Page MenuHomePhabricator

Boilerplate for web and desktop to look for keyserverID during notifications session creation and notification decryption
ClosedPublic

Authored by marcin on Mar 11 2024, 9:25 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 12:10 PM
Unknown Object (File)
Wed, Nov 6, 3:35 PM
Unknown Object (File)
Wed, Oct 30, 11:13 AM
Unknown Object (File)
Thu, Oct 24, 1:43 AM
Unknown Object (File)
Mon, Oct 21, 6:15 PM
Unknown Object (File)
Thu, Oct 17, 9:12 AM
Unknown Object (File)
Thu, Oct 17, 4:16 AM
Unknown Object (File)
Oct 16 2024, 1:31 PM
Subscribers

Details

Summary

This differential updates web and desktop code so that:

  1. The keyserverID is an argument to methods that create session.
  2. The keyserverID is an argument of methods that decrypt notifications on desktop.

Actually using this argument will be introduced in next diff.

Test Plan
  1. Flow
  2. Test that notifs aren't broken on web and desktop

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Rebase to update commit message

desktop/flow-typed/npm/electron_v22.0.0.js
339–343

Sorry, I should have caught this when adding (single-keyserver) encrypted notifications to desktop -> types in flow-typed are types for specific libraries and shouldn't be mixed with our types (in this case the keyserverID and encryptedPayload fields). Could we (potentially in a different diff) remove them and only keep the +[string]: mixed and add a check in JS code that checks if these fields exists.

  1. Approach changed - we are moving with this proejct as it is and will fix desktop regression as a separate project.
  2. Fix types in electron_v22.0.0.js
michal requested changes to this revision.Mar 14 2024, 6:30 AM

In general the code looks good but there is one major problem: if someone doesn't update their desktop app they can still run a newer version of the web app.

This diff breaks the API between webapp and electron code by adding changing the arguments to the onEncryptedNotification (adding the keyserverID as the last argument would probably be fine). But the bigger problem is handling of this edge case with encrypting notifications...

desktop/src/push-notifications.js
146 ↗(On Diff #38052)

At this point the encryptedPayload must be a string. So I don't think the showNewNotification(userInfo, handleClick); will ever run. You should probably check for if (!userInfo.encryptedPayload) first.

156–157 ↗(On Diff #38052)

Don't we need a typeof keyserverID !== 'string' || typeof encryptedPayload !== 'string' check here too?

This revision now requires changes to proceed.Mar 14 2024, 6:30 AM
desktop/src/push-notifications.js
156–157 ↗(On Diff #38052)

True - my oversight.

  1. Address JS-nits
  2. Fixx potential issues realted to desktop-web code version discrepancy
This revision is now accepted and ready to land.Mar 18 2024, 4:15 AM