From 536d1ab5272b8efe5b2ebd459bbdaf999804c76e Mon Sep 17 00:00:00 2001 From: Benjamin Bouvier Date: Thu, 19 Oct 2023 17:55:05 +0200 Subject: [PATCH] feat: allow cross-signing bootstrapping in OIDC too --- crates/matrix-sdk/src/encryption/mod.rs | 3 +++ crates/matrix-sdk/src/matrix_auth/login_builder.rs | 11 +++++------ crates/matrix-sdk/src/oidc/mod.rs | 11 +++++++++++ 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/crates/matrix-sdk/src/encryption/mod.rs b/crates/matrix-sdk/src/encryption/mod.rs index c700624e4..34846c67a 100644 --- a/crates/matrix-sdk/src/encryption/mod.rs +++ b/crates/matrix-sdk/src/encryption/mod.rs @@ -89,6 +89,9 @@ pub use crate::error::RoomKeyImportError; pub struct EncryptionSettings { /// Automatically bootstrap cross-signing for a user once they're logged, in /// case it's not already done yet. + /// + /// This requires to login with a username and password, or that MSC3967 is + /// enabled on the server, as of 2023-10-20. pub auto_enable_cross_signing: bool, } diff --git a/crates/matrix-sdk/src/matrix_auth/login_builder.rs b/crates/matrix-sdk/src/matrix_auth/login_builder.rs index 90ca4c223..7ba65e4df 100644 --- a/crates/matrix-sdk/src/matrix_auth/login_builder.rs +++ b/crates/matrix-sdk/src/matrix_auth/login_builder.rs @@ -188,17 +188,16 @@ impl LoginBuilder { let response = client.send(request, Some(RequestConfig::short_retry())).await?; self.auth.receive_login_response(&response).await?; - // TODO: This is not a good place for this and it will block login for a while. + // This may block login for a while, but the user asked for it! + // TODO: (#2763) put this into a background task. #[cfg(feature = "e2e-encryption")] - { - // TODO: We need to test each of those. How does this work for OIDC again? + if self.auth.client.encryption().settings().auto_enable_cross_signing { + // TODO: We need to test each of those. let auth_data = match login_info { login::v3::LoginInfo::Password(p) => { Some(AuthData::Password(Password::new(p.identifier, p.password))) } - login::v3::LoginInfo::Token(t) => { - Some(AuthData::RegistrationToken(RegistrationToken::new(t.token))) - } + // Other methods can't be immediately translated to an auth. _ => None, }; diff --git a/crates/matrix-sdk/src/oidc/mod.rs b/crates/matrix-sdk/src/oidc/mod.rs index d7320d429..727a50040 100644 --- a/crates/matrix-sdk/src/oidc/mod.rs +++ b/crates/matrix-sdk/src/oidc/mod.rs @@ -912,8 +912,19 @@ impl Oidc { }; self.client.base_client().set_session_meta(session).await.map_err(crate::Error::from)?; + // At this point the Olm machine has been set up. + + // Enable the cross-process lock for refreshes, if needs be. self.deferred_enable_cross_process_refresh_lock().await?; + // Bootstrap cross signing, if needs be. + // TODO: (#2763) put this into a background task. + if self.client.encryption().settings().auto_enable_cross_signing { + // According to MSC3967, OIDC doesn't require User-Interactive Authentication to + // call this API. Let's find out! + self.client.encryption().bootstrap_cross_signing_if_needed(None).await?; + } + if let Some(cross_process_manager) = self.ctx().cross_process_token_refresh_manager.get() { if let Some(tokens) = self.session_tokens() { let mut cross_process_guard = cross_process_manager