diff --git a/lib/keyserver-conn/keyserver-auth.js b/lib/keyserver-conn/keyserver-auth.js new file mode 100644 index 000000000..8a8d480ce --- /dev/null +++ b/lib/keyserver-conn/keyserver-auth.js @@ -0,0 +1,174 @@ +// @flow + +import invariant from 'invariant'; +import * as React from 'react'; + +import { extractKeyserverIDFromID } from './keyserver-call-utils.js'; +import { + CANCELLED_ERROR, + type CallKeyserverEndpoint, +} from './keyserver-conn-types.js'; +import { + keyserverAuthActionTypes, + keyserverAuthRawAction, +} from '../actions/user-actions.js'; +import { filterThreadIDsInFilterList } from '../reducers/calendar-filters-reducer.js'; +import { + cookieSelector, + deviceTokenSelector, +} from '../selectors/keyserver-selectors.js'; +import { IdentityClientContext } from '../shared/identity-client-context.js'; +import type { AuthActionSource } from '../types/account-types.js'; +import { authoritativeKeyserverID } from '../utils/authoritative-keyserver.js'; +import { getConfig } from '../utils/config.js'; +import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; +import { useSelector } from '../utils/redux-utils.js'; +import sleep from '../utils/sleep.js'; + +const AUTH_RETRY_DELAY_MS = 60000; + +type KeyserverAuthInputs = { + +authActionSource: AuthActionSource, + +setInProgress: boolean => mixed, + +hasBeenCancelled: () => boolean, + +doNotRegister: boolean, +}; + +type RawKeyserverAuthFunc = + KeyserverAuthInputs => CallKeyserverEndpoint => Promise; + +function useRawKeyserverAuth(keyserverID: string): RawKeyserverAuthFunc { + const navInfo = useSelector(state => state.navInfo); + const calendarFilters = useSelector(state => state.calendarFilters); + const calendarQuery = React.useMemo(() => { + const filters = filterThreadIDsInFilterList( + calendarFilters, + (threadID: string) => extractKeyserverIDFromID(threadID) === keyserverID, + ); + return { + startDate: navInfo.startDate, + endDate: navInfo.endDate, + filters, + }; + }, [calendarFilters, keyserverID, navInfo.endDate, navInfo.startDate]); + + const cookie = useSelector(cookieSelector(keyserverID)); + + const keyserverDeviceToken = useSelector(deviceTokenSelector(keyserverID)); + // We have an assumption that we should be always connected to the + // authoritative keyserver. It is possible that a token which it has is + // correct, so we can try to use it. In worst case it is invalid and our + // push-handler will try to fix it. + const authoritativeKeyserverDeviceToken = useSelector( + deviceTokenSelector(authoritativeKeyserverID()), + ); + const deviceToken = keyserverDeviceToken ?? authoritativeKeyserverDeviceToken; + + const dispatchActionPromise = useDispatchActionPromise(); + + const identityContext = React.useContext(IdentityClientContext); + invariant(identityContext, 'Identity context should be set'); + const { identityClient, getAuthMetadata } = identityContext; + + const { olmAPI } = getConfig(); + + const currentUserInfo = useSelector(state => state.currentUserInfo); + + return React.useCallback( + (inputs: KeyserverAuthInputs) => + async (innerCallKeyserverEndpoint: CallKeyserverEndpoint) => { + const { + authActionSource, + setInProgress, + hasBeenCancelled, + doNotRegister, + } = inputs; + try { + const [keyserverKeys] = await Promise.all([ + identityClient.getKeyserverKeys(keyserverID), + olmAPI.initializeCryptoAccount(), + ]); + + if (hasBeenCancelled()) { + throw new Error(CANCELLED_ERROR); + } + + const [notifsSession, contentSession, { userID, deviceID }] = + await Promise.all([ + olmAPI.notificationsSessionCreator( + cookie, + keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys, + keyserverKeys.notifInitializationInfo, + keyserverID, + ), + olmAPI.contentOutboundSessionCreator( + keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys, + keyserverKeys.contentInitializationInfo, + ), + getAuthMetadata(), + ]); + + invariant(userID, 'userID should be set'); + invariant(deviceID, 'deviceID should be set'); + + const deviceTokenUpdateInput = deviceToken + ? { [keyserverID]: { deviceToken } } + : {}; + + if (hasBeenCancelled()) { + throw new Error(CANCELLED_ERROR); + } + + const authPromise = keyserverAuthRawAction( + innerCallKeyserverEndpoint, + )({ + userID, + deviceID, + doNotRegister, + calendarQuery, + deviceTokenUpdateInput, + authActionSource, + keyserverData: { + [keyserverID]: { + initialContentEncryptedMessage: + contentSession.encryptedData.message, + initialNotificationsEncryptedMessage: notifsSession, + }, + }, + preRequestUserInfo: currentUserInfo, + }); + + await dispatchActionPromise(keyserverAuthActionTypes, authPromise); + } catch (e) { + if (hasBeenCancelled()) { + return; + } + console.log( + `Error while authenticating to keyserver with id ${keyserverID}`, + e, + ); + throw e; + } finally { + if (!hasBeenCancelled()) { + void (async () => { + await sleep(AUTH_RETRY_DELAY_MS); + setInProgress(false); + })(); + } + } + }, + [ + calendarQuery, + cookie, + deviceToken, + dispatchActionPromise, + getAuthMetadata, + identityClient, + keyserverID, + olmAPI, + currentUserInfo, + ], + ); +} + +export { useRawKeyserverAuth }; diff --git a/lib/keyserver-conn/keyserver-connection-handler.js b/lib/keyserver-conn/keyserver-connection-handler.js index f51a2e0d4..1ea8db6bf 100644 --- a/lib/keyserver-conn/keyserver-connection-handler.js +++ b/lib/keyserver-conn/keyserver-connection-handler.js @@ -1,442 +1,304 @@ // @flow -import invariant from 'invariant'; import * as React from 'react'; import { useCallKeyserverEndpointContext } from './call-keyserver-endpoint-provider.react.js'; import type { CallSingleKeyserverEndpoint } from './call-single-keyserver-endpoint.js'; -import { extractKeyserverIDFromID } from './keyserver-call-utils.js'; -import { - CANCELLED_ERROR, - type CallKeyserverEndpoint, -} from './keyserver-conn-types.js'; +import { useRawKeyserverAuth } from './keyserver-auth.js'; +import type { CallKeyserverEndpoint } from './keyserver-conn-types.js'; import { useKeyserverRecoveryLogIn } from './recovery-utils.js'; -import { - keyserverAuthActionTypes, - logOutActionTypes, - keyserverAuthRawAction, - useLogOut, -} from '../actions/user-actions.js'; -import { filterThreadIDsInFilterList } from '../reducers/calendar-filters-reducer.js'; +import { logOutActionTypes, useLogOut } from '../actions/user-actions.js'; import { connectionSelector, cookieSelector, - deviceTokenSelector, } from '../selectors/keyserver-selectors.js'; import { isLoggedInToKeyserver } from '../selectors/user-selectors.js'; import { useInitialNotificationsEncryptedMessage } from '../shared/crypto-utils.js'; -import { IdentityClientContext } from '../shared/identity-client-context.js'; import type { BaseSocketProps } from '../socket/socket.react.js'; import { logInActionSources, type RecoveryFromReduxActionSource, - type AuthActionSource, } from '../types/account-types.js'; import { authoritativeKeyserverID } from '../utils/authoritative-keyserver.js'; import { getConfig } from '../utils/config.js'; import { getMessageForException } from '../utils/errors.js'; import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; import { useSelector } from '../utils/redux-utils.js'; import { usingCommServicesAccessToken, relyingOnAuthoritativeKeyserver, } from '../utils/services-utils.js'; -import sleep from '../utils/sleep.js'; type Props = { ...BaseSocketProps, +socketComponent: React.ComponentType, }; -const AUTH_RETRY_DELAY_MS = 60000; - function KeyserverConnectionHandler(props: Props) { const { socketComponent: Socket, ...socketProps } = props; const { keyserverID } = props; const dispatchActionPromise = useDispatchActionPromise(); const callLogOut = useLogOut(); const { olmAPI } = getConfig(); const hasConnectionIssue = useSelector( state => !!connectionSelector(keyserverID)(state)?.connectionIssue, ); const cookie = useSelector(cookieSelector(keyserverID)); const prevCookieRef = React.useRef(cookie); const notifsSessionReassignmentPromise = React.useRef>(null); React.useEffect(() => { const prevCookie = prevCookieRef.current; prevCookieRef.current = cookie; if (cookie === prevCookie || !cookie || !cookie.startsWith('user=')) { return; } notifsSessionReassignmentPromise.current = (async () => { await notifsSessionReassignmentPromise.current; await olmAPI.reassignNotificationsSession?.