some wip

- iroh-net -> iroh
- iroh-gossip uses hex by default, use base32 manually to keep backwards compat
- use the new `iroh::protocol::Router` to manage the gossip integration

.github/workflows/ci.yml

@@ -24,7 +24,7 @@ jobs:
     name: Lint Rust
     runs-on: ubuntu-latest
     env:
-      RUSTUP_TOOLCHAIN: 1.82.0
+      RUSTUP_TOOLCHAIN: 1.83.0
     steps:
       - uses: actions/checkout@v4
         with:
@@ -37,8 +37,10 @@ jobs:
         run: cargo fmt --all -- --check
       - name: Run clippy
         run: scripts/clippy.sh
-      - name: Check
+      - name: Check with all features
         run: cargo check --workspace --all-targets --all-features
+      - name: Check with only default features
+        run: cargo check --all-targets
 
   npm_constants:
     name: Check if node constants are up to date
@@ -95,11 +97,11 @@ jobs:
       matrix:
         include:
           - os: ubuntu-latest
-            rust: 1.82.0
+            rust: 1.83.0
           - os: windows-latest
-            rust: 1.82.0
+            rust: 1.83.0
           - os: macos-latest
-            rust: 1.82.0
+            rust: 1.83.0
 
           # Minimum Supported Rust Version = 1.77.0
           - os: ubuntu-latest

CHANGELOG.md

@@ -1,5 +1,62 @@
 # Changelog
 
+## [1.151.4] - 2024-12-03
+
+### Features / Changes
+
+- Encrypt notification tokens.
+
+### Fixes
+
+- Replace connectivity state "Connected" with "Preparing".
+
+### Miscellaneous Tasks
+
+- Beta clippy suggestions ([#6271](https://github.com/deltachat/deltachat-core-rust/pull/6271)).
+
+### Tests
+
+- Fix `cargo check` for `receive_emails` benchmark.
+
+### CI
+
+- Also run cargo check without all-features.
+
+## [1.151.3] - 2024-12-02
+
+### API-Changes
+
+- Remove experimental `request_internet_access` option from webxdc's `manifest.toml`.
+- Add getWebxdcHref to json api ([#6281](https://github.com/deltachat/deltachat-core-rust/pull/6281)).
+
+### CI
+
+- Update Rust to 1.83.0.
+
+### Documentation
+
+- Update dc_msg_get_info_type() and dc_get_securejoin_qr() ([#6269](https://github.com/deltachat/deltachat-core-rust/pull/6269)).
+- Fix references to iroh-related headers in peer_channels docs.
+- Improve CFFI docs, link to corresponding JSON-RPC docs.
+
+### Features / Changes
+
+- Allow the user to replace maps integration ([#5678](https://github.com/deltachat/deltachat-core-rust/pull/5678)).
+- Mark saved messages chat as protected.
+
+### Fixes
+
+- Close iroh endpoint when I/O is stopped.
+- Do not add protection messages to Saved Messages chat.
+- Mark Saved Messages chat as protected if it exists.
+- Sync chat action even if sync message arrives before first one from contact ([#6259](https://github.com/deltachat/deltachat-core-rust/pull/6259)).
+
+### Refactor
+
+- Remove some .unwrap() calls.
+- Create_status_update_record: Remove double check of info_msg_id.
+- Use Option::or_else() to dedup emitting IncomingWebxdcNotify.
+
 ## [1.151.2] - 2024-11-26
 
 ### API-Changes
@@ -372,7 +429,7 @@ This reverts commit 6f22ce2722b51773d7fbb0d89e4764f963cafd91..
 - Reset quota on configured address change ([#5908](https://github.com/deltachat/deltachat-core-rust/pull/5908)).
 - Do not emit progress 1000 when configuration is cancelled.
 - Assume file extensions are 32 chars max and don't contain whitespace ([#5338](https://github.com/deltachat/deltachat-core-rust/pull/5338)).
-- Readd tokens.foreign_id column ([#6038](https://github.com/deltachat/deltachat-core-rust/pull/6038)).
+- Re-add tokens.foreign_id column ([#6038](https://github.com/deltachat/deltachat-core-rust/pull/6038)).
 
 ### Miscellaneous Tasks
 
@@ -963,7 +1020,7 @@ This reverts commit 6f22ce2722b51773d7fbb0d89e4764f963cafd91..
 
 ### Tests
 
-- deltachat-rpc-client: reenable `log_cli`.
+- deltachat-rpc-client: re-enable `log_cli`.
 
 ## [1.140.0] - 2024-06-04
 
@@ -1900,7 +1957,7 @@ This reverts commit 6f22ce2722b51773d7fbb0d89e4764f963cafd91..
   - Mark 1:1 chat as verified for Bob early. 1:1 chat with Alice is verified as soon as Alice's key is verified rather than at the end of the protocol.
 - Put Message-ID into hidden headers and take it from there on receiver ([#4798](https://github.com/deltachat/deltachat-core-rust/pull/4798)). This works around servers which generate their own Message-ID and overwrite the one generated by Delta Chat.
 - deltachat-repl: Enable INFO logging by default and add timestamps.
-- Add `ConfigSynced` (`DC_EVENT_CONFIG_SYNCED`) event which is emitted when configuration is changed via synchronization message or synchronization message for configuration is sent. UI may refresh elments based on the configuration key which is a part of the event.
+- Add `ConfigSynced` (`DC_EVENT_CONFIG_SYNCED`) event which is emitted when configuration is changed via synchronization message or synchronization message for configuration is sent. UI may refresh elements based on the configuration key which is a part of the event.
 - Sync contact creation/rename across devices ([#5163](https://github.com/deltachat/deltachat-core-rust/pull/5163)).
 - Encrypt MDNs ([#5175](https://github.com/deltachat/deltachat-core-rust/pull/5175)).
 - Only try to configure non-strict TLS checks if explicitly set ([#5181](https://github.com/deltachat/deltachat-core-rust/pull/5181)).
@@ -5369,3 +5426,5 @@ https://github.com/deltachat/deltachat-core-rust/pulls?q=is%3Apr+is%3Aclosed
 [1.151.0]: https://github.com/deltachat/deltachat-core-rust/compare/v1.150.0..v1.151.0
 [1.151.1]: https://github.com/deltachat/deltachat-core-rust/compare/v1.151.0..v1.151.1
 [1.151.2]: https://github.com/deltachat/deltachat-core-rust/compare/v1.151.1..v1.151.2
+[1.151.3]: https://github.com/deltachat/deltachat-core-rust/compare/v1.151.2..v1.151.3
+[1.151.4]: https://github.com/deltachat/deltachat-core-rust/compare/v1.151.3..v1.151.4

CONTRIBUTING.md

@@ -81,7 +81,7 @@ If you want to contribute a code, follow this guide.
    CI runs the tests and checks code formatting.
 
    While it is running, self-review your PR to make sure all the changes you expect are there
-   and there are no accidentally commited unrelated changes and files.
+   and there are no accidentally committed unrelated changes and files.
 
    Push the necessary fixup commits or force-push to your branch if needed.
 

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat"
-version = "1.151.2"
+version = "1.151.4"
 edition = "2021"
 license = "MPL-2.0"
 rust-version = "1.77"
@@ -43,7 +43,7 @@ async-broadcast = "0.7.1"
 async-channel = { workspace = true }
 async-imap = { version = "0.10.2", default-features = false, features = ["runtime-tokio", "compress"] }
 async-native-tls = { version = "0.5", default-features = false, features = ["runtime-tokio"] }
-async-smtp = { version = "0.9", default-features = false, features = ["runtime-tokio"] }
+async-smtp = { version = "0.10", default-features = false, features = ["runtime-tokio"] }
 async_zip = { version = "0.0.17", default-features = false, features = ["deflate", "tokio-fs"] }
 base64 = { workspace = true }
 brotli = { version = "7", default-features=false, features = ["std"] }
@@ -62,10 +62,11 @@ http-body-util = "0.1.2"
 humansize = "2"
 hyper = "1"
 hyper-util = "0.1.10"
-image = { version = "0.25.4", default-features=false, features = ["gif", "jpeg", "ico", "png", "pnm", "webp", "bmp"] }
-iroh-gossip = { version = "0.28.1", default-features = false, features = ["net"] }
-iroh-net = { version = "0.28.1", default-features = false }
-kamadak-exif = "0.6.0"
+image = { version = "0.25.5", default-features=false, features = ["gif", "jpeg", "ico", "png", "pnm", "webp", "bmp"] }
+iroh-gossip = { version = "0.29", default-features = false, features = ["net"] }
+iroh = { version = "0.29", default-features = false }
+iroh-base = { version = "0.29", features = ["base32"] }
+kamadak-exif = "0.6.1"
 lettre_email = { git = "https://github.com/deltachat/lettre", branch = "master" }
 libc = { workspace = true }
 mailparse = "0.15"
@@ -86,7 +87,7 @@ regex = { workspace = true }
 rusqlite = { workspace = true, features = ["sqlcipher"] }
 rust-hsluv = "0.1"
 rustls-pki-types = "1.10.0"
-rustls = { version = "0.23.14", default-features = false }
+rustls = { version = "0.23.19", default-features = false }
 sanitize-filename = { workspace = true }
 serde_json = { workspace = true }
 serde_urlencoded = "0.7.1"
@@ -109,7 +110,7 @@ tokio = { workspace = true, features = ["fs", "rt-multi-thread", "macros"] }
 toml = "0.8"
 url = "2"
 uuid = { version = "1", features = ["serde", "v4"] }
-webpki-roots = "0.26.6"
+webpki-roots = "0.26.7"
 
 [dev-dependencies]
 anyhow = { workspace = true, features = ["backtrace"] } # Enable `backtrace` feature in tests.
@@ -122,6 +123,7 @@ proptest = { version = "1", default-features = false, features = ["std"] }
 tempfile = { workspace = true }
 testdir = "0.9.0"
 tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }
+tracing-subscriber.workspace = true
 
 [workspace]
 members = [
@@ -150,6 +152,7 @@ harness = false
 
 [[bench]]
 name = "receive_emails"
+required-features = ["internals"]
 harness = false
 
 [[bench]]
@@ -173,7 +176,7 @@ deltachat-contact-tools = { path = "deltachat-contact-tools" }
 deltachat-jsonrpc = { path = "deltachat-jsonrpc", default-features = false }
 deltachat = { path = ".", default-features = false }
 futures = "0.3.31"
-futures-lite = "2.4.0"
+futures-lite = "2.5.0"
 libc = "0.2"
 log = "0.4"
 nu-ansi-term = "0.46"
@@ -185,7 +188,7 @@ rusqlite = "0.32"
 sanitize-filename = "0.5"
 serde = "1.0"
 serde_json = "1"
-tempfile = "3.13.0"
+tempfile = "3.14.0"
 thiserror = "1"
 tokio = "1"
 tokio-util = "0.7.11"

benches/receive_emails.rs

@@ -12,18 +12,18 @@ use deltachat::{
 };
 use tempfile::tempdir;
 
-async fn recv_all_emails(context: Context) -> Context {
+async fn recv_all_emails(context: Context, iteration: u32) -> Context {
     for i in 0..100 {
         let imf_raw = format!(
             "Subject: Benchmark
-Message-ID: Mr.OssSYnOFkhR.{i}@testrun.org
+Message-ID: Mr.{iteration}.{i}@testrun.org
 Date: Sat, 07 Dec 2019 19:00:27 +0000
 To: alice@example.com
 From: sender@testrun.org
 Chat-Version: 1.0
 Chat-Disposition-Notification-To: sender@testrun.org
 Chat-User-Avatar: 0
-In-Reply-To: Mr.OssSYnOFkhR.{i_dec}@testrun.org
+In-Reply-To: Mr.{iteration}.{i_dec}@testrun.org
 MIME-Version: 1.0
 
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
@@ -41,11 +41,11 @@ Hello {i}",
 
 /// Receive 100 emails that remove charlie@example.com and add
 /// him back
-async fn recv_groupmembership_emails(context: Context) -> Context {
+async fn recv_groupmembership_emails(context: Context, iteration: u32) -> Context {
     for i in 0..50 {
         let imf_raw = format!(
             "Subject: Benchmark
-Message-ID: Gr.OssSYnOFkhR.{i}@testrun.org
+Message-ID: Gr.{iteration}.ADD.{i}@testrun.org
 Date: Sat, 07 Dec 2019 19:00:27 +0000
 To: alice@example.com, b@example.com, c@example.com, d@example.com, e@example.com, f@example.com
 From: sender@testrun.org
@@ -53,13 +53,12 @@ Chat-Version: 1.0
 Chat-Disposition-Notification-To: sender@testrun.org
 Chat-User-Avatar: 0
 Chat-Group-Member-Added: charlie@example.com
-In-Reply-To: Gr.OssSYnOFkhR.{i_dec}@testrun.org
+In-Reply-To: Gr.{iteration}.REMOVE.{i_dec}@testrun.org
 MIME-Version: 1.0
 
