From 60bacbec4758324da0464bb8ca3efce2c0ccb65d Mon Sep 17 00:00:00 2001 From: Hocuri Date: Mon, 31 Jul 2023 18:59:45 +0200 Subject: [PATCH] feat: Don't show a contact as verified if their key changed since the verification (#4574) Don't show a contact as verified if their key changed in the meantime If a contact's key changed since the verification, then it's very unlikely that they still have the old, verified key. So, don't show them as verified anymore. This also means that you can't add a contact like this to a verified group, which is good. The documentation actually already described this (new) behavior: ```rust /// and if the key has not changed since this verification. ``` so, this adapts the code to the documentation. --- src/contact.rs | 3 +-- src/tests/verified_chats.rs | 13 ++++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/contact.rs b/src/contact.rs index be3bbd105..2998ae1ad 100644 --- a/src/contact.rs +++ b/src/contact.rs @@ -1211,7 +1211,6 @@ impl Contact { /// and if the key has not changed since this verification. /// /// The UI may draw a checkbox or something like that beside verified contacts. - /// pub async fn is_verified(&self, context: &Context) -> Result { // We're always sort of secured-verified as we could verify the key on this device any time with the key // on this device @@ -1220,7 +1219,7 @@ impl Contact { } if let Some(peerstate) = Peerstate::from_addr(context, &self.addr).await? { - if peerstate.verified_key.is_some() { + if peerstate.is_using_verified_key() { return Ok(VerifiedStatus::BidirectVerified); } } diff --git a/src/tests/verified_chats.rs b/src/tests/verified_chats.rs index e8a8f3e7f..131cf4b2a 100644 --- a/src/tests/verified_chats.rs +++ b/src/tests/verified_chats.rs @@ -627,7 +627,18 @@ async fn test_break_protection_then_verify_again() -> Result<()> { e2ee::ensure_secret_key_exists(&bob_new).await?; tcm.send_recv(&bob_new, &alice, "I have a new device").await; - assert_verified(&alice, &bob_new, ProtectionStatus::ProtectionBroken).await; + + let contact = alice.add_or_lookup_contact(&bob_new).await; + assert_eq!( + contact.is_verified(&alice).await.unwrap(), + // Bob sent a message with a new key, so he most likely doesn't have + // the old key anymore. This means that Alice's device should show + // him as unverified: + VerifiedStatus::Unverified + ); + let chat = alice.get_chat(&bob_new).await.unwrap(); + assert_eq!(chat.is_protected(), false); + assert_eq!(chat.is_protection_broken(), true); { let alice_bob_chat = alice.get_chat(&bob_new).await.unwrap();