feat: Be more generous with marking contacts as verified for now (#7336)

Context: PR #7116 is backwards-incompatible with versions older than v2.21, and since the release hasn't reached all users yet, we currently can't release from main; for details see #7326. Issue #7326 explains how we can make this less breaking, but this only works if many contacts are verified. So, this PR here proposes to postpone the stricter rules for who is verified a bit: - Set verification timeout for invite codes to 1 week (this is still stricter than no timeout at all, which we had in the past) - Don't reset indirect verifications yet In a few months (when everyone has v2.22.0), we can revert the PR here, then. --------- Co-authored-by: l <link2xt@testrun.org>
2026-04-21 15:36:30 +03:00 · 2025-10-24 20:07:29 +02:00
parent 24e18c1485
commit 19d7799324
2 changed files with 12 additions and 11 deletions
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -33,6 +33,15 @@ pub(crate) use qrinvite::QrInvite;

 use crate::token::Namespace;

+/// Only new QR codes cause a verification on Alice's side.
+/// When a QR code is too old, it is assumed that there was no direct QR scan,
+/// and that the QR code was potentially published on a website,
+/// so, Alice doesn't mark Bob as verified.
+// TODO For backwards compatibility reasons, this is still using a rather large value.
+// Set this to a lower value (e.g. 10 minutes)
+// when Delta Chat v2.22.0 is sufficiently rolled out
+const VERIFICATION_TIMEOUT_SECONDS: i64 = 7 * 24 * 3600;
+
 fn inviter_progress(
    context: &Context,
    contact_id: ContactId,
@@ -465,8 +474,8 @@ pub(crate) async fn handle_securejoin_handshake(
            }
            info!(context, "Fingerprint verified via Auth code.",);

-            // Mark the contact as verified if auth code is 600 seconds old.
-            if time() < timestamp + 600 {
+            // Mark the contact as verified if auth code is less than VERIFICATION_TIMEOUT_SECONDS seconds old.
+            if time() < timestamp + VERIFICATION_TIMEOUT_SECONDS {
                mark_contact_id_as_verified(context, contact_id, Some(ContactId::SELF)).await?;
            }
            contact_id.regossip_keys(context).await?;