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 
 Hello {i}",
-            i = i,
             i_dec = i - 1,
         );
         receive_imf(&context, black_box(imf_raw.as_bytes()), false)
@@ -68,7 +67,7 @@ Hello {i}",
 
         let imf_raw = format!(
             "Subject: Benchmark
-Message-ID: Gr.OssSYnOFkhR.{i}@testrun.org
+Message-ID: Gr.{iteration}.REMOVE.{i}@testrun.org
 Date: Sat, 07 Dec 2019 19:00:27 +0000
 To: alice@example.com, b@example.com, c@example.com, d@example.com, e@example.com, f@example.com
 From: sender@testrun.org
@@ -76,14 +75,12 @@ Chat-Version: 1.0
 Chat-Disposition-Notification-To: sender@testrun.org
 Chat-User-Avatar: 0
 Chat-Group-Member-Removed: charlie@example.com
-In-Reply-To: Gr.OssSYnOFkhR.{i_dec}@testrun.org
+In-Reply-To: Gr.{iteration}.ADD.{i}@testrun.org
 MIME-Version: 1.0
 
 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=no
 
-Hello {i}",
-            i = i,
-            i_dec = i - 1,
+Hello {i}"
         );
         receive_imf(&context, black_box(imf_raw.as_bytes()), false)
             .await
@@ -129,11 +126,13 @@ fn criterion_benchmark(c: &mut Criterion) {
     group.bench_function("Receive 100 simple text msgs", |b| {
         let rt = tokio::runtime::Runtime::new().unwrap();
         let context = rt.block_on(create_context());
+        let mut i = 0;
 
         b.to_async(&rt).iter(|| {
             let ctx = context.clone();
+            i += 1;
             async move {
-                recv_all_emails(black_box(ctx)).await;
+                recv_all_emails(black_box(ctx), i).await;
             }
         });
     });
@@ -142,11 +141,13 @@ fn criterion_benchmark(c: &mut Criterion) {
         |b| {
             let rt = tokio::runtime::Runtime::new().unwrap();
             let context = rt.block_on(create_context());
+            let mut i = 0;
 
             b.to_async(&rt).iter(|| {
                 let ctx = context.clone();
+                i += 1;
                 async move {
-                    recv_groupmembership_emails(black_box(ctx)).await;
+                    recv_groupmembership_emails(black_box(ctx), i).await;
                 }
             });
         },

deltachat-ffi/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat_ffi"
-version = "1.151.2"
+version = "1.151.4"
 description = "Deltachat FFI"
 edition = "2018"
 readme = "README.md"

