v1.7.11

Bump npm-user-validate from 1.0.0 to 1.0.1

CHANGELOG.md

@@ -1,3 +1,26 @@
+Changes in [1.7.11](https://github.com/vector-im/element-desktop/releases/tag/v1.7.11) (2020-10-26)
+===================================================================================================
+[Full Changelog](https://github.com/vector-im/element-desktop/compare/v1.7.11-rc.1...v1.7.11)
+
+ * No changes since rc.1
+
+Changes in [1.7.11-rc.1](https://github.com/vector-im/element-desktop/releases/tag/v1.7.11-rc.1) (2020-10-21)
+=============================================================================================================
+[Full Changelog](https://github.com/vector-im/element-desktop/compare/v1.7.10...v1.7.11-rc.1)
+
+ * Bump npm-user-validate from 1.0.0 to 1.0.1
+   [\#148](https://github.com/vector-im/element-desktop/pull/148)
+ * Use keytar for the seshat passphrase.
+   [\#147](https://github.com/vector-im/element-desktop/pull/147)
+ * Upgrade to Electron 10.1.3
+   [\#146](https://github.com/vector-im/element-desktop/pull/146)
+
+Changes in [1.7.10](https://github.com/vector-im/element-desktop/releases/tag/v1.7.10) (2020-10-20)
+===================================================================================================
+[Full Changelog](https://github.com/vector-im/element-desktop/compare/v1.7.9...v1.7.10)
+
+ * No changes since 1.7.9
+
 Changes in [1.7.9](https://github.com/vector-im/element-desktop/releases/tag/v1.7.9) (2020-10-12)
 =================================================================================================
 [Full Changelog](https://github.com/vector-im/element-desktop/compare/v1.7.9-rc.1...v1.7.9)

package.json

@@ -2,7 +2,7 @@
   "name": "element-desktop",
   "productName": "Element",
   "main": "src/electron-main.js",
-  "version": "1.7.9",
+  "version": "1.7.11",
   "description": "A feature-rich client for Matrix.org",
   "author": "Element",
   "repository": {
@@ -62,7 +62,7 @@
   },
   "build": {
     "appId": "im.riot.app",
-    "electronVersion": "10.1.1",
+    "electronVersion": "10.1.3",
     "files": [
       "package.json",
       {

src/electron-main.js

@@ -61,7 +61,7 @@ let Seshat;
 let SeshatRecovery;
 let ReindexError;
 
-const seshatPassphrase = "DEFAULT_PASSPHRASE";
+const seshatDefaultPassphrase = "DEFAULT_PASSPHRASE";
 
 try {
     const seshatModule = require('matrix-seshat');
@@ -262,6 +262,18 @@ const deleteContents = async (p) => {
     }
 };
 
+async function randomArray(size) {
+    return new Promise((resolve, reject) => {
+        crypto.randomBytes(size, (err, buf) => {
+            if (err) {
+                reject(err);
+            } else {
+                resolve(buf.toString("base64").replace(/=+$/g, ''));
+            }
+        });
+    });
+}
+
 // handle uncaught errors otherwise it displays
 // stack traces in popup dialogs, which is terrible (which
 // it will do any time the auto update poke fails, and there's
@@ -439,16 +451,7 @@ ipcMain.on('ipcCall', async function(ev, payload) {
 
         case 'createPickleKey':
             try {
-                const randomArray = await new Promise((resolve, reject) => {
-                    crypto.randomBytes(32, (err, buf) => {
-                        if (err) {
-                            reject(err);
-                        } else {
-                            resolve(buf);
-                        }
-                    });
-                });
-                const pickleKey = randomArray.toString("base64").replace(/=+$/g, '');
+                const pickleKey = await randomArray(32);
                 await keytar.setPassword("element.io", `${args[0]}|${args[1]}`, pickleKey);
                 ret = pickleKey;
             } catch (e) {
@@ -503,18 +506,42 @@ ipcMain.on('seshat', async function(ev, payload) {
 
