Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-27 02:16:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Don't include the broadcast's shared secret in the QR code

Browse Source
This commit is contained in:
Hocuri
2025-08-07 11:42:55 +02:00
parent 738f6c1799
commit db32f1142c
6 changed files with 37 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/qr.rs
View File

@@ -20,7 +20,7 @@ use crate::message::Message;
use crate::net::http::post_empty;
use crate::net::proxy::{DEFAULT_SOCKS_PORT, ProxyConfig};
use crate::token;
use crate::tools::{validate_broadcast_shared_secret, validate_id};
use crate::tools::validate_id;
const OPENPGP4FPR_SCHEME: &str = "OPENPGP4FPR:"; // yes: uppercase
const IDELTACHAT_SCHEME: &str = "https://i.delta.chat/#";
@@ -97,8 +97,6 @@ pub enum Qr {
fingerprint: Fingerprint,
authcode: String,
shared_secret: String,
},
/// Contact fingerprint is verified.
@@ -398,7 +396,7 @@ pub fn format_backup(qr: &Qr) -> Result<String> {
/// scheme: `OPENPGP4FPR:FINGERPRINT#a=ADDR&n=NAME&i=INVITENUMBER&s=AUTH`
/// or: `OPENPGP4FPR:FINGERPRINT#a=ADDR&g=GROUPNAME&x=GROUPID&i=INVITENUMBER&s=AUTH`
/// or: `OPENPGP4FPR:FINGERPRINT#a=ADDR&g=BROADCAST_NAME&x=BROADCAST_ID&s=AUTH&b=BROADCAST_SHARED_SECRET`
/// or: `OPENPGP4FPR:FINGERPRINT#a=ADDR&b=BROADCAST_NAME&x=BROADCAST_ID&s=AUTH`
/// or: `OPENPGP4FPR:FINGERPRINT#a=ADDR`
async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
let payload = qr
@@ -457,24 +455,9 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
.get("x")
.filter(|&s| validate_id(s))
.map(|s| s.to_string());
let broadcast_shared_secret = param
.get("b")
.filter(|&s| validate_broadcast_shared_secret(s))
.map(|s| s.to_string());
let grpname = if grpid.is_some() {
if let Some(encoded_name) = param.get("g") {
let encoded_name = encoded_name.replace('+', "%20"); // sometimes spaces are encoded as `+`
match percent_decode_str(&encoded_name).decode_utf8() {
Ok(name) => Some(name.to_string()),
Err(err) => bail!("Invalid group name: {}", err),
}
} else {
None
}
} else {
None
};
let grpname = decode_chat_name(&param, &grpid, "g")?;
let broadcast_name = decode_chat_name(&param, &grpid, "b")?;
if let (Some(addr), Some(invitenumber), Some(authcode)) =
(&addr, invitenumber, authcode.clone())
@@ -549,13 +532,8 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
authcode,
})
}
} else if let (
Some(addr),
Some(broadcast_name),
Some(grpid),
Some(authcode),
Some(shared_secret),
) = (&addr, grpname, grpid, authcode, broadcast_shared_secret)
} else if let (Some(addr), Some(broadcast_name), Some(grpid), Some(authcode)) =
(&addr, broadcast_name, grpid, authcode)
{
// This is a broadcast channel invite link.
// TODO code duplication with the previous block
@@ -577,7 +555,6 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
contact_id,
fingerprint,
authcode,
shared_secret,
})
} else if let Some(addr) = addr {
let fingerprint = fingerprint.hex();
@@ -600,6 +577,26 @@ async fn decode_openpgp(context: &Context, qr: &str) -> Result<Qr> {
}
}
fn decode_chat_name(
param: &BTreeMap<&str, &str>,
grpid: &Option<String>,
key: &str,
) -> Result<Option<String>> {
if grpid.is_some() {
if let Some(encoded_name) = param.get(key) {
let encoded_name = encoded_name.replace('+', "%20"); // sometimes spaces are encoded as `+`
match percent_decode_str(&encoded_name).decode_utf8() {
Ok(name) => Ok(Some(name.to_string())),
Err(err) => bail!("Invalid group name: {}", err),
}
} else {
Ok(None)
}
} else {
Ok(None)
}
}
/// scheme: `https://i.delta.chat[/]#FINGERPRINT&a=ADDR[&OPTIONAL_PARAMS]`
async fn decode_ideltachat(context: &Context, prefix: &str, qr: &str) -> Result<Qr> {
let qr = qr.replacen(prefix, OPENPGP4FPR_SCHEME, 1);