchActionPromise(
keyserverAuthActionTypes,
keyserverAuth({
userID,
deviceID,
doNotRegister: false,
calendarQuery,
deviceTokenUpdateInput,
logInActionSource: process.env.BROWSER
? logInActionSources.keyserverAuthFromWeb
: logInActionSources.keyserverAuthFromNative,
keyserverData: {
[keyserverID]: {
initialContentEncryptedMessage: contentSession,
initialNotificationsEncryptedMessage: notifsSession,
},
},
}),
);
} catch (e) { } catch (e) {
console.log( console.log(
`Error getting keys for keyserver with id ${keyserverID}`, `Error while authenticating to keyserver with id ${keyserverID}`,
e, e,
); );
} }
})(); })();
}, [keyserverID, identityClient, olmSessionCreator, cookie]); }, [
keyserverID,
identityClient,
olmSessionCreator,
cookie,
getAuthMetadata,
dispatchActionPromise,
keyserverAuth,
deviceToken,
calendarQuery,
]);
if (keyserverID !== ashoatKeyserverID) { if (keyserverID !== ashoatKeyserverID) {
return null; return null;
} }
return <Socket {...rest} />; return <Socket {...rest} />;
} }
const Handler: React.ComponentType<Props> = React.memo<Props>( const Handler: React.ComponentType<Props> = React.memo<Props>(
KeyserverConnectionHandler, KeyserverConnectionHandler,
); );
export default Handler; export default Handler;