Merge branch 'develop' of github.com:matrix-org/matrix-react-sdk into t3chguy/cr/72

# Conflicts: # src/components/views/rooms/RoomHeader.tsx # test/components/views/rooms/__snapshots__/RoomHeader-test.tsx.snap
2023-09-19 10:36:29 +01:00 · 2023-09-19 10:36:29 +01:00 · c839123b83
commit c839123b83
parent 1d0c7046c0 3fbf38f17d
123 changed files with 6527 additions and 6069 deletions
--- a/src/utils/ShieldUtils.ts
+++ b/src/utils/ShieldUtils.ts
@ -37,17 +37,15 @@ export async function shieldStatusForRoom(client: MatrixClient, room: Room): Pro

    const verified: string[] = [];
    const unverified: string[] = [];
-    members
-        .filter((userId) => userId !== client.getUserId())
-        .forEach((userId) => {
-            (client.checkUserTrust(userId).isCrossSigningVerified() ? verified : unverified).push(userId);
-        });
+    for (const userId of members) {
+        if (userId === client.getUserId()) continue;
+        const userTrust = await crypto.getUserVerificationStatus(userId);

-    /* Alarm if any unverified users were verified before. */
-    for (const userId of unverified) {
-        if (client.checkUserTrust(userId).wasCrossSigningVerified()) {
+        /* Alarm if any unverified users were verified before. */
+        if (userTrust.wasCrossSigningVerified() && !userTrust.isCrossSigningVerified()) {
            return E2EStatus.Warning;
        }
+        (userTrust.isCrossSigningVerified() ? verified : unverified).push(userId);
    }

    /* Check all verified user devices. */
--- a/src/utils/oidc/authorize.ts
+++ b/src/utils/oidc/authorize.ts
@ -68,31 +68,36 @@ const getCodeAndStateFromQueryParams = (queryParams: QueryDict): { code: string;
    return { code, state };
 };

+type CompleteOidcLoginResponse = {
+    // url of the homeserver selected during login
+    homeserverUrl: string;
+    // identity server url as discovered during login
+    identityServerUrl?: string;
+    // accessToken gained from OIDC token issuer
+    accessToken: string;
+    // refreshToken gained from OIDC token issuer, when falsy token cannot be refreshed
+    refreshToken?: string;
+    // this client's id as registered with the OIDC issuer
+    clientId: string;
+    // issuer used during authentication
+    issuer: string;
+};
 /**
 * Attempt to complete authorization code flow to get an access token
 * @param queryParams the query-parameters extracted from the real query-string of the starting URI.
- * @returns Promise that resolves with accessToken, identityServerUrl, and homeserverUrl when login was successful
+ * @returns Promise that resolves with a CompleteOidcLoginResponse when login was successful
 * @throws When we failed to get a valid access token
 */
-export const completeOidcLogin = async (
-    queryParams: QueryDict,
-): Promise<{
-    homeserverUrl: string;
-    identityServerUrl?: string;
-    accessToken: string;
-    clientId: string;
-    issuer: string;
-}> => {
+export const completeOidcLogin = async (queryParams: QueryDict): Promise<CompleteOidcLoginResponse> => {
    const { code, state } = getCodeAndStateFromQueryParams(queryParams);
    const { homeserverUrl, tokenResponse, identityServerUrl, oidcClientSettings } =
        await completeAuthorizationCodeGrant(code, state);

-    // @TODO(kerrya) do something with the refresh token https://github.com/vector-im/element-web/issues/25444
-
    return {
-        homeserverUrl: homeserverUrl,
-        identityServerUrl: identityServerUrl,
+        homeserverUrl,
+        identityServerUrl,
        accessToken: tokenResponse.access_token,
+        refreshToken: tokenResponse.refresh_token,
        clientId: oidcClientSettings.clientId,
        issuer: oidcClientSettings.issuer,
    };