feat: allow cross-signing bootstrapping in OIDC too

2026-05-08 07:56:55 -04:00 · 2023-10-19 17:55:05 +02:00
parent 0754c75436
commit 536d1ab527
3 changed files with 19 additions and 6 deletions
--- a/crates/matrix-sdk/src/encryption/mod.rs
+++ b/crates/matrix-sdk/src/encryption/mod.rs
@@ -89,6 +89,9 @@ pub use crate::error::RoomKeyImportError;
 pub struct EncryptionSettings {
    /// Automatically bootstrap cross-signing for a user once they're logged, in
    /// case it's not already done yet.
+    ///
+    /// This requires to login with a username and password, or that MSC3967 is
+    /// enabled on the server, as of 2023-10-20.
    pub auto_enable_cross_signing: bool,
 }

--- a/crates/matrix-sdk/src/matrix_auth/login_builder.rs
+++ b/crates/matrix-sdk/src/matrix_auth/login_builder.rs
@@ -188,17 +188,16 @@ impl LoginBuilder {
        let response = client.send(request, Some(RequestConfig::short_retry())).await?;
        self.auth.receive_login_response(&response).await?;

-        // TODO: This is not a good place for this and it will block login for a while.
+        // This may block login for a while, but the user asked for it!
+        // TODO: (#2763) put this into a background task.
        #[cfg(feature = "e2e-encryption")]
-        {
-            // TODO: We need to test each of those. How does this work for OIDC again?
+        if self.auth.client.encryption().settings().auto_enable_cross_signing {
+            // TODO: We need to test each of those.
            let auth_data = match login_info {
                login::v3::LoginInfo::Password(p) => {
                    Some(AuthData::Password(Password::new(p.identifier, p.password)))
                }
-                login::v3::LoginInfo::Token(t) => {
-                    Some(AuthData::RegistrationToken(RegistrationToken::new(t.token)))
-                }
+                // Other methods can't be immediately translated to an auth.
                _ => None,
            };

--- a/crates/matrix-sdk/src/oidc/mod.rs
+++ b/crates/matrix-sdk/src/oidc/mod.rs
@@ -912,8 +912,19 @@ impl Oidc {
        };

        self.client.base_client().set_session_meta(session).await.map_err(crate::Error::from)?;
+        // At this point the Olm machine has been set up.
+
+        // Enable the cross-process lock for refreshes, if needs be.
        self.deferred_enable_cross_process_refresh_lock().await?;

+        // Bootstrap cross signing, if needs be.
+        // TODO: (#2763) put this into a background task.
+        if self.client.encryption().settings().auto_enable_cross_signing {
+            // According to MSC3967, OIDC doesn't require User-Interactive Authentication to
+            // call this API. Let's find out!
+            self.client.encryption().bootstrap_cross_signing_if_needed(None).await?;
+        }
+
        if let Some(cross_process_manager) = self.ctx().cross_process_token_refresh_manager.get() {
            if let Some(tokens) = self.session_tokens() {
                let mut cross_process_guard = cross_process_manager