Set up key backup using non-deprecated APIs (#12005)

2023-12-06 17:54:47 +00:00 · 2023-12-06 17:54:47 +00:00 · df11b90fd6
commit df11b90fd6
parent 1ce569bfc2
9 changed files with 198 additions and 34 deletions
--- a/src/SecurityManager.ts
+++ b/src/SecurityManager.ts
@ -319,8 +319,13 @@ export async function promptForBackupPassphrase(): Promise<Uint8Array> {
 * @param {Function} [func] An operation to perform once secret storage has been
 * bootstrapped. Optional.
 * @param {bool} [forceReset] Reset secret storage even if it's already set up
+ * @param {bool} [setupNewKeyBackup] Reset secret storage even if it's already set up
 */
-export async function accessSecretStorage(func = async (): Promise<void> => {}, forceReset = false): Promise<void> {
+export async function accessSecretStorage(
+    func = async (): Promise<void> => {},
+    forceReset = false,
+    setupNewKeyBackup = true,
+): Promise<void> {
    secretStorageBeingAccessed = true;
    try {
        const cli = MatrixClientPeg.safeGet();
@ -352,7 +357,12 @@ export async function accessSecretStorage(func = async (): Promise<void> => {},
                throw new Error("Secret storage creation canceled");
            }
        } else {
-            await cli.bootstrapCrossSigning({
+            const crypto = cli.getCrypto();
+            if (!crypto) {
+                throw new Error("End-to-end encryption is disabled - unable to access secret storage.");
+            }
+
+            await crypto.bootstrapCrossSigning({
                authUploadDeviceSigningKeys: async (makeRequest): Promise<void> => {
                    const { finished } = Modal.createDialog(InteractiveAuthDialog, {
                        title: _t("encryption|bootstrap_title"),
@ -365,8 +375,9 @@ export async function accessSecretStorage(func = async (): Promise<void> => {},
                    }
                },
            });
-            await cli.bootstrapSecretStorage({
+            await crypto.bootstrapSecretStorage({
                getKeyBackupPassphrase: promptForBackupPassphrase,
+                setupNewKeyBackup,
            });

            const keyId = Object.keys(secretStorageKeys)[0];
--- a/src/async-components/views/dialogs/security/CreateKeyBackupDialog.tsx
+++ b/src/async-components/views/dialogs/security/CreateKeyBackupDialog.tsx
@ -17,7 +17,6 @@ limitations under the License.

 import React from "react";
 import { logger } from "matrix-js-sdk/src/logger";
-import { IKeyBackupInfo } from "matrix-js-sdk/src/crypto/keybackup";

 import { MatrixClientPeg } from "../../../../MatrixClientPeg";
 import { _t } from "../../../../languageHandler";
@ -75,24 +74,25 @@ export default class CreateKeyBackupDialog extends React.PureComponent<IProps, I
        this.setState({
            error: undefined,
        });
-        let info: IKeyBackupInfo | undefined;
        const cli = MatrixClientPeg.safeGet();
        try {
-            await accessSecretStorage(async (): Promise<void> => {
-                // `accessSecretStorage` will have bootstrapped secret storage if necessary, so we can now
-                // set up key backup.
-                //
-                // XXX: `bootstrapSecretStorage` also sets up key backup as a side effect, so there is a 90% chance
-                // this is actually redundant.
-                //
-                // The only time it would *not* be redundant would be if, for some reason, we had working 4S but no
-                // working key backup. (For example, if the user clicked "Delete Backup".)
-                info = await cli.prepareKeyBackupVersion(null /* random key */, {
-                    secureSecretStorage: true,
-                });
-                info = await cli.createKeyBackupVersion(info);
-            });
-            await cli.scheduleAllGroupSessionsForBackup();
+            // We don't want accessSecretStorage to create a backup for us - we
+            // will create one ourselves in the closure we pass in by calling
+            // resetKeyBackup.
+            const setupNewKeyBackup = false;
+            const forceReset = false;
+
+            await accessSecretStorage(
+                async (): Promise<void> => {
+                    const crypto = cli.getCrypto();
+                    if (!crypto) {
+                        throw new Error("End-to-end encryption is disabled - unable to create backup.");
+                    }
+                    await crypto.resetKeyBackup();
+                },
+                forceReset,
+                setupNewKeyBackup,
+            );
            this.setState({
                phase: Phase.Done,
            });
@ -102,9 +102,6 @@ export default class CreateKeyBackupDialog extends React.PureComponent<IProps, I
            // delete the version, disable backup, or do nothing?  If we just
            // disable without deleting, we'll enable on next app reload since
            // it is trusted.
-            if (info?.version) {
-                cli.deleteKeyBackupVersion(info.version);
-            }
            this.setState({
                error: true,
            });