Merge pull request #1136 from vector-im/make-otk-upload-optional

Make it possible to disable OTK upload
This commit is contained in:
R Midhun Suresh 2023-08-22 17:35:21 +05:30 committed by GitHub
commit e0ed058980
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 8 deletions

View File

@ -151,10 +151,17 @@ export class Client {
/** Method to start client after registration or with given access token. /** Method to start client after registration or with given access token.
* To start the client after registering, use `startWithAuthData(registration.authData)`. * To start the client after registering, use `startWithAuthData(registration.authData)`.
* `homeserver` won't be resolved or normalized using this method, * `homeserver` won't be resolved or normalized using this method,
* use `lookupHomeserver` first if needed (not needed after registration) */ * use `lookupHomeserver` first if needed (not needed after registration)
async startWithAuthData({accessToken, deviceId, userId, homeserver}) { *
* Setting isReadOnly to false disables OTK uploads.
* Only do this if you're sure that you will never send encrypted messages.
* */
async startWithAuthData({accessToken, deviceId, userId, homeserver, isReadOnly = false}) {
await this._platform.logger.run("startWithAuthData", async (log) => { await this._platform.logger.run("startWithAuthData", async (log) => {
await this._createSessionAfterAuth({accessToken, deviceId, userId, homeserver}, true, log); if (isReadOnly) {
log.set("isReadonly (Disabled OTK Upload)", true);
}
await this._createSessionAfterAuth({accessToken, deviceId, userId, homeserver}, true, isReadOnly, log);
}); });
} }
@ -197,11 +204,11 @@ export class Client {
} }
return; return;
} }
await this._createSessionAfterAuth(sessionInfo, inspectAccountSetup, log); await this._createSessionAfterAuth(sessionInfo, inspectAccountSetup, false, log);
}); });
} }
async _createSessionAfterAuth({deviceId, userId, accessToken, homeserver}, inspectAccountSetup, log) { async _createSessionAfterAuth({deviceId, userId, accessToken, homeserver}, inspectAccountSetup, isReadOnly, log) {
const id = this.createNewSessionId(); const id = this.createNewSessionId();
const lastUsed = this._platform.clock.now(); const lastUsed = this._platform.clock.now();
const sessionInfo = { const sessionInfo = {
@ -212,6 +219,7 @@ export class Client {
homeserver, homeserver,
accessToken, accessToken,
lastUsed, lastUsed,
isReadOnly,
}; };
let dehydratedDevice; let dehydratedDevice;
if (inspectAccountSetup) { if (inspectAccountSetup) {
@ -260,6 +268,7 @@ export class Client {
deviceId: sessionInfo.deviceId, deviceId: sessionInfo.deviceId,
userId: sessionInfo.userId, userId: sessionInfo.userId,
homeserver: sessionInfo.homeServer, homeserver: sessionInfo.homeServer,
isReadOnly: sessionInfo.isReadOnly,
}; };
const olm = await this._olmPromise; const olm = await this._olmPromise;
let olmWorker = null; let olmWorker = null;

View File

@ -417,8 +417,10 @@ export class Session {
log.set("keys", this._e2eeAccount.identityKeys); log.set("keys", this._e2eeAccount.identityKeys);
await this._setupEncryption(); await this._setupEncryption();
} }
if (!this._sessionInfo.isReadOnly) {
await this._e2eeAccount.generateOTKsIfNeeded(this._storage, log); await this._e2eeAccount.generateOTKsIfNeeded(this._storage, log);
await log.wrap("uploadKeys", log => this._e2eeAccount.uploadKeys(this._storage, false, log)); await log.wrap("uploadKeys", log => this._e2eeAccount.uploadKeys(this._storage, false, log));
}
await this._createCrossSigning(); await this._createCrossSigning();
} }
} }
@ -828,7 +830,7 @@ export class Session {
// to-device messages, to help us avoid throwing away one-time-keys that we // to-device messages, to help us avoid throwing away one-time-keys that we
// are about to receive messages for // are about to receive messages for
// (https://github.com/vector-im/riot-web/issues/2782). // (https://github.com/vector-im/riot-web/issues/2782).
if (this._e2eeAccount && !isCatchupSync) { if (this._e2eeAccount && !isCatchupSync && !this._sessionInfo.isReadOnly) {
const needsToUploadOTKs = await this._e2eeAccount.generateOTKsIfNeeded(this._storage, log); const needsToUploadOTKs = await this._e2eeAccount.generateOTKsIfNeeded(this._storage, log);
if (needsToUploadOTKs) { if (needsToUploadOTKs) {
await log.wrap("uploadKeys", log => this._e2eeAccount.uploadKeys(this._storage, false, log)); await log.wrap("uploadKeys", log => this._e2eeAccount.uploadKeys(this._storage, false, log));

View File

@ -22,6 +22,15 @@ interface ISessionInfo {
homeServer: string; // deprecate this over time homeServer: string; // deprecate this over time
accessToken: string; accessToken: string;
lastUsed: number; lastUsed: number;
/**
* If true, then this session will not be used for sending
* encrypted messages.
* OTK uploads will be disabled when this is true.
*
* Encrypted messages can still be decrypted and key backups
* can also be restored.
*/
isReadOnly: boolean;
} }
// todo: this should probably be in platform/types? // todo: this should probably be in platform/types?