         case 'initEventIndex':
             if (eventIndex === null) {
-                try {
-                    await afs.mkdir(eventStorePath, {recursive: true});
-                    eventIndex = new Seshat(eventStorePath, {passphrase: seshatPassphrase});
-                } catch (e) {
-                    if (e instanceof ReindexError) {
-                        // If this is a reindex error, the index schema
-                        // changed. Try to open the database in recovery mode,
-                        // reindex the database and finally try to open the
-                        // database again.
-                        try {
+                const userId = args[0];
+                const deviceId = args[1];
+                const passphraseKey = `seshat|${userId}|${deviceId}`;
+
+                let changePassphrase = false;
+                let passphrase = seshatDefaultPassphrase;
+
+                if (keytar) {
+                    try {
+                        // Try to get a passphrase for seshat.
+                        const storedPassphrase = await keytar.getPassword("element.io", passphraseKey);
+
+                        // If no passphrase was found mark that we should change
+                        // it, if one is found, use that one.
+                        if (storedPassphrase === null) {
+                            changePassphrase = true;
+                        } else {
+                            passphrase = storedPassphrase;
+                        }
+                    } catch (e) {
+                        console.log("Error getting the event index passphrase out of the secret store", e);
+                    }
+                }
+
+                const openSeshat = async () => {
+                    try {
+                        await afs.mkdir(eventStorePath, {recursive: true});
+                        return new Seshat(eventStorePath, {passphrase});
+                    } catch (e) {
+                        if (e instanceof ReindexError) {
+                            // If this is a reindex error, the index schema
+                            // changed. Try to open the database in recovery mode,
+                            // reindex the database and finally try to open the
+                            // database again.
                             const recoveryIndex = new SeshatRecovery(eventStorePath, {
-                                passphrase: seshatPassphrase,
+                                passphrase,
                             });
 
                             const userVersion = await recoveryIndex.getUserVersion();
@@ -532,14 +559,33 @@ ipcMain.on('seshat', async function(ev, payload) {
                                 await recoveryIndex.reindex();
                             }
 
-                            eventIndex = new Seshat(eventStorePath, {
-                                passphrase: seshatPassphrase,
-                            });
-                        } catch (e) {
-                            sendError(payload.id, e);
-                            return;
+                            return new Seshat(eventStorePath, {passphrase});
+                        } else {
+                            throw (e);
                         }
-                    } else {
+                    }
+                };
+
+                try {
+                    eventIndex = await openSeshat();
+                } catch (e) {
+                    sendError(payload.id, e);
+                    return;
+                }
+
+                if (changePassphrase) {
+                    try {
+                        // Generate a new random passphrase.
+                        const newPassphrase = await randomArray(32);
+                        await keytar.setPassword("element.io", passphraseKey, newPassphrase);
+
+                        // Set the new passphrase, this will close the event
+                        // index.
+                        await eventIndex.changePassphrase(newPassphrase);
+
+                        // Re-open the event index with the new passphrase.
+                        eventIndex = new Seshat(eventStorePath, {newPassphrase});
+                    } catch (e) {
                         sendError(payload.id, e);
                         return;
                     }

yarn.lock

@@ -4186,9 +4186,9 @@ npm-run-path@^2.0.0:
     path-key "^2.0.0"
 
 npm-user-validate@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/npm-user-validate/-/npm-user-validate-1.0.0.tgz#8ceca0f5cea04d4e93519ef72d0557a75122e951"
-  integrity sha1-jOyg9c6gTU6TUZ73LQVXp1Ei6VE=
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/npm-user-validate/-/npm-user-validate-1.0.1.tgz#31428fc5475fe8416023f178c0ab47935ad8c561"
+  integrity sha512-uQwcd/tY+h1jnEaze6cdX/LrhWhoBxfSknxentoqmIuStxUExxjWd3ULMLFPiFUrZKbOVMowH6Jq2FRWfmhcEw==
 
 npm@^6.14.6:
   version "6.14.6"