mirror of
https://github.com/chatmail/core.git
synced 2026-05-08 09:26:29 +03:00
fix: do not use Secure-Join-Group header
Alice already knows which auth token corresponds to which group. There is no need to trust Bob on sending the correct group ID.
This commit is contained in:
link2xt
@@ -74,6 +74,11 @@ pub enum HeaderDef {
|
|||||||
Autocrypt,
|
Autocrypt,
|
||||||
AutocryptSetupMessage,
|
AutocryptSetupMessage,
|
||||||
SecureJoin,
|
SecureJoin,
|
||||||
|
|
||||||
|
/// Deprecated header containing Group-ID in `vg-request-with-auth` message.
|
||||||
|
///
|
||||||
|
/// It is not used by Alice as Alice knows the group corresponding to the AUTH token.
|
||||||
|
/// Bob still sends it for backwards compatibility.
|
||||||
SecureJoinGroup,
|
SecureJoinGroup,
|
||||||
SecureJoinFingerprint,
|
SecureJoinFingerprint,
|
||||||
SecureJoinInvitenumber,
|
SecureJoinInvitenumber,
|
||||||
|
|||||||
@@ -398,7 +398,7 @@ pub(crate) async fn handle_securejoin_handshake(
|
|||||||
.await?;
|
.await?;
|
||||||
return Ok(HandshakeMessage::Ignore);
|
return Ok(HandshakeMessage::Ignore);
|
||||||
};
|
};
|
||||||
if !token::exists(context, token::Namespace::Auth, auth).await? {
|
let Some(group_chat_id) = token::auth_chat_id(context, auth).await? else {
|
||||||
could_not_establish_secure_connection(
|
could_not_establish_secure_connection(
|
||||||
context,
|
context,
|
||||||
contact_id,
|
contact_id,
|
||||||
@@ -407,7 +407,8 @@ pub(crate) async fn handle_securejoin_handshake(
|
|||||||
)
|
)
|
||||||
.await?;
|
.await?;
|
||||||
return Ok(HandshakeMessage::Ignore);
|
return Ok(HandshakeMessage::Ignore);
|
||||||
}
|
};
|
||||||
|
|
||||||
let contact_addr = Contact::get_by_id(context, contact_id)
|
let contact_addr = Contact::get_by_id(context, contact_id)
|
||||||
.await?
|
.await?
|
||||||
.get_addr()
|
.get_addr()
|
||||||
@@ -435,41 +436,8 @@ pub(crate) async fn handle_securejoin_handshake(
|
|||||||
info!(context, "Auth verified.",);
|
info!(context, "Auth verified.",);
|
||||||
context.emit_event(EventType::ContactsChanged(Some(contact_id)));
|
context.emit_event(EventType::ContactsChanged(Some(contact_id)));
|
||||||
inviter_progress(context, contact_id, 600);
|
inviter_progress(context, contact_id, 600);
|
||||||
if join_vg {
|
if group_chat_id.is_unset() {
|
||||||
// the vg-member-added message is special:
|
// Setup verified contact.
|
||||||
// this is a normal Chat-Group-Member-Added message
|
|
||||||
// with an additional Secure-Join header
|
|
||||||
let field_grpid = match mime_message.get_header(HeaderDef::SecureJoinGroup) {
|
|
||||||
Some(s) => s.as_str(),
|
|
||||||
None => {
|
|
||||||
warn!(context, "Missing Secure-Join-Group header");
|
|
||||||
return Ok(HandshakeMessage::Ignore);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
match chat::get_chat_id_by_grpid(context, field_grpid).await? {
|
|
||||||
Some((group_chat_id, _, _)) => {
|
|
||||||
secure_connection_established(
|
|
||||||
context,
|
|
||||||
contact_id,
|
|
||||||
group_chat_id,
|
|
||||||
mime_message.timestamp_sent,
|
|
||||||
)
|
|
||||||
.await?;
|
|
||||||
chat::add_contact_to_chat_ex(
|
|
||||||
context,
|
|
||||||
Nosync,
|
|
||||||
group_chat_id,
|
|
||||||
contact_id,
|
|
||||||
true,
|
|
||||||
)
|
|
||||||
.await?;
|
|
||||||
}
|
|
||||||
None => bail!("Chat {} not found", &field_grpid),
|
|
||||||
}
|
|
||||||
inviter_progress(context, contact_id, 800);
|
|
||||||
inviter_progress(context, contact_id, 1000);
|
|
||||||
} else {
|
|
||||||
// Alice -> Bob
|
|
||||||
secure_connection_established(
|
secure_connection_established(
|
||||||
context,
|
context,
|
||||||
contact_id,
|
contact_id,
|
||||||
@@ -482,6 +450,19 @@ pub(crate) async fn handle_securejoin_handshake(
|
|||||||
.context("failed sending vc-contact-confirm message")?;
|
.context("failed sending vc-contact-confirm message")?;
|
||||||
|
|
||||||
inviter_progress(context, contact_id, 1000);
|
inviter_progress(context, contact_id, 1000);
|
||||||
|
} else {
|
||||||
|
// Join group.
|
||||||
|
secure_connection_established(
|
||||||
|
context,
|
||||||
|
contact_id,
|
||||||
|
group_chat_id,
|
||||||
|
mime_message.timestamp_sent,
|
||||||
|
)
|
||||||
|
.await?;
|
||||||
|
chat::add_contact_to_chat_ex(context, Nosync, group_chat_id, contact_id, true)
|
||||||
|
.await?;
|
||||||
|
inviter_progress(context, contact_id, 800);
|
||||||
|
inviter_progress(context, contact_id, 1000);
|
||||||
}
|
}
|
||||||
Ok(HandshakeMessage::Ignore) // "Done" would delete the message and break multi-device (the key from Autocrypt-header is needed)
|
Ok(HandshakeMessage::Ignore) // "Done" would delete the message and break multi-device (the key from Autocrypt-header is needed)
|
||||||
}
|
}
|
||||||
|
|||||||
19
src/token.rs
19
src/token.rs
@@ -114,6 +114,25 @@ pub async fn exists(context: &Context, namespace: Namespace, token: &str) -> Res
|
|||||||
Ok(exists)
|
Ok(exists)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Looks up ChatId by auth token.
|
||||||
|
///
|
||||||
|
/// Returns None if auth token is not valid.
|
||||||
|
/// Returns zero/unset ChatId if the token corresponds to "setup contact" rather than group join.
|
||||||
|
pub async fn auth_chat_id(context: &Context, token: &str) -> Result<Option<ChatId>> {
|
||||||
|
let chat_id: Option<ChatId> = context
|
||||||
|
.sql
|
||||||
|
.query_row_optional(
|
||||||
|
"SELECT foreign_id FROM tokens WHERE namespc=? AND token=?",
|
||||||
|
(Namespace::Auth, token),
|
||||||
|
|row| {
|
||||||
|
let chat_id: ChatId = row.get(0)?;
|
||||||
|
Ok(chat_id)
|
||||||
|
},
|
||||||
|
)
|
||||||
|
.await?;
|
||||||
|
Ok(chat_id)
|
||||||
|
}
|
||||||
|
|
||||||
pub async fn delete(context: &Context, namespace: Namespace, token: &str) -> Result<()> {
|
pub async fn delete(context: &Context, namespace: Namespace, token: &str) -> Result<()> {
|
||||||
context
|
context
|
||||||
.sql
|
.sql
|
||||||
|
|||||||
Reference in New Issue
Block a user