( prevCookie, cookie, keyserverID, ); })(); }, [cookie, keyserverID, olmAPI]); const dataLoaded = useSelector(state => state.dataLoaded); - const keyserverDeviceToken = useSelector(deviceTokenSelector(keyserverID)); - // We have an assumption that we should be always connected to Ashoat's - // keyserver. It is possible that a token which it has is correct, so we can - // try to use it. In worst case it is invalid and our push-handler will try - // to fix it. - const ashoatKeyserverDeviceToken = useSelector( - deviceTokenSelector(authoritativeKeyserverID()), - ); - const deviceToken = keyserverDeviceToken ?? ashoatKeyserverDeviceToken; - - const navInfo = useSelector(state => state.navInfo); - const calendarFilters = useSelector(state => state.calendarFilters); - const calendarQuery = React.useMemo(() => { - const filters = filterThreadIDsInFilterList( - calendarFilters, - (threadID: string) => extractKeyserverIDFromID(threadID) === keyserverID, - ); - return { - startDate: navInfo.startDate, - endDate: navInfo.endDate, - filters, - }; - }, [calendarFilters, keyserverID, navInfo.endDate, navInfo.startDate]); - React.useEffect(() => { if ( hasConnectionIssue && keyserverID === authoritativeKeyserverID() && relyingOnAuthoritativeKeyserver ) { void dispatchActionPromise(logOutActionTypes, callLogOut()); } }, [callLogOut, hasConnectionIssue, dispatchActionPromise, keyserverID]); - const identityContext = React.useContext(IdentityClientContext); - invariant(identityContext, 'Identity context should be set'); - const { identityClient, getAuthMetadata } = identityContext; - - const currentUserInfo = useSelector(state => state.currentUserInfo); - const innerPerformAuth = React.useCallback( - ( - authActionSource: AuthActionSource, - setInProgress: boolean => mixed, - hasBeenCancelled: () => boolean, - doNotRegister: boolean, - ) => - async (innerCallKeyserverEndpoint: CallKeyserverEndpoint) => { - try { - const [keyserverKeys] = await Promise.all([ - identityClient.getKeyserverKeys(keyserverID), - olmAPI.initializeCryptoAccount(), - ]); - - if (hasBeenCancelled()) { - throw new Error(CANCELLED_ERROR); - } - - const [notifsSession, contentSession, { userID, deviceID }] = - await Promise.all([ - olmAPI.notificationsSessionCreator( - cookie, - keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys, - keyserverKeys.notifInitializationInfo, - keyserverID, - ), - olmAPI.contentOutboundSessionCreator( - keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys, - keyserverKeys.contentInitializationInfo, - ), - getAuthMetadata(), - ]); - - invariant(userID, 'userID should be set'); - invariant(deviceID, 'deviceID should be set'); - - const deviceTokenUpdateInput = deviceToken - ? { [keyserverID]: { deviceToken } } - : {}; - - if (hasBeenCancelled()) { - throw new Error(CANCELLED_ERROR); - } - - const authPromise = keyserverAuthRawAction( - innerCallKeyserverEndpoint, - )({ - userID, - deviceID, - doNotRegister, - calendarQuery, - deviceTokenUpdateInput, - authActionSource, - keyserverData: { - [keyserverID]: { - initialContentEncryptedMessage: - contentSession.encryptedData.message, - initialNotificationsEncryptedMessage: notifsSession, - }, - }, - preRequestUserInfo: currentUserInfo, - }); - - await dispatchActionPromise(keyserverAuthActionTypes, authPromise); - } catch (e) { - if (hasBeenCancelled()) { - return; - } - console.log( - `Error while authenticating to keyserver with id ${keyserverID}`, - e, - ); - throw e; - } finally { - if (!hasBeenCancelled()) { - void (async () => { - await sleep(AUTH_RETRY_DELAY_MS); - setInProgress(false); - })(); - } - } - }, - [ - calendarQuery, - cookie, - deviceToken, - dispatchActionPromise, - getAuthMetadata, - identityClient, - keyserverID, - olmAPI, - currentUserInfo, - ], - ); + const rawKeyserverAuth = useRawKeyserverAuth(keyserverID); const [authInProgress, setAuthInProgress] = React.useState(false); const { callKeyserverEndpoint } = useCallKeyserverEndpointContext(); const performAuth = React.useCallback(() => { setAuthInProgress(true); let cancelled = false; const cancel = () => { cancelled = true; setAuthInProgress(false); }; const hasBeenCancelled = () => cancelled; const promise = (async () => { try { - await innerPerformAuth( - process.env.BROWSER + await rawKeyserverAuth({ + authActionSource: process.env.BROWSER ? logInActionSources.keyserverAuthFromWeb : logInActionSources.keyserverAuthFromNative, - setAuthInProgress, + setInProgress: setAuthInProgress, hasBeenCancelled, - false, - )(callKeyserverEndpoint); + doNotRegister: false, + })(callKeyserverEndpoint); } catch (e) { if ( !dataLoaded && keyserverID === authoritativeKeyserverID() && relyingOnAuthoritativeKeyserver ) { await dispatchActionPromise(logOutActionTypes, callLogOut()); } } })(); return [promise, cancel]; }, [ - innerPerformAuth, + rawKeyserverAuth, callKeyserverEndpoint, dataLoaded, keyserverID, dispatchActionPromise, callLogOut, ]); const