deltachat-ffi/deltachat.h

@@ -418,7 +418,7 @@ char*           dc_get_blobdir               (const dc_context_t* context);
  * - `e2ee_enabled` = 0=no end-to-end-encryption, 1=prefer end-to-end-encryption (default)
  * - `mdns_enabled` = 0=do not send or request read receipts,
  *                    1=send and request read receipts
- *                    default=send and request read receipts, only send but not reuqest if `bot` is set
+ *                    default=send and request read receipts, only send but not request if `bot` is set
  * - `bcc_self`     = 0=do not send a copy of outgoing messages to self,
  *                    1=send a copy of outgoing messages to self (default).
  *                    Sending messages to self is needed for a proper multi-account setup,
@@ -985,7 +985,7 @@ uint32_t        dc_get_chat_id_by_contact_id (dc_context_t* context, uint32_t co
  * If the increation-method is not used - which is probably the normal case -
  * dc_send_msg() copies the file to the blob directory if it is not yet there.
  * To distinguish the two cases, msg->state must be set properly. The easiest
- * way to ensure this is to re-use the same object for both calls.
+ * way to ensure this is to reuse the same object for both calls.
  *
  * Example:
  * ~~~
@@ -4201,14 +4201,13 @@ char*             dc_msg_get_webxdc_blob      (const dc_msg_t* msg, const char*
  *   defaults to an empty string.
  *   Implementations may offer an menu or a button to open this URL.
  * - internet_access:
- *   true if the Webxdc should get full internet access, including Webrtc.
- *   currently, this is only true for encrypted Webxdc's in the self chat
- *   that have requested internet access in the manifest.
+ *   true if the Webxdc should get internet access;
+ *   this is the case i.e. for experimental maps integration.
  * - self_addr: address to be used for `window.webxdc.selfAddr` in JS land.
  * - send_update_interval: Milliseconds to wait before calling `sendUpdate()` again since the last call.
  *   Should be exposed to `webxdc.sendUpdateInterval` in JS land.
  * - send_update_max_size: Maximum number of bytes accepted for a serialized update object.
-+    Should be exposed to `webxdc.sendUpdateMaxSize` in JS land.
+ *   Should be exposed to `webxdc.sendUpdateMaxSize` in JS land.
  *
  * @memberof dc_msg_t
  * @param msg The webxdc instance.
@@ -4707,7 +4706,7 @@ int dc_msg_has_html (dc_msg_t* msg);
   *                                     If the download fails or succeeds,
   *                                     the event @ref DC_EVENT_MSGS_CHANGED is emitted.
   *
-  * - @ref DC_DOWNLOAD_UNDECIPHERABLE - The message does not need any futher download action.
+  * - @ref DC_DOWNLOAD_UNDECIPHERABLE - The message does not need any further download action.
   *                                     It was fully downloaded, but we failed to decrypt it.
   * - @ref DC_DOWNLOAD_FAILURE        - Download error, the user may start over calling dc_download_full_msg() again.
   *
@@ -5789,6 +5788,23 @@ void dc_jsonrpc_unref(dc_jsonrpc_instance_t* jsonrpc_instance);
  * returns immediately and once the result is ready it can be retrieved via dc_jsonrpc_next_response()
  * the jsonrpc specification defines an invocation id that can then be used to match request and response.
  *
+ * An overview of JSON-RPC calls is available at
+ * <https://js.jsonrpc.delta.chat/classes/RawClient.html>.
+ * Note that the page describes only the rough methods.
+ * Calling convention, casing etc. does vary, this is a known flaw,
+ * and at some point we will get to improve that :)
+ *
+ * Also, note that most calls are more high-level than this CFFI, require more database calls and are slower.
+ * They're more suitable for an environment that is totally async and/or cannot use CFFI, which might not be true for native apps.
+ *
+ * Notable exceptions that exist only as JSON-RPC and probably never get a CFFI counterpart:
+ * - getMessageReactions(), sendReaction()
+ * - getHttpResponse()
+ * - draftSelfReport()
+ * - getAccountFileSize()
+ * - importVcard(), parseVcard(), makeVcard()
+ * - sendWebxdcRealtimeData, sendWebxdcRealtimeAdvertisement(), leaveWebxdcRealtime()
+ *
  * @memberof dc_jsonrpc_instance_t
  * @param jsonrpc_instance jsonrpc instance as returned from dc_jsonrpc_init().
  * @param request JSON-RPC request as string
@@ -5809,6 +5825,8 @@ char* dc_jsonrpc_next_response(dc_jsonrpc_instance_t* jsonrpc_instance);
 /**
  * Make a JSON-RPC call and return a response.
  *
+ * See dc_jsonrpc_request() for an overview of possible calls and for more information.
+ *
  * @memberof dc_jsonrpc_instance_t
  * @param jsonrpc_instance jsonrpc instance as returned from dc_jsonrpc_init().
  * @param input JSON-RPC request.

deltachat-jsonrpc/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-jsonrpc"
-version = "1.151.2"
+version = "1.151.4"
 description = "DeltaChat JSON-RPC API"
 edition = "2021"
 default-run = "deltachat-jsonrpc-server"

deltachat-jsonrpc/src/api.rs

@@ -1767,7 +1767,7 @@ impl CommandApi {
         account_id: u32,
         instance_msg_id: u32,
         update_str: String,
-        _descr: String,
+        _descr: Option<String>,
     ) -> Result<()> {
         let ctx = self.get_context(account_id).await?;
         ctx.send_webxdc_status_update(MsgId::new(instance_msg_id), &update_str)
@@ -1829,6 +1829,18 @@ impl CommandApi {
         WebxdcMessageInfo::get_for_message(&ctx, MsgId::new(instance_msg_id)).await
     }
 
+    /// Get href from a WebxdcInfoMessage which might include a hash holding
+    /// information about a specific position or state in a webxdc app (optional)
+    async fn get_webxdc_href(
+        &self,
+        account_id: u32,
+        instance_msg_id: u32,
+    ) -> Result<Option<String>> {
+        let ctx = self.get_context(account_id).await?;
+        let message = Message::load_from_db(&ctx, MsgId::new(instance_msg_id)).await?;
+        Ok(message.get_webxdc_href())
+    }
+
     /// Get blob encoded as base64 from a webxdc message
     ///
     /// path is the path of the file within webxdc archive

deltachat-jsonrpc/src/api/types/events.rs

@@ -69,7 +69,7 @@ pub enum EventType {
     /// or for functions that are expected to fail (eg. autocryptContinueKeyTransfer())
     /// it might be better to delay showing these events until the function has really
     /// failed (returned false). It should be sufficient to report only the *last* error
-    /// in a messasge box then.
+    /// in a message box then.
     Error { msg: String },
 
     /// An action cannot be performed because the user is not in the group.

deltachat-jsonrpc/src/api/types/message.rs

@@ -85,6 +85,8 @@ pub struct MessageObject {
 
     webxdc_info: Option<WebxdcMessageInfo>,
 
+    webxdc_href: Option<String>,
+
     download_state: DownloadState,
 
     reactions: Option<JSONRPCReactions>,
@@ -241,6 +243,10 @@ impl MessageObject {
             file_name: message.get_filename(),
             webxdc_info,
 
+            // On a WebxdcInfoMessage this might include a hash holding
+            // information about a specific position or state in a webxdc app
+            webxdc_href: message.get_webxdc_href(),
+
             download_state,
 
             reactions,

deltachat-jsonrpc/src/api/types/webxdc.rs

@@ -57,6 +57,7 @@ impl WebxdcMessageInfo {
             document,
             summary,
             source_code_url,
+            request_integration: _,
             internet_access,
             self_addr,
             send_update_interval,

deltachat-jsonrpc/typescript/package.json

@@ -58,5 +58,5 @@
   },
   "type": "module",
   "types": "dist/deltachat.d.ts",
-  "version": "1.151.2"
+  "version": "1.151.4"
 }

deltachat-repl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-repl"
-version = "1.151.2"
+version = "1.151.4"
 license = "MPL-2.0"
 edition = "2021"
 repository = "https://github.com/deltachat/deltachat-core-rust"

deltachat-rpc-client/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "deltachat-rpc-client"
-version = "1.151.2"
+version = "1.151.4"
 description = "Python client for Delta Chat core JSON-RPC interface"
 classifiers = [
     "Development Status :: 5 - Production/Stable",

deltachat-rpc-server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "deltachat-rpc-server"
-version = "1.151.2"
+version = "1.151.4"
 description = "DeltaChat JSON-RPC server"
 edition = "2021"
 readme = "README.md"

deltachat-rpc-server/npm-package/README.md

@@ -65,13 +65,13 @@ so by default it uses the prebuilds.
   - this will run `update_optional_dependencies_and_version.js` (in the `prepack` script),
     which puts all platform packages into `optionalDependencies` and updates the `version` in `package.json`
 
-## How to build a version you can use localy on your host machine for development
+## How to build a version you can use locally on your host machine for development
 
-You can not install the npm packet from the previous section locally, unless you have a local npm registry set up where you upload it too. This is why we have seperate scripts for making it work for local installation.
+You can not install the npm packet from the previous section locally, unless you have a local npm registry set up where you upload it too. This is why we have separate scripts for making it work for local installation.
 
 - If you just need your host platform run `python scripts/make_local_dev_version.py`
 - note: this clears the `platform_package` folder
-- (advanced) If you need more than one platform for local install you can just run `node scripts/update_optional_dependencies_and_version.js` after building multiple plaftorms with `build_platform_package.py`
+- (advanced) If you need more than one platform for local install you can just run `node scripts/update_optional_dependencies_and_version.js` after building multiple platforms with `build_platform_package.py`
 
 ## Thanks to nlnet
 

deltachat-rpc-server/npm-package/package.json

@@ -15,5 +15,5 @@
   },
   "type": "module",
   "types": "index.d.ts",
-  "version": "1.151.2"
+  "version": "1.151.4"
 }

deltachat-rpc-server/npm-package/scripts/update_optional_dependencies_and_version.js

@@ -6,7 +6,7 @@ const expected_cwd = join(dirname(fileURLToPath(import.meta.url)), "..");
 
 if (process.cwd() !== expected_cwd) {
   console.error(
-    "CWD missmatch: this script needs to be run from " + expected_cwd,
+    "CWD mismatch: this script needs to be run from " + expected_cwd,
     { actual: process.cwd(), expected: expected_cwd }
   );
   process.exit(1);
@@ -40,7 +40,7 @@ const platform_package_names = await Promise.all(
         "has a different version than the version of the rpc server.",
         { rpc_server: version, platform_package: p.version }
       );
-      throw new Error("version missmatch");
+      throw new Error("version mismatch");
     }
     return { folder_name: name, package_name: p.name };
   })

deltachat-rpc-server/src/main.rs

@@ -66,7 +66,7 @@ async fn main_impl() -> Result<()> {
 
     // Logs from `log` crate and traces from `tracing` crate
     // are configurable with `RUST_LOG` environment variable
-    // and go to stderr to avoid interferring with JSON-RPC using stdout.
+    // and go to stderr to avoid interfering with JSON-RPC using stdout.
     tracing_subscriber::fmt()
         .with_env_filter(EnvFilter::from_default_env())
         .with_writer(std::io::stderr)

deny.toml

@@ -12,10 +12,6 @@ ignore = [
     # Unmaintained encoding
     "RUSTSEC-2021-0153",
 
-    # Unmaintained proc-macro-error
-    # <https://rustsec.org/advisories/RUSTSEC-2024-0370>
-    "RUSTSEC-2024-0370",
-
     # Unmaintained instant
     "RUSTSEC-2024-0384",
 ]
@@ -36,8 +32,13 @@ skip = [
      { name = "fiat-crypto", version = "0.1.20" },
      { name = "futures-lite", version = "1.13.0" },
      { name = "getrandom", version = "<0.2" },
+     { name = "hostname", version = "0.3.1" },
      { name = "http", version = "0.2.12" },
+     { name = "idna", version = "0.5.0" },
+     { name = "netlink-packet-route", version = "0.17.1" },
+     { name = "netlink-packet-route", version = "0.21.0" },
      { name = "nix", version = "0.26.4" },
+     { name = "nix", version = "0.27.1" },
      { name = "num_enum_derive", version = "0.5.11" },
      { name = "num_enum", version = "0.5.11" },
      { name = "proc-macro-crate", version = "1.3.1" },
@@ -48,10 +49,16 @@ skip = [
      { name = "redox_syscall", version = "0.3.5" },
      { name = "regex-automata", version = "0.1.10" },
      { name = "regex-syntax", version = "0.6.29" },
+     { name = "rtnetlink", version = "0.13.1" },
+     { name = "strsim", version = "0.10.0" },
      { name = "sync_wrapper", version = "0.1.2" },
      { name = "syn", version = "1.0.109" },
+     { name = "thiserror-impl", version = "1.0.69" },
+     { name = "thiserror", version = "1.0.69" },
      { name = "time", version = "<0.3" },
+     { name = "tokio-tungstenite", version = "0.21.0" },
      { name = "toml_edit", version = "0.19.15" },
+     { name = "tungstenite", version = "0.21.0" },
      { name = "wasi", version = "<0.11" },
      { name = "windows_aarch64_gnullvm", version = "<0.52" },
      { name = "windows_aarch64_msvc", version = "<0.52" },
@@ -81,6 +88,7 @@ allow = [
     "MIT",
     "MPL-2.0",
     "OpenSSL",
+    "Unicode-3.0",
     "Unicode-DFS-2016",
     "Zlib",
 ]

package.json

@@ -55,5 +55,5 @@
     "test:mocha": "mocha node/test/test.mjs --growl --reporter=spec --bail --exit"
   },
   "types": "node/dist/index.d.ts",
-  "version": "1.151.2"
+  "version": "1.151.4"
 }

python/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "deltachat"
-version = "1.151.2"
+version = "1.151.4"
 description = "Python bindings for the Delta Chat Core library using CFFI against the Rust-implemented libdeltachat"
 readme = "README.rst"
 requires-python = ">=3.7"

python/src/deltachat/testplugin.py

@@ -152,7 +152,7 @@ class TestProcess:
 
     def get_liveconfig_producer(self):
         """provide live account configs, cached on a per-test-process scope
-        so that test functions can re-use already known live configs.
+        so that test functions can reuse already known live configs.
         """
         chatmail_opt = self.pytestconfig.getoption("--chatmail")
         if chatmail_opt:

python/tests/test_1_online.py

@@ -1899,7 +1899,7 @@ def test_connectivity(acfactory, lp):
 
     ac1.start_io()
     ac1._evtracker.wait_for_connectivity(dc.const.DC_CONNECTIVITY_CONNECTING)
-    ac1._evtracker.wait_for_connectivity_change(dc.const.DC_CONNECTIVITY_CONNECTING, dc.const.DC_CONNECTIVITY_CONNECTED)
+    ac1._evtracker.wait_for_connectivity_change(dc.const.DC_CONNECTIVITY_CONNECTING, dc.const.DC_CONNECTIVITY_WORKING)
 
     lp.sec(
