fix: don't ignore QR token timestamp from sync messages

src/qr.rs

@@ -19,7 +19,7 @@ use crate::key::Fingerprint;
 use crate::net::http::post_empty;
 use crate::net::proxy::{DEFAULT_SOCKS_PORT, ProxyConfig};
 use crate::token;
-use crate::tools::validate_id;
+use crate::tools::{time, validate_id};
 
 const OPENPGP4FPR_SCHEME: &str = "OPENPGP4FPR:"; // yes: uppercase
 const IDELTACHAT_SCHEME: &str = "https://i.delta.chat/#";
@@ -741,8 +741,16 @@ pub async fn set_config_from_qr(context: &Context, qr: &str) -> Result<()> {
             authcode,
             ..
         } => {
-            token::save(context, token::Namespace::InviteNumber, None, &invitenumber).await?;
-            token::save(context, token::Namespace::Auth, None, &authcode).await?;
+            let timestamp = time();
+            token::save(
+                context,
+                token::Namespace::InviteNumber,
+                None,
+                &invitenumber,
+                timestamp,
+            )
+            .await?;
+            token::save(context, token::Namespace::Auth, None, &authcode, timestamp).await?;
             context.sync_qr_code_tokens(None).await?;
             context.scheduler.interrupt_inbox().await;
         }
@@ -752,14 +760,23 @@ pub async fn set_config_from_qr(context: &Context, qr: &str) -> Result<()> {
             grpid,
             ..
         } => {
+            let timestamp = time();
             token::save(
                 context,
                 token::Namespace::InviteNumber,
                 Some(&grpid),
                 &invitenumber,
+                timestamp,
+            )
+            .await?;
+            token::save(
+                context,
+                token::Namespace::Auth,
+                Some(&grpid),
+                &authcode,
+                timestamp,
             )
             .await?;
-            token::save(context, token::Namespace::Auth, Some(&grpid), &authcode).await?;
             context.sync_qr_code_tokens(Some(&grpid)).await?;
             context.scheduler.interrupt_inbox().await;
         }

src/sync.rs

@@ -258,8 +258,8 @@ impl Context {
         for item in &items.items {
             match &item.data {
                 SyncDataOrUnknown::SyncData(data) => match data {
-                    AddQrToken(token) => self.add_qr_token(token).await,
-                    DeleteQrToken(token) => self.delete_qr_token(token).await,
+                    AddQrToken(token) => self.add_qr_token(token, item.timestamp).await,
+                    DeleteQrToken(token) => self.delete_qr_token(token, item.timestamp).await,
                     AlterChat { id, action } => self.sync_alter_chat(id, action).await,
                     SyncData::Config { key, val } => self.sync_config(key, val).await,
                     SyncData::SaveMessage { src, dest } => self.save_message(src, dest).await,
@@ -284,21 +284,28 @@ impl Context {
         }
     }
 
-    async fn add_qr_token(&self, token: &QrTokenData) -> Result<()> {
+    async fn add_qr_token(&self, token: &QrTokenData, timestamp: i64) -> Result<()> {
         let grpid = token.grpid.as_deref();
-        token::save(self, Namespace::InviteNumber, grpid, &token.invitenumber).await?;
-        token::save(self, Namespace::Auth, grpid, &token.auth).await?;
+        token::save(
+            self,
+            Namespace::InviteNumber,
+            grpid,
+            &token.invitenumber,
+            timestamp,
+        )
+        .await?;
+        token::save(self, Namespace::Auth, grpid, &token.auth, timestamp).await?;
         Ok(())
     }
 
-    async fn delete_qr_token(&self, token: &QrTokenData) -> Result<()> {
+    async fn delete_qr_token(&self, token: &QrTokenData, timestamp: i64) -> Result<()> {
         self.sql
             .execute(
                 "DELETE FROM tokens
                  WHERE foreign_key IN
                  (SELECT foreign_key FROM tokens
-                  WHERE token=? OR token=?)",
-                (&token.invitenumber, &token.auth),
+                  WHERE token=? OR token=? AND timestamp <= ?)",
+                (&token.invitenumber, &token.auth, timestamp),
             )
             .await?;
         Ok(())

src/token.rs

@@ -28,12 +28,13 @@ pub async fn save(
     namespace: Namespace,
     foreign_key: Option<&str>,
     token: &str,
+    timestamp: i64,
 ) -> Result<()> {
     context
         .sql
         .execute(
             "INSERT INTO tokens (namespc, foreign_key, token, timestamp) VALUES (?, ?, ?, ?)",
-            (namespace, foreign_key.unwrap_or(""), token, time()),
+            (namespace, foreign_key.unwrap_or(""), token, timestamp),
         )
         .await?;
     Ok(())
@@ -71,7 +72,8 @@ pub async fn lookup_or_new(
     }
 
     let token = create_id();
-    save(context, namespace, foreign_key, &token).await?;
+    let timestamp = time();
+    save(context, namespace, foreign_key, &token, timestamp).await?;
     Ok(token)
 }