From 19d7799324a658be55857b3a08476afbc4a9e607 Mon Sep 17 00:00:00 2001
From: Hocuri <hocuri@gmx.de>
Date: Fri, 24 Oct 2025 20:07:29 +0200
Subject: [PATCH] feat: Be more generous with marking contacts as verified for
 now (#7336)

Context: PR #7116 is backwards-incompatible with versions older than
v2.21, and since the release hasn't reached all users yet, we currently
can't release from main; for details see #7326.

Issue #7326 explains how we can make this less breaking, but this only
works if many contacts are verified. So, this PR here proposes to
postpone the stricter rules for who is verified a bit:

- Set verification timeout for invite codes to 1 week (this is still
stricter than no timeout at all, which we had in the past)
- Don't reset indirect verifications yet

In a few months (when everyone has v2.22.0), we can revert the PR here,
then.

---------

Co-authored-by: l <link2xt@testrun.org>
---
 src/securejoin.rs     | 13 +++++++++++--
 src/sql/migrations.rs | 10 +---------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/securejoin.rs b/src/securejoin.rs
index 92cfd8998..96b410a6f 100644
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -33,6 +33,15 @@ pub(crate) use qrinvite::QrInvite;
 
 use crate::token::Namespace;
 
+/// Only new QR codes cause a verification on Alice's side.
+/// When a QR code is too old, it is assumed that there was no direct QR scan,
+/// and that the QR code was potentially published on a website,
+/// so, Alice doesn't mark Bob as verified.
+// TODO For backwards compatibility reasons, this is still using a rather large value.
+// Set this to a lower value (e.g. 10 minutes)
+// when Delta Chat v2.22.0 is sufficiently rolled out
+const VERIFICATION_TIMEOUT_SECONDS: i64 = 7 * 24 * 3600;
+
 fn inviter_progress(
     context: &Context,
     contact_id: ContactId,
@@ -465,8 +474,8 @@ pub(crate) async fn handle_securejoin_handshake(
             }
             info!(context, "Fingerprint verified via Auth code.",);
 
-            // Mark the contact as verified if auth code is 600 seconds old.
-            if time() < timestamp + 600 {
+            // Mark the contact as verified if auth code is less than VERIFICATION_TIMEOUT_SECONDS seconds old.
+            if time() < timestamp + VERIFICATION_TIMEOUT_SECONDS {
                 mark_contact_id_as_verified(context, contact_id, Some(ContactId::SELF)).await?;
             }
             contact_id.regossip_keys(context).await?;
diff --git a/src/sql/migrations.rs b/src/sql/migrations.rs
index 2958e67f5..6bd56c91c 100644
--- a/src/sql/migrations.rs
+++ b/src/sql/migrations.rs
@@ -1261,15 +1261,7 @@ CREATE INDEX gossip_timestamp_index ON gossip_timestamp (chat_id, fingerprint);
         .await?;
     }
 
-    inc_and_check(&mut migration_version, 134)?;
-    if dbversion < migration_version {
-        // Reset all indirect verifications.
-        sql.execute_migration(
-            "UPDATE contacts SET verifier=0 WHERE verifier!=1",
-            migration_version,
-        )
-        .await?;
-    }
+    inc_and_check(&mut migration_version, 134)?; // Migration 134 was removed
 
     inc_and_check(&mut migration_version, 135)?;
     if dbversion < migration_version {