         "Test that after calling start_io(), maybe_network() and waiting for `all_work_done()`, "

release-date.in

@@ -1 +1 @@
-2024-11-26
+2024-12-03

scripts/coredeps/install-rust.sh

@@ -7,7 +7,7 @@ set -euo pipefail
 #
 # Avoid using rustup here as it depends on reading /proc/self/exe and
 # has problems running under QEMU.
-RUST_VERSION=1.82.0
+RUST_VERSION=1.83.0
 
 ARCH="$(uname -m)"
 test -f "/lib/libc.musl-$ARCH.so.1" && LIBC=musl || LIBC=gnu

src/chat.rs

@@ -567,6 +567,14 @@ impl ChatId {
         contact_id: Option<ContactId>,
         timestamp_sort: i64,
     ) -> Result<()> {
+        if contact_id == Some(ContactId::SELF) {
+            // Do not add protection messages to Saved Messages chat.
+            // This chat never gets protected and unprotected,
+            // we do not want the first message
+            // to be a protection message with an arbitrary timestamp.
+            return Ok(());
+        }
+
         let text = context.stock_protection_msg(protect, contact_id).await;
         let cmd = match protect {
             ProtectionStatus::Protected => SystemMessage::ChatProtectionEnabled,
@@ -1391,7 +1399,7 @@ impl ChatId {
     ///
     /// `message_timestamp` should be either the message "sent" timestamp or a timestamp of the
     /// corresponding event in case of a system message (usually the current system time).
-    /// `always_sort_to_bottom` makes this ajust the returned timestamp up so that the message goes
+    /// `always_sort_to_bottom` makes this adjust the returned timestamp up so that the message goes
     /// to the chat bottom.
     /// `received` -- whether the message is received. Otherwise being sent.
     /// `incoming` -- whether the message is incoming.
@@ -2202,7 +2210,9 @@ impl Chat {
             msg.id = MsgId::new(u32::try_from(raw_id)?);
 
             maybe_set_logging_xdc(context, msg, self.id).await?;
-            context.update_webxdc_integration_database(msg).await?;
+            context
+                .update_webxdc_integration_database(msg, context)
+                .await?;
         }
         context.scheduler.interrupt_ephemeral_task().await;
         Ok(msg.id)
@@ -2591,10 +2601,12 @@ impl ChatIdBlocked {
             _ => (),
         }
 
-        let peerstate = Peerstate::from_addr(context, contact.get_addr()).await?;
-        let protected = peerstate.map_or(false, |p| {
-            p.is_using_verified_key() && p.prefer_encrypt == EncryptPreference::Mutual
-        });
+        let protected = contact_id == ContactId::SELF || {
+            let peerstate = Peerstate::from_addr(context, contact.get_addr()).await?;
+            peerstate.is_some_and(|p| {
+                p.is_using_verified_key() && p.prefer_encrypt == EncryptPreference::Mutual
+            })
+        };
         let smeared_time = create_smeared_timestamp(context);
 
         let chat_id = context
@@ -2977,8 +2989,8 @@ pub(crate) async fn create_send_msg_jobs(context: &Context, msg: &mut Message) -
         recipients.push(from);
     }
 
-    // Webxdc integrations are messages, however, shipped with main app and must not be sent out
-    if msg.param.get_int(Param::WebxdcIntegration).is_some() {
+    // Default Webxdc integrations are hidden messages and must not be sent out
+    if msg.param.get_int(Param::WebxdcIntegration).is_some() && msg.hidden {
         recipients.clear();
     }
 
@@ -4483,7 +4495,7 @@ pub(crate) async fn delete_and_reset_all_device_msgs(context: &Context) -> Resul
         .await?;
     context.sql.execute("DELETE FROM devmsglabels;", ()).await?;
 
-    // Insert labels for welcome messages to avoid them being readded on reconfiguration.
+    // Insert labels for welcome messages to avoid them being re-added on reconfiguration.
     context
         .sql
         .execute(
@@ -4645,9 +4657,9 @@ impl Context {
                     Contact::create_ex(self, Nosync, to, addr).await?;
                     return Ok(());
                 }
-                let contact_id = Contact::lookup_id_by_addr_ex(self, addr, Origin::Unknown, None)
-                    .await?
-                    .with_context(|| format!("No contact for addr '{addr}'"))?;
+                let addr = ContactAddress::new(addr).context("Invalid address")?;
+                let (contact_id, _) =
+                    Contact::add_or_lookup(self, "", &addr, Origin::Hidden).await?;
                 match action {
                     SyncAction::Block => {
                         return contact::set_blocked(self, Nosync, contact_id, true).await
@@ -4657,9 +4669,10 @@ impl Context {
                     }
                     _ => (),
                 }
-                ChatIdBlocked::lookup_by_contact(self, contact_id)
+                // Use `Request` so that even if the program crashes, the user doesn't have to look
+                // into the blocked contacts.
+                ChatIdBlocked::get_for_contact(self, contact_id, Blocked::Request)
                     .await?
-                    .with_context(|| format!("No chat for addr '{addr}'"))?
                     .id
             }
             SyncId::Grpid(grpid) => {
@@ -4696,7 +4709,7 @@ impl Context {
 
     /// Emits the appropriate `MsgsChanged` event. Should be called if the number of unnoticed
     /// archived chats could decrease. In general we don't want to make an extra db query to know if
-    /// a noticied chat is archived. Emitting events should be cheap, a false-positive `MsgsChanged`
+    /// a noticed chat is archived. Emitting events should be cheap, a false-positive `MsgsChanged`
     /// is ok.
     pub(crate) fn on_archived_chats_maybe_noticed(&self) {
         self.emit_msgs_changed(DC_CHAT_ID_ARCHIVED_LINK, MsgId::new(0));
@@ -7465,6 +7478,71 @@ mod tests {
         Ok(())
     }
 
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_sync_accept_before_first_msg() -> Result<()> {
+        let alice0 = &TestContext::new_alice().await;
+        let alice1 = &TestContext::new_alice().await;
+        for a in [alice0, alice1] {
+            a.set_config_bool(Config::SyncMsgs, true).await?;
+        }
+        let bob = TestContext::new_bob().await;
+
+        let ba_chat = bob.create_chat(alice0).await;
+        let sent_msg = bob.send_text(ba_chat.id, "hi").await;
+        let a0b_chat_id = alice0.recv_msg(&sent_msg).await.chat_id;
+        assert_eq!(alice0.get_chat(&bob).await.blocked, Blocked::Request);
+        a0b_chat_id.accept(alice0).await?;
+        let a0b_contact = alice0.add_or_lookup_contact(&bob).await;
+        assert_eq!(a0b_contact.origin, Origin::CreateChat);
+        assert_eq!(alice0.get_chat(&bob).await.blocked, Blocked::Not);
+
+        sync(alice0, alice1).await;
+        let a1b_contact = alice1.add_or_lookup_contact(&bob).await;
+        assert_eq!(a1b_contact.origin, Origin::CreateChat);
+        let a1b_chat = alice1.get_chat(&bob).await;
+        assert_eq!(a1b_chat.blocked, Blocked::Not);
+        let chats = Chatlist::try_load(alice1, 0, None, None).await?;
+        assert_eq!(chats.len(), 1);
+
+        let rcvd_msg = alice1.recv_msg(&sent_msg).await;
+        assert_eq!(rcvd_msg.chat_id, a1b_chat.id);
+        Ok(())
+    }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_sync_block_before_first_msg() -> Result<()> {
+        let alice0 = &TestContext::new_alice().await;
+        let alice1 = &TestContext::new_alice().await;
+        for a in [alice0, alice1] {
+            a.set_config_bool(Config::SyncMsgs, true).await?;
+        }
+        let bob = TestContext::new_bob().await;
+
+        let ba_chat = bob.create_chat(alice0).await;
+        let sent_msg = bob.send_text(ba_chat.id, "hi").await;
+        let a0b_chat_id = alice0.recv_msg(&sent_msg).await.chat_id;
+        assert_eq!(alice0.get_chat(&bob).await.blocked, Blocked::Request);
+        a0b_chat_id.block(alice0).await?;
+        let a0b_contact = alice0.add_or_lookup_contact(&bob).await;
+        assert_eq!(a0b_contact.origin, Origin::IncomingUnknownFrom);
+        assert_eq!(alice0.get_chat(&bob).await.blocked, Blocked::Yes);
+
+        sync(alice0, alice1).await;
+        let a1b_contact = alice1.add_or_lookup_contact(&bob).await;
+        assert_eq!(a1b_contact.origin, Origin::Hidden);
+        assert!(ChatIdBlocked::lookup_by_contact(alice1, a1b_contact.id)
+            .await?
+            .is_none());
+
+        let rcvd_msg = alice1.recv_msg(&sent_msg).await;
+        let a1b_contact = alice1.add_or_lookup_contact(&bob).await;
+        assert_eq!(a1b_contact.origin, Origin::IncomingUnknownFrom);
+        let a1b_chat = alice1.get_chat(&bob).await;
+        assert_eq!(a1b_chat.blocked, Blocked::Yes);
+        assert_eq!(rcvd_msg.chat_id, a1b_chat.id);
+        Ok(())
+    }
+
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_sync_adhoc_grp() -> Result<()> {
         let alice0 = &TestContext::new_alice().await;

src/config.rs

@@ -80,7 +80,7 @@ pub enum Config {
     /// SMTP server security (e.g. TLS, STARTTLS).
     SendSecurity,
 
-    /// Deprecated option for backwards compatibilty.
+    /// Deprecated option for backwards compatibility.
     ///
     /// Certificate checks for SMTP are actually controlled by `imap_certificate_checks` config.
     SmtpCertificateChecks,
@@ -441,6 +441,12 @@ pub enum Config {
     /// Enable webxdc realtime features.
     #[strum(props(default = "1"))]
     WebxdcRealtimeEnabled,
+
+    /// Last device token stored on the chatmail server.
+    ///
+    /// If it has not changed, we do not store
+    /// the device token again.
+    DeviceToken,
 }
 
 impl Config {

src/contact.rs

@@ -144,7 +144,7 @@ impl ContactId {
         Ok(())
     }
 
-    /// Returns contact adress.
+    /// Returns contact address.
     pub async fn addr(&self, context: &Context) -> Result<String> {
         let addr = context
             .sql
@@ -3244,4 +3244,20 @@ Until the false-positive is fixed:
 
         Ok(())
     }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_self_is_verified() -> Result<()> {
+        let mut tcm = TestContextManager::new();
+        let alice = tcm.alice().await;
+
+        let contact = Contact::get_by_id(&alice, ContactId::SELF).await?;
+        assert_eq!(contact.is_verified(&alice).await?, true);
+        assert!(contact.is_profile_verified(&alice).await?);
+        assert!(contact.get_verifier_id(&alice).await?.is_none());
+
+        let chat_id = ChatId::get_for_contact(&alice, ContactId::SELF).await?;
+        assert!(chat_id.is_protected(&alice).await.unwrap() == ProtectionStatus::Protected);
+
+        Ok(())
+    }
 }

src/context.rs

@@ -13,7 +13,7 @@ use async_channel::{self as channel, Receiver, Sender};
 use pgp::types::PublicKeyTrait;
 use pgp::SignedPublicKey;
 use ratelimit::Ratelimit;
-use tokio::sync::{Mutex, Notify, OnceCell, RwLock};
+use tokio::sync::{Mutex, Notify, RwLock};
 
 use crate::aheader::EncryptPreference;
 use crate::chat::{get_chat_cnt, ChatId, ProtectionStatus};
@@ -292,7 +292,7 @@ pub struct InnerContext {
     pub(crate) push_subscribed: AtomicBool,
 
     /// Iroh for realtime peer channels.
-    pub(crate) iroh: OnceCell<Iroh>,
+    pub(crate) iroh: Arc<RwLock<Option<Iroh>>>,
 }
 
 /// The state of ongoing process.
@@ -450,7 +450,7 @@ impl Context {
             debug_logging: std::sync::RwLock::new(None),
             push_subscriber,
             push_subscribed: AtomicBool::new(false),
-            iroh: OnceCell::new(),
+            iroh: Arc::new(RwLock::new(None)),
         };
 
         let ctx = Context {
@@ -486,6 +486,19 @@ impl Context {
     /// Stops the IO scheduler.
     pub async fn stop_io(&self) {
         self.scheduler.stop(self).await;
+        if let Some(iroh) = self.iroh.write().await.take() {
+            // Close all QUIC connections.
+
+            // Spawn into a separate task,
+            // because Iroh calls `wait_idle()` internally
+            // and it may take time, especially if the network
+            // has become unavailable.
+            tokio::spawn(async move {
+                // We do not log the error because we do not want the task
+                // to hold the reference to Context.
+                let _ = tokio::time::timeout(Duration::from_secs(60), iroh.close()).await;
+            });
+        }
     }
 
     /// Restarts the IO scheduler if it was running before
@@ -496,7 +509,7 @@ impl Context {
 
     /// Indicate that the network likely has come back.
     pub async fn maybe_network(&self) {
-        if let Some(iroh) = self.iroh.get() {
+        if let Some(ref iroh) = *self.iroh.read().await {
             iroh.network_change().await;
         }
         self.scheduler.maybe_network().await;
@@ -1758,6 +1771,7 @@ mod tests {
             "socks5_password",
             "key_id",
             "webxdc_integration",
+            "device_token",
         ];
         let t = TestContext::new().await;
         let info = t.get_info().await.unwrap();

src/events/payload.rs

@@ -59,7 +59,7 @@ pub enum EventType {
     /// or for functions that are expected to fail (eg. dc_continue_key_transfer())
     /// it might be better to delay showing these events until the function has really
     /// failed (returned false). It should be sufficient to report only the *last* error
-    /// in a messasge box then.
+    /// in a message box then.
     Error(String),
 
     /// An action cannot be performed because the user is not in the group.

src/imap.rs

@@ -41,6 +41,7 @@ use crate::mimeparser;
 use crate::net::proxy::ProxyConfig;
 use crate::net::session::SessionStream;
 use crate::oauth2::get_oauth2_access_token;
+use crate::push::encrypt_device_token;
 use crate::receive_imf::{
     from_field_to_contact_id, get_prefetch_parent_message, receive_imf_inner, ReceivedMsg,
 };
@@ -407,7 +408,7 @@ impl Imap {
                         "IMAP-LOGIN as {}",
                         lp.user
                     )));
-                    self.connectivity.set_connected(context).await;
+                    self.connectivity.set_preparing(context).await;
                     info!(context, "Successfully logged into IMAP server");
                     return Ok(session);
                 }
@@ -1559,17 +1560,53 @@ impl Session {
             return Ok(());
         };
 
-        if self.can_metadata() && self.can_push() {
+        let device_token_changed = context
+            .get_config(Config::DeviceToken)
+            .await?
+            .map_or(true, |config_token| device_token != config_token);
+
+        if device_token_changed && self.can_metadata() && self.can_push() {
             let folder = context
                 .get_config(Config::ConfiguredInboxFolder)
                 .await?
                 .context("INBOX is not configured")?;
 
