From 3253d427eccd25653f734c6b3ee6d15d21f15c61 Mon Sep 17 00:00:00 2001
From: "B. Petersen" <r10s@b44t.com>
Date: Sun, 17 Oct 2021 14:08:11 +0200
Subject: [PATCH] do not downgrade protected chats over the wire

downgrading is possible only for oneself,
not for the whole group.

enabling is still done for all as a "best effort".

this gives the user who enabled protection
strong guarantess about ones state.

downside may be different views on a chat by different users,
however, that could also happen before.
---
 src/dc_receive_imf.rs | 45 ++++++++++++++++++++++++-------------------
 1 file changed, 25 insertions(+), 20 deletions(-)

diff --git a/src/dc_receive_imf.rs b/src/dc_receive_imf.rs
index 99abc7a72..434282114 100644
--- a/src/dc_receive_imf.rs
+++ b/src/dc_receive_imf.rs
@@ -955,35 +955,40 @@ async fn add_parts(
                 warn!(context, "verification problem: {}", err);
                 let s = format!("{}. See 'Info' for more details", err);
                 mime_parser.repl_msg_by_error(s);
-            } else {
-                // change chat protection only when verification check passes
-                if let Some(new_status) = new_status {
-                    if chat_id
+            } else if let Some(new_status) = new_status {
+                if !chat.is_protected()
+                    && new_status == ProtectionStatus::Protected
+                    && chat_id
                         .update_timestamp(
                             context,
                             Param::ProtectionSettingsTimestamp,
                             sent_timestamp,
                         )
                         .await?
+                {
+                    // Upgrade chat to a protected chat.
+                    // As this gives some guarantees to the user,
+                    // we do not allow downgrades over the wire.
+                    if let Err(e) = chat_id
+                        .inner_set_protection(context, ProtectionStatus::Protected)
+                        .await
                     {
-                        if let Err(e) = chat_id.inner_set_protection(context, new_status).await {
-                            chat::add_info_msg(
-                                context,
-                                chat_id,
-                                format!("Cannot set protection: {}", e),
-                                sort_timestamp,
-                            )
-                            .await?;
-                            return Ok(chat_id); // do not return an error as this would result in retrying the message
-                        }
+                        chat::add_info_msg(
+                            context,
+                            chat_id,
+                            format!("Cannot set protection: {}", e),
+                            sort_timestamp,
+                        )
+                        .await?;
+                        return Ok(chat_id); // do not return an error as this would result in retrying the message
                     }
-                    set_better_msg(
-                        mime_parser,
-                        context
-                            .stock_protection_msg(new_status, from_id as u32)
-                            .await,
-                    );
                 }
+                set_better_msg(
+                    mime_parser,
+                    context
+                        .stock_protection_msg(new_status, from_id as u32)
+                        .await,
+                );
             }
         }
     }