activeSessionRecovery = useSelector( state => state.keyserverStore.keyserverInfos[keyserverID]?.connection .activeSessionRecovery, ); // This async function asks the keyserver for its keys, whereas performAuth // above gets the keyserver's keys from the identity service const getInitialNotificationsEncryptedMessageForRecovery = useInitialNotificationsEncryptedMessage(keyserverID); const { resolveKeyserverSessionInvalidationUsingNativeCredentials } = getConfig(); const innerPerformRecovery = React.useCallback( ( recoveryActionSource: RecoveryFromReduxActionSource, setInProgress: boolean => mixed, hasBeenCancelled: () => boolean, ) => async ( callSingleKeyserverEndpoint: CallSingleKeyserverEndpoint, innerCallKeyserverEndpoint: CallKeyserverEndpoint, ) => { if (usingCommServicesAccessToken) { try { - await innerPerformAuth( - recoveryActionSource, + await rawKeyserverAuth({ + authActionSource: recoveryActionSource, setInProgress, hasBeenCancelled, - true, - )(innerCallKeyserverEndpoint); + doNotRegister: true, + })(innerCallKeyserverEndpoint); } catch (e) { console.log( `Tried to recover session with keyserver ${keyserverID} but got ` + `error. Exception: ` + (getMessageForException(e) ?? '{no exception message}'), ); } return; } if (!resolveKeyserverSessionInvalidationUsingNativeCredentials) { return; } await resolveKeyserverSessionInvalidationUsingNativeCredentials( callSingleKeyserverEndpoint, innerCallKeyserverEndpoint, dispatchActionPromise, recoveryActionSource, keyserverID, getInitialNotificationsEncryptedMessageForRecovery, hasBeenCancelled, ); }, [ - innerPerformAuth, + rawKeyserverAuth, resolveKeyserverSessionInvalidationUsingNativeCredentials, dispatchActionPromise, keyserverID, getInitialNotificationsEncryptedMessageForRecovery, ], ); const keyserverRecoveryLogIn = useKeyserverRecoveryLogIn(keyserverID); const performRecovery = React.useCallback( (recoveryActionSource: RecoveryFromReduxActionSource) => { setAuthInProgress(true); let cancelled = false; const cancel = () => { cancelled = true; setAuthInProgress(false); }; const hasBeenCancelled = () => cancelled; const promise = (async () => { try { await keyserverRecoveryLogIn( recoveryActionSource, innerPerformRecovery( recoveryActionSource, setAuthInProgress, hasBeenCancelled, ), hasBeenCancelled, ); } finally { if (!cancelled) { setAuthInProgress(false); } } })(); return [promise, cancel]; }, [keyserverRecoveryLogIn, innerPerformRecovery], ); const cancelPendingAuth = React.useRef void>(null); const prevPerformAuth = React.useRef(performAuth); const hasAccessToken = useSelector(state => !!state.commServicesAccessToken); + const hasCurrentUserInfo = useSelector( + state => !!state.currentUserInfo && !state.currentUserInfo.anonymous, + ); const isUserLoggedInToKeyserver = useSelector( isLoggedInToKeyserver(keyserverID), ); - const canInitiateRecovery = - !!currentUserInfo && - !currentUserInfo.anonymous && - isUserLoggedInToKeyserver; + const canInitiateRecovery = hasCurrentUserInfo && isUserLoggedInToKeyserver; const cancelPendingRecovery = React.useRef void>(null); const prevPerformRecovery = React.useRef(performRecovery); React.useEffect(() => { if (activeSessionRecovery && canInitiateRecovery) { cancelPendingAuth.current?.(); cancelPendingAuth.current = null; if (prevPerformRecovery.current !== performRecovery) { cancelPendingRecovery.current?.(); cancelPendingRecovery.current = null; prevPerformRecovery.current = performRecovery; } if (!authInProgress) { const [, cancel] = performRecovery(activeSessionRecovery); cancelPendingRecovery.current = cancel; } return; } cancelPendingRecovery.current?.(); cancelPendingRecovery.current = null; if (!hasAccessToken) { cancelPendingAuth.current?.(); cancelPendingAuth.current = null; } if ( !usingCommServicesAccessToken || isUserLoggedInToKeyserver || !hasAccessToken ) { return; } if (prevPerformAuth.current !== performAuth) { cancelPendingAuth.current?.(); cancelPendingAuth.current = null; } prevPerformAuth.current = performAuth; if (authInProgress) { return; } const [, cancel] = performAuth(); cancelPendingAuth.current = cancel; }, [ activeSessionRecovery, authInProgress, performRecovery, hasAccessToken, isUserLoggedInToKeyserver, canInitiateRecovery, performAuth, ]); return ; } const Handler: React.ComponentType = React.memo( KeyserverConnectionHandler, ); export default Handler;