-            self.run_command_and_check_ok(format!(
-                "SETMETADATA \"{folder}\" (/private/devicetoken \"{device_token}\")"
-            ))
-            .await
-            .context("SETMETADATA command failed")?;
+            let encrypted_device_token =
+                encrypt_device_token(&device_token).context("Failed to encrypt device token")?;
+
+            // We expect that the server supporting `XDELTAPUSH` capability
+            // has non-synchronizing literals support as well:
+            // <https://www.rfc-editor.org/rfc/rfc7888>.
+            let encrypted_device_token_len = encrypted_device_token.len();
+
+            if encrypted_device_token_len <= 4096 {
+                self.run_command_and_check_ok(&format_setmetadata(
+                    &folder,
+                    &encrypted_device_token,
+                ))
+                .await
+                .context("SETMETADATA command failed")?;
+
+                // Store device token saved on the server
+                // to prevent storing duplicate tokens.
+                // The server cannot deduplicate on its own
+                // because encryption gives a different
+                // result each time.
+                context
+                    .set_config_internal(Config::DeviceToken, Some(&device_token))
+                    .await?;
+            } else {
+                // If Apple or Google (FCM) gives us a very large token,
+                // do not even try to give it to IMAP servers.
+                //
+                // Limit of 4096 is arbitrarily selected
+                // to be the same as required by LITERAL- IMAP extension.
+                //
+                // Dovecot supports LITERAL+ and non-synchronizing literals
+                // of any length, but there is no reason for tokens
+                // to be that large even after OpenPGP encryption.
+                warn!(context, "Device token is too long for LITERAL-, ignoring.");
+            }
             context.push_subscribed.store(true, Ordering::Relaxed);
         } else if !context.push_subscriber.heartbeat_subscribed().await {
             let context = context.clone();
@@ -1581,6 +1618,13 @@ impl Session {
     }
 }
 
+fn format_setmetadata(folder: &str, device_token: &str) -> String {
+    let device_token_len = device_token.len();
+    format!(
+        "SETMETADATA \"{folder}\" (/private/devicetoken {{{device_token_len}+}}\r\n{device_token})"
+    )
+}
+
 impl Session {
     /// Returns success if we successfully set the flag or we otherwise
     /// think add_flag should not be retried: Disconnection during setting
@@ -2864,4 +2908,16 @@ mod tests {
             vec![("INBOX".to_string(), vec![1, 2, 3], "2:3".to_string())]
         );
     }
+
+    #[test]
+    fn test_setmetadata_device_token() {
+        assert_eq!(
+            format_setmetadata("INBOX", "foobarbaz"),
+            "SETMETADATA \"INBOX\" (/private/devicetoken {9+}\r\nfoobarbaz)"
+        );
+        assert_eq!(
+            format_setmetadata("INBOX", "foo\r\nbar\r\nbaz\r\n"),
+            "SETMETADATA \"INBOX\" (/private/devicetoken {15+}\r\nfoo\r\nbar\r\nbaz\r\n)"
+        );
+    }
 }

src/imex/transfer.rs

@@ -33,8 +33,7 @@ use std::task::Poll;
 
 use anyhow::{bail, format_err, Context as _, Result};
 use futures_lite::FutureExt;
-use iroh_net::relay::RelayMode;
-use iroh_net::Endpoint;
+use iroh::{Endpoint, RelayMode};
 use tokio::fs;
 use tokio::task::JoinHandle;
 use tokio_util::sync::CancellationToken;
@@ -65,11 +64,11 @@ const BACKUP_ALPN: &[u8] = b"/deltachat/backup";
 /// task use the [`Context::stop_ongoing`] mechanism.
 #[derive(Debug)]
 pub struct BackupProvider {
-    /// iroh-net endpoint.
+    /// iroh endpoint.
     _endpoint: Endpoint,
 
-    /// iroh-net address.
-    node_addr: iroh_net::NodeAddr,
+    /// iroh address.
+    node_addr: iroh::NodeAddr,
 
     /// Authentication token that should be submitted
     /// to retrieve the backup.
@@ -162,7 +161,7 @@ impl BackupProvider {
 
     async fn handle_connection(
         context: Context,
-        conn: iroh_net::endpoint::Connecting,
+        conn: iroh::endpoint::Connecting,
         auth_token: String,
         dbfile: Arc<TempPathGuard>,
     ) -> Result<()> {
@@ -291,7 +290,7 @@ impl Future for BackupProvider {
 
 pub async fn get_backup2(
     context: &Context,
-    node_addr: iroh_net::NodeAddr,
+    node_addr: iroh::NodeAddr,
     auth_token: String,
 ) -> Result<()> {
     let relay_mode = RelayMode::Disabled;
@@ -337,7 +336,7 @@ pub async fn get_backup2(
 /// This is a long running operation which will return only when completed.
 ///
 /// Using [`Qr`] as argument is a bit odd as it only accepts specific variant of it.  It
-/// does avoid having [`iroh_net::NodeAddr`] in the primary API however, without
+/// does avoid having [`iroh::NodeAddr`] in the primary API however, without
 /// having to revert to untyped bytes.
 pub async fn get_backup(context: &Context, qr: Qr) -> Result<()> {
     match qr {

src/message.rs

@@ -724,7 +724,7 @@ impl Message {
     /// `contact_id` set to [`ContactId::SELF`].
     ///
     /// `latitude` is the North-south position of the location.
-    /// `longitutde` is the East-west position of the location.
+    /// `longitude` is the East-west position of the location.
     ///
     /// [`location::set()`]: crate::location::set
     /// [`send_locations_to_chat()`]: crate::location::send_locations_to_chat

src/mimefactory.rs

@@ -356,7 +356,7 @@ impl MimeFactory {
                     let gossip_period = context.get_config_i64(Config::GossipPeriod).await?;
                     // `gossip_period == 0` is a special case for testing,
                     // enabling gossip in every message.
-                    // Othewise "smeared timestamps" may result in the condition
+                    // Otherwise "smeared timestamps" may result in the condition
                     // to fail even if the clock is monotonic.
                     if gossip_period == 0 || time() >= gossiped_timestamp + gossip_period {
                         Ok(true)

src/mimeparser.rs

@@ -671,7 +671,7 @@ impl MimeMessage {
             && self
                 .parts
                 .get(1)
-                .map_or(false, |filepart| match filepart.typ {
+                .is_some_and(|filepart| match filepart.typ {
                     Viewtype::Image
                     | Viewtype::Gif
                     | Viewtype::Sticker

src/net.rs

@@ -47,7 +47,7 @@ pub(crate) async fn prune_connection_history(context: &Context) -> Result<()> {
     Ok(())
 }
 
-/// Update the timestamp of the last successfull connection
+/// Update the timestamp of the last successful connection
 /// to the given `host` and `port`
 /// with the given application protocol `alpn`.
 ///

src/net/proxy.rs

@@ -230,7 +230,7 @@ where
         .get(9..12)
         .context("HTTP status line does not contain a status code")?;
 
-    // Interpert status code according to
+    // Interpret status code according to
     // <https://datatracker.ietf.org/doc/html/rfc7231#section-6>.
     if status_code == b"407" {
         Err(format_err!("Proxy Authentication Required"))

src/peer_channels.rs

@@ -7,15 +7,15 @@
 //! when it's not required. Only when a webxdc subscribes to realtime data or when a reatlime message is sent,
 //! the p2p machinery should be started.
 //!
-//! Adding peer channels to webxdc needs upfront negotation of a topic and sharing of public keys so that
+//! Adding peer channels to webxdc needs upfront negotiation of a topic and sharing of public keys so that
 //! nodes can connect to each other. The explicit approach is as follows:
 //!
-//! 1. We introduce a new [GossipTopic](crate::headerdef::HeaderDef::IrohGossipTopic) message header with a random 32-byte TopicId,
+//! 1. We introduce a new [`IrohGossipTopic`](crate::headerdef::HeaderDef::IrohGossipTopic) message header with a random 32-byte TopicId,
 //!    securely generated on the initial webxdc sender's device. This message header is encrypted
 //!    and sent in the same message as the webxdc application.
 //! 2. Whenever `joinRealtimeChannel().setListener()` or `joinRealtimeChannel().send()` is called by the webxdc application,
 //!    we start a routine to establish p2p connectivity and join the gossip swarm with Iroh.
-//! 3. The first step of this routine is to introduce yourself with a regular message containing the `IrohPublicKey`.
+//! 3. The first step of this routine is to introduce yourself with a regular message containing the [`IrohNodeAddr`](crate::headerdef::HeaderDef::IrohNodeAddr).
 //!    This message contains the users relay-server and public key.
 //!    Direct IP address is not included as this information can be persisted by email providers.
 //! 4. After the announcement, the sending peer joins the gossip swarm with an empty list of peer IDs (as they don't know anyone yet).
@@ -26,15 +26,14 @@
 use anyhow::{anyhow, bail, Context as _, Result};
 use email::Header;
 use futures_lite::StreamExt;
+use iroh::key::{PublicKey, SecretKey};
+use iroh::{Endpoint, NodeAddr, NodeId, RelayMap, RelayMode, RelayUrl};
 use iroh_gossip::net::{Event, Gossip, GossipEvent, JoinOptions, GOSSIP_ALPN};
 use iroh_gossip::proto::TopicId;
-use iroh_net::key::{PublicKey, SecretKey};
-use iroh_net::relay::{RelayMap, RelayUrl};
-use iroh_net::{relay::RelayMode, Endpoint};
-use iroh_net::{NodeAddr, NodeId};
 use parking_lot::Mutex;
 use std::collections::{BTreeSet, HashMap};
 use std::env;
+use std::sync::Arc;
 use tokio::sync::{oneshot, RwLock};
 use tokio::task::JoinHandle;
 use url::Url;
@@ -54,11 +53,11 @@ const PUBLIC_KEY_STUB: &[u8] = "static_string".as_bytes();
 /// Store iroh peer channels for the context.
 #[derive(Debug)]
 pub struct Iroh {
-    /// [Endpoint] needed for iroh peer channels.
-    pub(crate) endpoint: Endpoint,
+    /// iroh router  needed for iroh peer channels.
+    pub(crate) router: iroh::protocol::Router,
 
     /// [Gossip] needed for iroh peer channels.
-    pub(crate) gossip: Gossip,
+    pub(crate) gossip: Arc<Gossip>,
 
     /// Sequence numbers for gossip channels.
     pub(crate) sequence_numbers: Mutex<HashMap<TopicId, i32>>,
@@ -75,7 +74,12 @@ pub struct Iroh {
 impl Iroh {
     /// Notify the endpoint that the network has changed.
     pub(crate) async fn network_change(&self) {
-        self.endpoint.network_change().await
+        self.router.endpoint().network_change().await
+    }
+
+    /// Closes the QUIC endpoint.
+    pub(crate) async fn close(self) -> Result<()> {
+        self.router.shutdown().await.context("Closing iroh failed")
     }
 
     /// Join a topic and create the subscriber loop for it.
@@ -113,7 +117,7 @@ impl Iroh {
         // Inform iroh of potentially new node addresses
         for node_addr in &peers {
             if !node_addr.info.is_empty() {
-                self.endpoint.add_node_addr(node_addr.clone())?;
+                self.router.endpoint().add_node_addr(node_addr.clone())?;
             }
         }
 
@@ -140,7 +144,7 @@ impl Iroh {
     pub async fn maybe_add_gossip_peers(&self, topic: TopicId, peers: Vec<NodeAddr>) -> Result<()> {
         if self.iroh_channels.read().await.get(&topic).is_some() {
             for peer in &peers {
-                self.endpoint.add_node_addr(peer.clone())?;
+                self.router.endpoint().add_node_addr(peer.clone())?;
             }
 
             self.gossip.join_with_opts(
@@ -190,7 +194,7 @@ impl Iroh {
 
     /// Get the iroh [NodeAddr] without direct IP addresses.
     pub(crate) async fn get_node_addr(&self) -> Result<NodeAddr> {
-        let mut addr = self.endpoint.node_addr().await?;
+        let mut addr = self.router.endpoint().node_addr().await?;
         addr.info.direct_addresses = BTreeSet::new();
         Ok(addr)
     }
@@ -267,16 +271,19 @@ impl Context {
             max_message_size: 128 * 1024,
             ..Default::default()
         };
-        let gossip = Gossip::from_endpoint(endpoint.clone(), gossip_config, &my_addr.info);
+        let gossip = Arc::new(Gossip::from_endpoint(
+            endpoint.clone(),
+            gossip_config,
+            &my_addr.info,
+        ));
 
-        // spawn endpoint loop that forwards incoming connections to the gossiper
-        let context = self.clone();
-
-        // Shuts down on deltachat shutdown
-        tokio::spawn(endpoint_loop(context, endpoint.clone(), gossip.clone()));
+        let router = iroh::protocol::Router::builder(endpoint)
+            .accept(GOSSIP_ALPN, gossip.clone())
+            .spawn()
+            .await?;
 
         Ok(Iroh {
-            endpoint,
+            router,
             gossip,
             sequence_numbers: Mutex::new(HashMap::new()),
             iroh_channels: RwLock::new(HashMap::new()),
@@ -285,15 +292,36 @@ impl Context {
     }
 
     /// Get or initialize the iroh peer channel.
-    pub async fn get_or_try_init_peer_channel(&self) -> Result<&Iroh> {
+    pub async fn get_or_try_init_peer_channel(
+        &self,
+    ) -> Result<tokio::sync::RwLockReadGuard<'_, Iroh>> {
         if !self.get_config_bool(Config::WebxdcRealtimeEnabled).await? {
             bail!("Attempt to get Iroh when realtime is disabled");
         }
 
-        let ctx = self.clone();
-        self.iroh
-            .get_or_try_init(|| async { ctx.init_peer_channels().await })
-            .await
+        if let Ok(lock) = tokio::sync::RwLockReadGuard::<'_, std::option::Option<Iroh>>::try_map(
+            self.iroh.read().await,
+            |opt_iroh| opt_iroh.as_ref(),
+        ) {
+            return Ok(lock);
+        }
+
+        let lock = self.iroh.write().await;
+        match tokio::sync::RwLockWriteGuard::<'_, std::option::Option<Iroh>>::try_downgrade_map(
+            lock,
+            |opt_iroh| opt_iroh.as_ref(),
+        ) {
+            Ok(lock) => Ok(lock),
+            Err(mut lock) => {
+                let iroh = self.init_peer_channels().await?;
+                *lock = Some(iroh);
+                tokio::sync::RwLockWriteGuard::<'_, std::option::Option<Iroh>>::try_downgrade_map(
+                    lock,
+                    |opt_iroh| opt_iroh.as_ref(),
+                )
+                .map_err(|_| anyhow!("Downgrade should succeed as we just stored `Some` value"))
+            }
+        }
     }
 }
 
@@ -478,54 +506,13 @@ fn create_random_topic() -> TopicId {
 pub(crate) async fn create_iroh_header(ctx: &Context, msg_id: MsgId) -> Result<Header> {
     let topic = create_random_topic();
     insert_topic_stub(ctx, msg_id, topic).await?;
+    let topic_string = iroh_base::base32::fmt(topic.as_bytes());
     Ok(Header::new(
         HeaderDef::IrohGossipTopic.get_headername().to_string(),
-        topic.to_string(),
