feat: Make one-to-one chats read-only the first seconds of a SecureJoin (#5512)

This protects Bob (the joiner) of sending unexpected-unencrypted messages during an otherwise nicely running SecureJoin. If things get stuck, however, we do not want to block communication -- the chat is just opportunistic as usual, but that needs to be communicated: 1. If Bob's chat with Alice is `Unprotected` and a SecureJoin is started, then add info-message "Establishing guaranteed end-to-end encryption, please wait..." and let `Chat::can_send()` return `false`. 2. Once the info-message "Messages are guaranteed to be e2ee from now on" is added, let `Chat::can_send()` return `true`. 3. If after SECUREJOIN_WAIT_TIMEOUT seconds `2.` did not happen, add another info-message "Could not yet establish guaranteed end-to-end encryption but you may already send a message" and also let `Chat::can_send()` return `true`. Both `2.` and `3.` require the event `ChatModified` being sent out so that UI pick up the change wrt `Chat::can_send()` (this is the same way how groups become updated wrt `can_send()` changes). SECUREJOIN_WAIT_TIMEOUT should be 10-20 seconds so that we are reasonably sure that the app remains active and receiving also on mobile devices. If the app is killed during this time then we may need to do step 3 for any pending Bob-join chats (right now, Bob can only join one chat at a time).
2026-04-18 14:06:29 +03:00 · 2024-05-07 18:47:26 -03:00
parent edf8aafbdc
commit 518db9a20f
10 changed files with 221 additions and 30 deletions
--- a/src/sql.rs
+++ b/src/sql.rs
@@ -8,7 +8,7 @@ use rusqlite::{config::DbConfig, types::ValueRef, Connection, OpenFlags, Row};
 use tokio::sync::{Mutex, MutexGuard, RwLock};

 use crate::blob::BlobObject;
-use crate::chat::{add_device_msg, update_device_icon, update_saved_messages_icon};
+use crate::chat::{self, add_device_msg, update_device_icon, update_saved_messages_icon};
 use crate::config::Config;
 use crate::constants::DC_CHAT_ID_TRASH;
 use crate::context::Context;
@@ -289,21 +289,23 @@ impl Sql {
        let passphrase_nonempty = !passphrase.is_empty();
        if let Err(err) = self.try_open(context, &self.dbfile, passphrase).await {
            self.close().await;
-            Err(err)
-        } else {
-            info!(context, "Opened database {:?}.", self.dbfile);
-            *self.is_encrypted.write().await = Some(passphrase_nonempty);
-
-            // setup debug logging if there is an entry containing its id
-            if let Some(xdc_id) = self
-                .get_raw_config_u32(Config::DebugLogging.as_ref())
-                .await?
-            {
-                set_debug_logging_xdc(context, Some(MsgId::new(xdc_id))).await?;
-            }
-
-            Ok(())
+            return Err(err);
        }
+        info!(context, "Opened database {:?}.", self.dbfile);
+        *self.is_encrypted.write().await = Some(passphrase_nonempty);
+
+        // setup debug logging if there is an entry containing its id
+        if let Some(xdc_id) = self
+            .get_raw_config_u32(Config::DebugLogging.as_ref())
+            .await?
+        {
+            set_debug_logging_xdc(context, Some(MsgId::new(xdc_id))).await?;
+        }
+        chat::resume_securejoin_wait(context)
+            .await
+            .log_err(context)
+            .ok();
+        Ok(())
    }

    /// Changes the passphrase of encrypted database.