+        topic_string,
     ))
 }
 
-async fn endpoint_loop(context: Context, endpoint: Endpoint, gossip: Gossip) {
-    while let Some(conn) = endpoint.accept().await {
-        let conn = match conn.accept() {
-            Ok(conn) => conn,
-            Err(err) => {
-                warn!(context, "Failed to accept iroh connection: {err:#}.");
-                continue;
-            }
-        };
-        info!(context, "IROH_REALTIME: accepting iroh connection");
-        let gossip = gossip.clone();
-        let context = context.clone();
-        tokio::spawn(async move {
-            if let Err(err) = handle_connection(&context, conn, gossip).await {
-                warn!(context, "IROH_REALTIME: iroh connection error: {err}");
-            }
-        });
-    }
-}
-
-async fn handle_connection(
-    context: &Context,
-    mut conn: iroh_net::endpoint::Connecting,
-    gossip: Gossip,
-) -> anyhow::Result<()> {
-    let alpn = conn.alpn().await?;
-    let conn = conn.await?;
-    let peer_id = iroh_net::endpoint::get_remote_node_id(&conn)?;
-
-    match alpn.as_slice() {
-        GOSSIP_ALPN => gossip
-            .handle_connection(conn)
-            .await
-            .context(format!("Gossip connection to {peer_id} failed"))?,
-        _ => warn!(
-            context,
-            "Ignoring connection from {peer_id}: unsupported ALPN protocol"
-        ),
-    }
-    Ok(())
-}
-
 async fn subscribe_loop(
     context: &Context,
     mut stream: iroh_gossip::net::GossipReceiver,
@@ -576,6 +563,8 @@ async fn subscribe_loop(
 
 #[cfg(test)]
 mod tests {
+    use std::time::Duration;
+
     use super::*;
     use crate::{
         chat::send_msg,
@@ -626,7 +615,6 @@ mod tests {
                 break;
             }
         }
-        let bob_iroh = bob.get_or_try_init_peer_channel().await.unwrap();
 
         // Bob adds alice to gossip peers.
         let members = get_iroh_gossip_peers(bob, bob_webxdc.id)
@@ -636,13 +624,23 @@ mod tests {
             .map(|addr| addr.node_id)
             .collect::<Vec<_>>();
 
-        let alice_iroh = alice.get_or_try_init_peer_channel().await.unwrap();
         assert_eq!(
             members,
-            vec![alice_iroh.get_node_addr().await.unwrap().node_id]
+            vec![
+                alice
+                    .get_or_try_init_peer_channel()
+                    .await
+                    .unwrap()
+                    .get_node_addr()
+                    .await
+                    .unwrap()
+                    .node_id
+            ]
         );
 
-        bob_iroh
+        bob.get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .join_and_subscribe_gossip(bob, bob_webxdc.id)
             .await
             .unwrap()
@@ -651,7 +649,10 @@ mod tests {
             .unwrap();
 
         // Alice sends ephemeral message
-        alice_iroh
+        alice
+            .get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .send_webxdc_realtime_data(alice, alice_webxdc.id, "alice -> bob".as_bytes().to_vec())
             .await
             .unwrap();
@@ -670,7 +671,9 @@ mod tests {
             }
         }
         // Bob sends ephemeral message
-        bob_iroh
+        bob.get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .send_webxdc_realtime_data(bob, bob_webxdc.id, "bob -> alice".as_bytes().to_vec())
             .await
             .unwrap();
@@ -699,10 +702,20 @@ mod tests {
 
         assert_eq!(
             members,
-            vec![bob_iroh.get_node_addr().await.unwrap().node_id]
+            vec![
+                bob.get_or_try_init_peer_channel()
+                    .await
+                    .unwrap()
+                    .get_node_addr()
+                    .await
+                    .unwrap()
+                    .node_id
+            ]
         );
 
-        bob_iroh
+        bob.get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .send_webxdc_realtime_data(bob, bob_webxdc.id, "bob -> alice 2".as_bytes().to_vec())
             .await
             .unwrap();
@@ -720,10 +733,23 @@ mod tests {
                 }
             }
         }
+
+        // Calling stop_io() closes iroh endpoint as well,
+        // even though I/O was not started in this test.
+        assert!(alice.iroh.read().await.is_some());
+        alice.stop_io().await;
+        assert!(alice.iroh.read().await.is_none());
     }
 
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_can_reconnect() {
+        tokio::time::timeout(Duration::from_secs(20), test_can_reconnect_impl())
+            .await
+            .unwrap();
+    }
+
+    async fn test_can_reconnect_impl() {
+        tracing_subscriber::fmt::init();
         let mut tcm = TestContextManager::new();
         let alice = &mut tcm.alice().await;
         let bob = &mut tcm.bob().await;
@@ -761,7 +787,6 @@ mod tests {
             .unwrap();
 
         bob.recv_msg_trash(&alice.pop_sent_msg().await).await;
-        let bob_iroh = bob.get_or_try_init_peer_channel().await.unwrap();
 
         // Bob adds alice to gossip peers.
         let members = get_iroh_gossip_peers(bob, bob_webxdc.id)
@@ -771,13 +796,23 @@ mod tests {
             .map(|addr| addr.node_id)
             .collect::<Vec<_>>();
 
-        let alice_iroh = alice.get_or_try_init_peer_channel().await.unwrap();
         assert_eq!(
             members,
-            vec![alice_iroh.get_node_addr().await.unwrap().node_id]
+            vec![
+                alice
+                    .get_or_try_init_peer_channel()
+                    .await
+                    .unwrap()
+                    .get_node_addr()
+                    .await
+                    .unwrap()
+                    .node_id
+            ]
         );
 
-        bob_iroh
+        bob.get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .join_and_subscribe_gossip(bob, bob_webxdc.id)
             .await
             .unwrap()
@@ -786,7 +821,10 @@ mod tests {
             .unwrap();
 
         // Alice sends ephemeral message
-        alice_iroh
+        alice
+            .get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .send_webxdc_realtime_data(alice, alice_webxdc.id, "alice -> bob".as_bytes().to_vec())
             .await
             .unwrap();
@@ -811,7 +849,9 @@ mod tests {
             .unwrap();
         let bob_sequence_number = bob
             .iroh
-            .get()
+            .read()
+            .await
+            .as_ref()
             .unwrap()
             .sequence_numbers
             .lock()
@@ -820,7 +860,9 @@ mod tests {
         leave_webxdc_realtime(bob, bob_webxdc.id).await.unwrap();
         let bob_sequence_number_after = bob
             .iroh
-            .get()
+            .read()
+            .await
+            .as_ref()
             .unwrap()
             .sequence_numbers
             .lock()
@@ -829,7 +871,9 @@ mod tests {
         // Check that sequence number is persisted when leaving the channel.
         assert_eq!(bob_sequence_number, bob_sequence_number_after);
 
-        bob_iroh
+        bob.get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .join_and_subscribe_gossip(bob, bob_webxdc.id)
             .await
             .unwrap()
@@ -837,7 +881,9 @@ mod tests {
             .await
             .unwrap();
 
-        bob_iroh
+        bob.get_or_try_init_peer_channel()
+            .await
+            .unwrap()
             .send_webxdc_realtime_data(bob, bob_webxdc.id, "bob -> alice".as_bytes().to_vec())
             .await
             .unwrap();
@@ -856,11 +902,20 @@ mod tests {
             }
         }
 
-        // channel is only used to remeber if an advertisement has been sent
+        // channel is only used to remember if an advertisement has been sent
         // bob for example does not change the channels because he never sends an
         // advertisement
         assert_eq!(
-            alice.iroh.get().unwrap().iroh_channels.read().await.len(),
+            alice
+                .iroh
+                .read()
+                .await
+                .as_ref()
+                .unwrap()
+                .iroh_channels
+                .read()
+                .await
+                .len(),
             1
         );
         leave_webxdc_realtime(alice, alice_webxdc.id).await.unwrap();
@@ -870,7 +925,9 @@ mod tests {
             .unwrap();
         assert!(alice
             .iroh
-            .get()
+            .read()
+            .await
+            .as_ref()
             .unwrap()
             .iroh_channels
             .read()
@@ -881,6 +938,7 @@ mod tests {
 
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_parallel_connect() {
+        eprintln!("START-----");
         let mut tcm = TestContextManager::new();
         let alice = &mut tcm.alice().await;
         let bob = &mut tcm.bob().await;
@@ -963,19 +1021,19 @@ mod tests {
             .await
             .unwrap();
 
-        assert!(alice.ctx.iroh.get().is_none());
+        assert!(alice.ctx.iroh.read().await.is_none());
 
         // creates iroh endpoint as side effect
         send_webxdc_realtime_data(alice, MsgId::new(1), vec![])
             .await
             .unwrap();
 
-        assert!(alice.ctx.iroh.get().is_none());
+        assert!(alice.ctx.iroh.read().await.is_none());
 
         // creates iroh endpoint as side effect
         leave_webxdc_realtime(alice, MsgId::new(1)).await.unwrap();
 
-        assert!(alice.ctx.iroh.get().is_none());
+        assert!(alice.ctx.iroh.read().await.is_none());
 
         // This internal function should return error
         // if accidentally called with the setting disabled.

src/push.rs

@@ -1,10 +1,16 @@
 use std::sync::atomic::Ordering;
 use std::sync::Arc;
 
-use anyhow::Result;
+use anyhow::{Context as _, Result};
+use base64::Engine as _;
+use pgp::crypto::aead::AeadAlgorithm;
+use pgp::crypto::sym::SymmetricKeyAlgorithm;
+use pgp::ser::Serialize;
+use rand::thread_rng;
 use tokio::sync::RwLock;
 
 use crate::context::Context;
+use crate::key::DcKey;
 
 /// Manages subscription to Apple Push Notification services.
 ///
@@ -24,20 +30,85 @@ pub struct PushSubscriber {
     inner: Arc<RwLock<PushSubscriberState>>,
 }
 
+/// The key was generated with
+/// `rsop generate-key --profile rfc9580`
+/// and public key was extracted with `rsop extract-cert`.
+const NOTIFIERS_PUBLIC_KEY: &str = "-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xioGZ03cdhsAAAAg6PasQQylEuWAp9N5PXN93rqjZdqOqN3s9RJEU/K8FZzCsAYf
+GwoAAABBBQJnTdx2AhsDAh4JCAsJCAcKDQwLBRUKCQgLAhYCIiEGiJJktnCmEtXa
+qsSIGRJtupMnxycz/yT0xZK9ez+YkmIAAAAAUfgg/sg0sR2mytzADFBpNAaY0Hyu
+aru8ics3eUkeNn2ziL4ZsIMx+4mcM5POvD0PG9LtH8Rz/y9iItD0c2aoRBab7iri
+/gDm6aQuj3xXgtAiXdaN9s+QPxR9gY/zG1t9iXgBzioGZ03cdhkAAAAgwJ0wQFsk
+MGH4jklfK1fFhYoQZMjEFCRBIk+r1S+WaSDClQYYGwgAAAAsBQJnTdx2AhsMIiEG
+iJJktnCmEtXaqsSIGRJtupMnxycz/yT0xZK9ez+YkmIAAAAKCRCIkmS2cKYS1WdP
+EFerccH2BoIPNbrxi6hwvxxy7G1mHg//ofD90fqmeY9xTfKMYl16bqQh4R1PiYd5
+LMc5VqgXHgioqTYKbltlOtWC+HDt/PrymQsN4q/aEmsM
+=5jvt
+-----END PGP PUBLIC KEY BLOCK-----";
+
+/// Pads the token with spaces.
+///
+/// This makes it impossible to tell
+/// if the user is an Apple user with shorter tokens
+/// or FCM user with longer tokens by the length of ciphertext.
+fn pad_device_token(s: &str) -> String {
+    // 512 is larger than any token, tokens seen so far have not been larger than 200 bytes.
+    let expected_len: usize = 512;
+    let payload_len = s.len();
+    let padding_len = expected_len.saturating_sub(payload_len);
+    let padding = " ".repeat(padding_len);
+    let res = format!("{s}{padding}");
+    debug_assert_eq!(res.len(), expected_len);
+    res
+}
+
+/// Encrypts device token with OpenPGP.
+///
+/// The result is base64-encoded and not ASCII armored to avoid dealing with newlines.
+pub(crate) fn encrypt_device_token(device_token: &str) -> Result<String> {
+    let public_key = pgp::composed::SignedPublicKey::from_asc(NOTIFIERS_PUBLIC_KEY)?.0;
+    let encryption_subkey = public_key
+        .public_subkeys
+        .first()
+        .context("No encryption subkey found")?;
+    let padded_device_token = pad_device_token(device_token);
+    let literal_message = pgp::composed::Message::new_literal("", &padded_device_token);
+    let mut rng = thread_rng();
+    let chunk_size = 8;
+
+    let encrypted_message = literal_message.encrypt_to_keys_seipdv2(
+        &mut rng,
+        SymmetricKeyAlgorithm::AES128,
+        AeadAlgorithm::Ocb,
+        chunk_size,
+        &[&encryption_subkey],
+    )?;
+    let encoded_message = encrypted_message.to_bytes()?;
+    Ok(format!(
+        "openpgp:{}",
+        base64::engine::general_purpose::STANDARD.encode(encoded_message)
+    ))
+}
+
 impl PushSubscriber {
     /// Creates new push notification subscriber.
     pub(crate) fn new() -> Self {
         Default::default()
     }
 
-    /// Sets device token for Apple Push Notification service.
+    /// Sets device token for Apple Push Notification service
+    /// or Firebase Cloud Messaging.
     pub(crate) async fn set_device_token(&self, token: &str) {
         self.inner.write().await.device_token = Some(token.to_string());
     }
 
     /// Retrieves device token.
     ///
+    /// The token is encrypted with OpenPGP.
+    ///
     /// Token may be not available if application is not running on Apple platform,
+    /// does not have Google Play services,
     /// failed to register for remote notifications or is in the process of registering.
     ///
     /// IMAP loop should periodically check if device token is available
@@ -121,3 +192,37 @@ impl Context {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_set_device_token() {
+        let push_subscriber = PushSubscriber::new();
+        assert_eq!(push_subscriber.device_token().await, None);
+
+        push_subscriber.set_device_token("some-token").await;
+        let device_token = push_subscriber.device_token().await.unwrap();
+        assert_eq!(device_token, "some-token");
+    }
+
+    #[test]
+    fn test_pad_device_token() {
+        let apple_token = "0155b93b7eb867a0d8b7328b978bb15bf22f70867e39e168d03f199af9496894";
+        assert_eq!(pad_device_token(apple_token).trim(), apple_token);
+    }
+
+    #[test]
+    fn test_encrypt_device_token() {
+        let fcm_token = encrypt_device_token("fcm-chat.delta:c67DVcpVQN2rJHiSszKNDW:APA91bErcJV2b8qG0IT4aiuCqw6Al0_SbydSuz3V0CHBR1X7Fp8YzyvlpxNZIOGYVDFKejZGE1YiGSaqxmkr9ds0DuALmZNDwqIhuZWGKKrs3r7DTSkQ9MQ").unwrap();
+        let fcm_beta_token = encrypt_device_token("fcm-chat.delta.beta:chu-GhZCTLyzq1XseJp3na:APA91bFlsfDawdszWTyOLbxBy7KeRCrYM-SBFqutebF5ix0EZKMuCFUT_Y7R7Ex_eTQG_LbOu3Ky_z5UlTMJtI7ufpIp5wEvsFmVzQcOo3YhrUpbiSVGIlk").unwrap();
+        let apple_token = encrypt_device_token(
+            "0155b93b7eb867a0d8b7328b978bb15bf22f70867e39e168d03f199af9496894",
+        )
+        .unwrap();
+
+        assert_eq!(fcm_token.len(), fcm_beta_token.len());
+        assert_eq!(apple_token.len(), fcm_token.len());
+    }
+}

src/qr.rs

@@ -112,7 +112,7 @@ pub enum Qr {
     /// Provides a backup that can be retrieved using iroh-net based backup transfer protocol.
     Backup2 {
         /// Iroh node address.
-        node_addr: iroh_net::NodeAddr,
+        node_addr: iroh::NodeAddr,
 
         /// Authentication token.
         auth_token: String,
@@ -644,7 +644,7 @@ fn decode_backup2(qr: &str) -> Result<Qr> {
         .split_once('&')
         .context("Backup QR code has no separator")?;
     let auth_token = auth_token.to_string();
-    let node_addr = serde_json::from_str::<iroh_net::NodeAddr>(node_addr)
+    let node_addr = serde_json::from_str::<iroh::NodeAddr>(node_addr)
         .context("Invalid node addr in backup QR code")?;
 
     Ok(Qr::Backup2 {

src/receive_imf.rs

@@ -1,7 +1,6 @@
 //! Internet Message Format reception pipeline.
 
 use std::collections::HashSet;
-use std::str::FromStr;
 
 use anyhow::{Context as _, Result};
 use deltachat_contact_tools::{addr_cmp, may_be_valid_addr, sanitize_single_line, ContactAddress};
@@ -73,6 +72,7 @@ pub struct ReceivedMsg {
 ///
 /// This method returns errors on a failure to parse the mail or extract Message-ID. It's only used
 /// for tests and REPL tool, not actual message reception pipeline.
+#[cfg(any(test, feature = "internals"))]
 pub async fn receive_imf(
     context: &Context,
     imf_raw: &[u8],
@@ -105,6 +105,7 @@ pub async fn receive_imf(
 /// Emulates reception of a message from "INBOX".
 ///
 /// Only used for tests and REPL tool, not actual message reception pipeline.
+#[cfg(any(test, feature = "internals"))]
 pub(crate) async fn receive_imf_from_inbox(
     context: &Context,
     rfc724_mid: &str,
@@ -1354,7 +1355,7 @@ async fn add_parts(
         // 1. They can't be an attack (they are outgoing, not incoming)
         // 2. Probably the unencryptedness is just a temporary state, after all
         //    the user obviously still uses DC
-        //    -> Showing info messages everytime would be a lot of noise
+        //    -> Showing info messages every time would be a lot of noise
         // 3. The info messages that are shown to the user ("Your chat partner
         //    likely reinstalled DC" or similar) would be wrong.
         if chat.is_protected() && (mime_parser.incoming || chat.typ != Chattype::Single) {
@@ -1556,8 +1557,8 @@ INSERT INTO msgs
   (
     id,
     rfc724_mid, chat_id,
-    from_id, to_id, timestamp, timestamp_sent, 
-    timestamp_rcvd, type, state, msgrmsg, 
+    from_id, to_id, timestamp, timestamp_sent,
+    timestamp_rcvd, type, state, msgrmsg,
     txt, txt_normalized, subject, txt_raw, param, hidden,
     bytes, mime_headers, mime_compressed, mime_in_reply_to,
     mime_references, mime_modified, error, ephemeral_timer,
@@ -1650,7 +1651,10 @@ RETURNING id
         // check if any part contains a webxdc topic id
         if part.typ == Viewtype::Webxdc {
             if let Some(topic) = mime_parser.get_header(HeaderDef::IrohGossipTopic) {
-                let topic = TopicId::from_str(topic).context("wrong gossip topic header")?;
+                // default encoding of topic ids is `hex`.
+                let topic_raw: [u8; 32] =
+                    iroh_base::base32::parse_array(topic).context("wrong gossip topic header")?;
+                let topic = TopicId::from_bytes(topic_raw);
                 insert_topic_stub(context, *msg_id, topic).await?;
             } else {
                 warn!(context, "webxdc doesn't have a gossip topic")

src/receive_imf/tests.rs

@@ -4033,7 +4033,7 @@ async fn test_sync_member_list_on_rejoin() -> Result<()> {
     remove_contact_from_chat(&alice, alice_chat_id, claire_id).await?;
     alice.pop_sent_msg().await;
 
-    // readd bob
+    // re-add bob
     add_contact_to_chat(&alice, alice_chat_id, bob_id).await?;
     let add2 = alice.pop_sent_msg().await;
     bob.recv_msg(&add2).await;
@@ -4182,7 +4182,7 @@ async fn test_recreate_contact_list_on_missing_message() -> Result<()> {
     // since we missed a message, a new contact list should be build
     assert_eq!(get_chat_contacts(&alice, chat_id).await?.len(), 3);
 
-    // readd fiona
+    // re-add fiona
     add_contact_to_chat(&alice, chat_id, alice_fiona).await?;
 
     // delayed removal of fiona shouldn't remove her
@@ -4224,7 +4224,7 @@ async fn test_dont_readd_with_normal_msg() -> Result<()> {
     bob.recv_msg(&alice.pop_sent_msg().await).await;
 
     // Alice didn't receive Bob's leave message although a lot of time has
-    // passed, so Bob must readd themselves otherwise other members would think
+    // passed, so Bob must re-add themselves otherwise other members would think
     // Bob is still here while they aren't. Bob should retry to leave if they
     // think that Alice didn't re-add them on purpose (which is possible if Alice uses a classical
     // MUA).

src/scheduler/connectivity.rs

@@ -14,12 +14,31 @@ use crate::{context::Context, log::LogExt};
 
 use super::InnerSchedulerState;
 
+/// Rough connectivity status for display in the status bar in the UI.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, EnumProperty, PartialOrd, Ord)]
 pub enum Connectivity {
+    /// Not connected.
+    ///
+    /// This may be because we just started,
+    /// because we lost connection and
+    /// were not able to connect and log in yet
+    /// or because I/O is not started.
     NotConnected = 1000,
+
+    /// Attempting to connect and log in.
     Connecting = 2000,
-    /// Fetching or sending messages
+
+    /// Fetching or sending messages.
     Working = 3000,
+
+    /// We are connected but not doing anything.
+    ///
+    /// This is the most common state,
+    /// so mobile UIs display the profile name
+    /// instead of connectivity status in this state.
+    /// Desktop UI displays "Connected" in the tooltip,
+    /// which signals that no more messages
+    /// are coming in.
     Connected = 4000,
 }
 
@@ -32,13 +51,17 @@ enum DetailedConnectivity {
     Error(String),
     #[default]
     Uninitialized,
+
+    /// Attempting to connect,
+    /// until we successfully log in.
     Connecting,
 
-    /// Connection is just established, but there may be work to do.
-    Connected,
+    /// Connection is just established,
+    /// there may be work to do.
+    Preparing,
 
     /// There is actual work to do, e.g. there are messages in SMTP queue
-    /// or we detected a message that should be downloaded.
+    /// or we detected a message on IMAP server that should be downloaded.
     Working,
 
     InterruptingIdle,
@@ -58,7 +81,13 @@ impl DetailedConnectivity {
             DetailedConnectivity::Connecting => Some(Connectivity::Connecting),
             DetailedConnectivity::Working => Some(Connectivity::Working),
             DetailedConnectivity::InterruptingIdle => Some(Connectivity::Connected),
-            DetailedConnectivity::Connected => Some(Connectivity::Connected),
+
+            // At this point IMAP has just connected,
+            // but does not know yet if there are messages to download.
+            // We still convert this to Working state
+            // so user can see "Updating..." and not "Connected"
+            // which is reserved for idle state.
+            DetailedConnectivity::Preparing => Some(Connectivity::Working),
 
             // Just don't return a connectivity, probably the folder is configured not to be
             // watched or there is e.g. no "Sent" folder, so we are not interested in it
@@ -74,9 +103,9 @@ impl DetailedConnectivity {
             | DetailedConnectivity::Uninitialized
             | DetailedConnectivity::NotConfigured => "<span class=\"red dot\"></span>".to_string(),
             DetailedConnectivity::Connecting => "<span class=\"yellow dot\"></span>".to_string(),
-            DetailedConnectivity::Working
+            DetailedConnectivity::Preparing
+            | DetailedConnectivity::Working
             | DetailedConnectivity::InterruptingIdle
-            | DetailedConnectivity::Connected
             | DetailedConnectivity::Idle => "<span class=\"green dot\"></span>".to_string(),
         }
     }
@@ -86,10 +115,12 @@ impl DetailedConnectivity {
             DetailedConnectivity::Error(e) => stock_str::error(context, e).await,
             DetailedConnectivity::Uninitialized => "Not started".to_string(),
             DetailedConnectivity::Connecting => stock_str::connecting(context).await,
-            DetailedConnectivity::Working => stock_str::updating(context).await,
-            DetailedConnectivity::InterruptingIdle
-            | DetailedConnectivity::Connected
-            | DetailedConnectivity::Idle => stock_str::connected(context).await,
+            DetailedConnectivity::Preparing | DetailedConnectivity::Working => {
+                stock_str::updating(context).await
+            }
+            DetailedConnectivity::InterruptingIdle | DetailedConnectivity::Idle => {
+                stock_str::connected(context).await
+            }
             DetailedConnectivity::NotConfigured => "Not configured".to_string(),
         }
     }
@@ -107,7 +138,7 @@ impl DetailedConnectivity {
             // since sending the last message, connectivity could have changed, which we don't notice
             // until another message is sent
             DetailedConnectivity::InterruptingIdle
-            | DetailedConnectivity::Connected
+            | DetailedConnectivity::Preparing
             | DetailedConnectivity::Idle => stock_str::last_msg_sent_successfully(context).await,
             DetailedConnectivity::NotConfigured => "Not configured".to_string(),
         }
@@ -120,7 +151,7 @@ impl DetailedConnectivity {
             DetailedConnectivity::Connecting => false,
             DetailedConnectivity::Working => false,
             DetailedConnectivity::InterruptingIdle => false,
-            DetailedConnectivity::Connected => false, // Just connected, there may still be work to do.
+            DetailedConnectivity::Preparing => false, // Just connected, there may still be work to do.
             DetailedConnectivity::NotConfigured => true,
             DetailedConnectivity::Idle => true,
         }
@@ -148,8 +179,8 @@ impl ConnectivityStore {
     pub(crate) async fn set_working(&self, context: &Context) {
         self.set(context, DetailedConnectivity::Working).await;
     }
-    pub(crate) async fn set_connected(&self, context: &Context) {
-        self.set(context, DetailedConnectivity::Connected).await;
+    pub(crate) async fn set_preparing(&self, context: &Context) {
+        self.set(context, DetailedConnectivity::Preparing).await;
     }
     pub(crate) async fn set_not_configured(&self, context: &Context) {
         self.set(context, DetailedConnectivity::NotConfigured).await;
@@ -169,7 +200,7 @@ impl ConnectivityStore {
     }
 }
 
-/// Set all folder states to InterruptingIdle in case they were `Connected` before.
+/// Set all folder states to InterruptingIdle in case they were `Idle` before.
 /// Called during `dc_maybe_network()` to make sure that `dc_all_work_done()`
 /// returns false immediately after `dc_maybe_network()`.
 pub(crate) async fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<ConnectivityStore>) {
@@ -179,8 +210,7 @@ pub(crate) async fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<Conne
     // returns Connected. But after dc_maybe_network(), dc_get_connectivity() must not
     // return Connected until DC is completely done with fetching folders; this also
     // includes scan_folders() which happens on the inbox thread.
-    if *connectivity_lock == DetailedConnectivity::Connected
-        || *connectivity_lock == DetailedConnectivity::Idle
+    if *connectivity_lock == DetailedConnectivity::Idle
         || *connectivity_lock == DetailedConnectivity::NotConfigured
     {
         *connectivity_lock = DetailedConnectivity::InterruptingIdle;
@@ -189,9 +219,7 @@ pub(crate) async fn idle_interrupted(inbox: ConnectivityStore, oboxes: Vec<Conne
 
     for state in oboxes {
         let mut connectivity_lock = state.0.lock().await;
-        if *connectivity_lock == DetailedConnectivity::Connected
-            || *connectivity_lock == DetailedConnectivity::Idle
-        {
+        if *connectivity_lock == DetailedConnectivity::Idle {
             *connectivity_lock = DetailedConnectivity::InterruptingIdle;
         }
     }

src/sql.rs

@@ -887,13 +887,11 @@ pub async fn remove_unused_files(context: &Context) -> Result<()> {
                         }
                         unreferenced_count += 1;
                         let recently_created =
-                            stats.created().map_or(false, |t| t > keep_files_newer_than);
-                        let recently_modified = stats
-                            .modified()
-                            .map_or(false, |t| t > keep_files_newer_than);
-                        let recently_accessed = stats
-                            .accessed()
-                            .map_or(false, |t| t > keep_files_newer_than);
+                            stats.created().is_ok_and(|t| t > keep_files_newer_than);
+                        let recently_modified =
+                            stats.modified().is_ok_and(|t| t > keep_files_newer_than);
+                        let recently_accessed =
+                            stats.accessed().is_ok_and(|t| t > keep_files_newer_than);
 
                         if p == blobdir
                             && (recently_created || recently_modified || recently_accessed)

src/sql/migrations.rs

@@ -1070,6 +1070,24 @@ CREATE INDEX msgs_status_updates_index2 ON msgs_status_updates (uid);
         .await?;
     }
 
+    inc_and_check(&mut migration_version, 124)?;
+    if dbversion < migration_version {
+        // Mark Saved Messages chat as protected if it already exists.
+        sql.execute_migration(
+            "UPDATE chats
+             SET protected=1 -- ProtectionStatus::Protected
+             WHERE type==100 -- Chattype::Single
+             AND EXISTS (
+                 SELECT 1 FROM chats_contacts cc
+                 WHERE cc.chat_id==chats.id
+                 AND cc.contact_id=1
+             )
+             ",
+            migration_version,
+        )
+        .await?;
+    }
+
     let new_version = sql
         .get_raw_config_int(VERSION_CFG)
         .await?

src/sql/pool.rs

@@ -83,7 +83,7 @@ impl InnerPool {
     /// Retrieves a connection from the pool.
     ///
     /// Sets `query_only` pragma to the provided value
-    /// to prevent accidentaly misuse of connection
+    /// to prevent accidental misuse of connection
     /// for writing when reading is intended.
     /// Only pass `query_only=false` if you want
     /// to use the connection for writing.

src/stock_str.rs

@@ -541,7 +541,7 @@ impl ContactId {
             .unwrap_or_else(|_| self.to_string())
     }
 
-    /// Get contact name, e.g. `Bob`, or `bob@exmple.net` if no name is set.
+    /// Get contact name, e.g. `Bob`, or `bob@example.net` if no name is set.
     async fn get_stock_name(self, context: &Context) -> String {
         Contact::get_by_id(context, self)
             .await

src/test_utils.rs

@@ -618,7 +618,7 @@ impl TestContext {
             .filter(|msg| msg.chat_id != DC_CHAT_ID_TRASH)
     }
 
-    /// Recevies a message and asserts that it goes to trash chat.
+    /// Receives a message and asserts that it goes to trash chat.
     pub async fn recv_msg_trash(&self, msg: &SentMessage<'_>) {
         let received = receive_imf(self, msg.payload().as_bytes(), false)
             .await

src/tests/aeap.rs

@@ -371,7 +371,7 @@ async fn test_aeap_replay_attack() -> Result<()> {
     chat::add_contact_to_chat(&bob, group, bob_alice_contact).await?;
 
     // Alice sends a message which Bob doesn't receive or something
-    // A real attack would rather re-use a message that was sent to a group
+    // A real attack would rather reuse a message that was sent to a group
     // and replace the Message-Id or so.
     let chat = alice.create_chat(&bob).await;
     let sent = alice.send_text(chat.id, "whoop whoop").await;

src/webxdc.rs

@@ -74,8 +74,8 @@ pub struct WebxdcManifest {
     /// Optional URL of webxdc source code.
     pub source_code_url: Option<String>,
 
-    /// If the webxdc requests network access.
-    pub request_internet_access: Option<bool>,
+    /// Set to "map" to request integration.
+    pub request_integration: Option<String>,
 }
 
 /// Parsed information from WebxdcManifest and fallbacks.
@@ -100,6 +100,9 @@ pub struct WebxdcInfo {
     /// URL of webxdc source code or an empty string.
     pub source_code_url: String,
 
+    /// Set to "map" to request integration, otherwise an empty string.
+    pub request_integration: String,
+
     /// If the webxdc is allowed to access the network.
     /// It should request access, be encrypted
     /// and sent to self for this.
@@ -367,18 +370,16 @@ impl Context {
                     .get_overwritable_info_msg_id(&instance, from_id)
                     .await?;
 
-                if info_msg_id.is_some() && status_update_item.href.is_none() {
-                    if let Some(info_msg_id) = info_msg_id {
-                        chat::update_msg_text_and_timestamp(
-                            self,
-                            instance.chat_id,
-                            info_msg_id,
-                            info.as_str(),
-                            timestamp,
-                        )
-                        .await?;
-                        notify_msg_id = info_msg_id;
-                    }
+                if let (Some(info_msg_id), None) = (info_msg_id, &status_update_item.href) {
+                    chat::update_msg_text_and_timestamp(
+                        self,
+                        instance.chat_id,
+                        info_msg_id,
+                        info.as_str(),
+                        timestamp,
+                    )
+                    .await?;
+                    notify_msg_id = info_msg_id;
                 } else {
                     notify_msg_id = chat::add_info_msg_with_cmd(
                         self,
@@ -416,14 +417,9 @@ impl Context {
         if from_id != ContactId::SELF {
             if let Some(notify_list) = status_update_item.notify {
                 let self_addr = instance.get_webxdc_self_addr(self).await?;
-                if let Some(notify_text) = notify_list.get(&self_addr) {
-                    self.emit_event(EventType::IncomingWebxdcNotify {
-                        contact_id: from_id,
-                        msg_id: notify_msg_id,
-                        text: notify_text.clone(),
-                        href: status_update_item.href,
-                    });
-                } else if let Some(notify_text) = notify_list.get("*") {
+                if let Some(notify_text) =
+                    notify_list.get(&self_addr).or_else(|| notify_list.get("*"))
+                {
                     self.emit_event(EventType::IncomingWebxdcNotify {
                         contact_id: from_id,
                         msg_id: notify_msg_id,
@@ -922,9 +918,9 @@ impl Message {
             }
         }
 
-        let internet_access = manifest.request_internet_access.unwrap_or_default()
-            && self.chat_id.is_self_talk(context).await.unwrap_or_default()
-            && self.get_showpadlock();
+        let request_integration = manifest.request_integration.unwrap_or_default();
+        let is_integrated = self.is_set_as_webxdc_integration(context).await?;
+        let internet_access = is_integrated;
 
         let self_addr = self.get_webxdc_self_addr(context).await?;
 
@@ -946,8 +942,11 @@ impl Message {
                 .get(Param::WebxdcDocument)
                 .unwrap_or_default()
                 .to_string(),
-            summary: if internet_access {
-                "Dev Mode: Do not enter sensitive data!".to_string()
+            summary: if is_integrated {
+                "🌍 Used as map. Delete to use default. Do not enter sensitive data".to_string()
+            } else if request_integration == "map" {
+                "🌏 To use as map, forward to \"Saved Messages\" again. Do not enter sensitive data"
+                    .to_string()
             } else {
                 self.param
                     .get(Param::WebxdcSummary)
@@ -959,6 +958,7 @@ impl Message {
             } else {
                 "".to_string()
             },
+            request_integration,
             internet_access,
             self_addr,
             send_update_interval: context.ratelimit.read().await.update_interval(),
@@ -2234,19 +2234,6 @@ sth_for_the = "future""#
         Ok(())
     }
 
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_parse_webxdc_manifest_request_internet_access() -> Result<()> {
-        let result = parse_webxdc_manifest(r#"request_internet_access = 3"#.as_bytes());
-        assert!(result.is_err());
-        let manifest = parse_webxdc_manifest(r#" source_code_url="https://foo.org""#.as_bytes())?;
-        assert_eq!(manifest.request_internet_access, None);
-        let manifest = parse_webxdc_manifest(r#" request_internet_access=false"#.as_bytes())?;
-        assert_eq!(manifest.request_internet_access, Some(false));
-        let manifest = parse_webxdc_manifest(r#"request_internet_access = true"#.as_bytes())?;
-        assert_eq!(manifest.request_internet_access, Some(true));
-        Ok(())
-    }
-
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
     async fn test_webxdc_min_api_too_large() -> Result<()> {
         let t = TestContext::new_alice().await;
@@ -2657,16 +2644,16 @@ sth_for_the = "future""#
         Ok(())
     }
 
+    // check that `info.internet_access` is not set for normal, non-integrated webxdc -
+    // even if they use the deprecated option `request_internet_access` in manifest.toml
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_webxdc_internet_access() -> Result<()> {
+    async fn test_webxdc_no_internet_access() -> Result<()> {
         let t = TestContext::new_alice().await;
         let self_id = t.get_self_chat().await.id;
         let single_id = t.create_chat_with_contact("bob", "bob@e.com").await.id;
         let group_id = create_group_chat(&t, ProtectionStatus::Unprotected, "chat").await?;
         let broadcast_id = create_broadcast_list(&t).await?;
 
-        let mut first_test = true; // only the first test has all conditions for internet access
-
         for e2ee in ["1", "0"] {
             t.set_config(Config::E2eeEnabled, Some(e2ee)).await?;
             for chat_id in [self_id, single_id, group_id, broadcast_id] {
@@ -2689,11 +2676,7 @@ sth_for_the = "future""#
                     .await?;
                     let instance = Message::load_from_db(&t, instance_id).await?;
                     let info = instance.get_webxdc_info(&t).await?;
-                    assert_eq!(info.internet_access, first_test);
-                    assert_eq!(info.summary.contains("Do not enter sensitive"), first_test);
-                    assert_eq!(info.summary.contains("real summary"), !first_test);
-
-                    first_test = false;
+                    assert_eq!(info.internet_access, false);
                 }
             }
         }

src/webxdc/integration.rs

@@ -57,14 +57,34 @@ impl Context {
     }
 
     // Check if a Webxdc shall be used as an integration and remember that.
-    pub(crate) async fn update_webxdc_integration_database(&self, msg: &Message) -> Result<()> {
-        if msg.viewtype == Viewtype::Webxdc && msg.param.get_int(Param::WebxdcIntegration).is_some()
-        {
-            self.set_config_internal(
-                Config::WebxdcIntegration,
-                Some(&msg.id.to_u32().to_string()),
-            )
-            .await?;
+    pub(crate) async fn update_webxdc_integration_database(
+        &self,
+        msg: &mut Message,
+        context: &Context,
+    ) -> Result<()> {
+        if msg.viewtype == Viewtype::Webxdc {
+            let is_integration = if msg.param.get_int(Param::WebxdcIntegration).is_some() {
+                true
+            } else if msg.chat_id.is_self_talk(context).await? {
+                let info = msg.get_webxdc_info(context).await?;
+                if info.request_integration == "map" {
+                    msg.param.set_int(Param::WebxdcIntegration, 1);
+                    msg.update_param(context).await?;
+                    true
+                } else {
+                    false
+                }
+            } else {
+                false
+            };
+
+            if is_integration {
+                self.set_config_internal(
+                    Config::WebxdcIntegration,
+                    Some(&msg.id.to_u32().to_string()),
+                )
+                .await?;
+            }
         }
         Ok(())
     }
@@ -101,11 +121,26 @@ impl Message {
             None
         }
     }
+
+    // Check if the message is an actually used as Webxdc integration.
+    pub(crate) async fn is_set_as_webxdc_integration(&self, context: &Context) -> Result<bool> {
+        if let Some(integration_id) = context
+            .get_config_parsed::<u32>(Config::WebxdcIntegration)
+            .await?
+        {
+            Ok(integration_id == self.id.to_u32())
+        } else {
+            Ok(false)
+        }
+    }
 }
 
 #[cfg(test)]
 mod tests {
     use crate::config::Config;
+    use crate::context::Context;
+    use crate::message;
+    use crate::message::{Message, Viewtype};
     use crate::test_utils::TestContext;
     use anyhow::Result;
     use std::time::Duration;
@@ -126,4 +161,65 @@ mod tests {
 
         Ok(())
     }
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+    async fn test_overwrite_default_integration() -> Result<()> {
+        let t = TestContext::new_alice().await;
+        let self_chat = &t.get_self_chat().await;
+        assert!(t.init_webxdc_integration(None).await?.is_none());
+
+        async fn assert_integration(t: &Context, name: &str) -> Result<()> {
+            let integration_id = t.init_webxdc_integration(None).await?.unwrap();
+            let integration = Message::load_from_db(t, integration_id).await?;
+            let integration_info = integration.get_webxdc_info(t).await?;
+            assert_eq!(integration_info.name, name);
+            Ok(())
+        }
+
+        // set default integration
+        let bytes = include_bytes!("../../test-data/webxdc/with-manifest-and-png-icon.xdc");
+        let file = t.get_blobdir().join("maps.xdc");
+        tokio::fs::write(&file, bytes).await.unwrap();
+        t.set_webxdc_integration(file.to_str().unwrap()).await?;
+        assert_integration(&t, "with some icon").await?;
+
+        // send a maps.xdc with insufficient manifest
+        let mut msg = Message::new(Viewtype::Webxdc);
+        msg.set_file_from_bytes(
+            &t,
+            "mapstest.xdc",
+            include_bytes!("../../test-data/webxdc/mapstest-integration-unset.xdc"),
+            None,
+        )
+        .await?;
+        t.send_msg(self_chat.id, &mut msg).await;
+        assert_integration(&t, "with some icon").await?; // still the default integration
+
+        // send a maps.xdc with manifest including the line `request_integration = "map"`
+        let mut msg = Message::new(Viewtype::Webxdc);
+        msg.set_file_from_bytes(
+            &t,
+            "mapstest.xdc",
+            include_bytes!("../../test-data/webxdc/mapstest-integration-set.xdc"),
+            None,
+        )
+        .await?;
+        let sent = t.send_msg(self_chat.id, &mut msg).await;
+        let info = msg.get_webxdc_info(&t).await?;
+        assert!(info.summary.contains("Used as map"));
+        assert_integration(&t, "Maps Test 2").await?;
+
+        // when maps.xdc is received on another device, the integration is not accepted (needs to be forwarded again)
+        let t2 = TestContext::new_alice().await;
+        let msg2 = t2.recv_msg(&sent).await;
+        let info = msg2.get_webxdc_info(&t2).await?;
+        assert!(info.summary.contains("To use as map,"));
+        assert!(t2.init_webxdc_integration(None).await?.is_none());
+
+        // deleting maps.xdc removes the user's integration - the UI will go back to default calling set_webxdc_integration() then
+        message::delete_msgs(&t, &[msg.id]).await?;
+        assert!(t.init_webxdc_integration(None).await?.is_none());
+
+        Ok(())
+    }
 }

src/webxdc/maps_integration.rs

@@ -181,7 +181,7 @@ mod tests {
     async fn test_maps_integration() -> Result<()> {
         let t = TestContext::new_alice().await;
 
-        let bytes = include_bytes!("../../test-data/webxdc/mapstest.xdc");
+        let bytes = include_bytes!("../../test-data/webxdc/mapstest-integration-set.xdc");
         let file = t.get_blobdir().join("maps.xdc");
         tokio::fs::write(&file, bytes).await.unwrap();
         t.set_webxdc_integration(file.to_str().unwrap()).await?;
@@ -199,7 +199,7 @@ mod tests {
 
         let integration = Message::load_from_db(&t, integration_id).await?;
         let info = integration.get_webxdc_info(&t).await?;
-        assert_eq!(info.name, "Maps Test");
+        assert_eq!(info.name, "Maps Test 2");
         assert_eq!(info.internet_access, true);
 
         t.send_webxdc_status_update(