forked from platypush/platypush
Fixed device trust process
This commit is contained in:
parent
05908e1a77
commit
c89c712928
1 changed files with 46 additions and 10 deletions
|
@ -386,9 +386,16 @@ class MatrixClient(AsyncClient):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def _get_sas(self, event):
|
||||||
|
sas = self.key_verifications.get(event.transaction_id)
|
||||||
|
if not sas:
|
||||||
|
self.logger.debug(
|
||||||
|
'Received a key verification event with no associated transaction ID'
|
||||||
|
)
|
||||||
|
|
||||||
|
return sas
|
||||||
|
|
||||||
async def _on_key_verification_start(self, event: KeyVerificationStart):
|
async def _on_key_verification_start(self, event: KeyVerificationStart):
|
||||||
assert self.olm, 'OLM state machine not initialized'
|
|
||||||
self.olm.handle_key_verification(event)
|
|
||||||
self.logger.info(f'Received a key verification request from {event.sender}')
|
self.logger.info(f'Received a key verification request from {event.sender}')
|
||||||
|
|
||||||
if 'emoji' not in event.short_authentication_string:
|
if 'emoji' not in event.short_authentication_string:
|
||||||
|
@ -399,12 +406,15 @@ class MatrixClient(AsyncClient):
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
|
|
||||||
rs = await self.accept_key_verification(event.transaction_id)
|
sas = self._get_sas(event)
|
||||||
|
if not sas:
|
||||||
|
return
|
||||||
|
|
||||||
|
rs = await self.accept_key_verification(sas.transaction_id)
|
||||||
assert not isinstance(
|
assert not isinstance(
|
||||||
rs, ToDeviceError
|
rs, ToDeviceError
|
||||||
), f'accept_key_verification failed: {rs}'
|
), f'accept_key_verification failed: {rs}'
|
||||||
|
|
||||||
sas = self.key_verifications[event.transaction_id]
|
|
||||||
rs = await self.to_device(sas.share_key())
|
rs = await self.to_device(sas.share_key())
|
||||||
assert not isinstance(rs, ToDeviceError), f'Shared key exchange failed: {rs}'
|
assert not isinstance(rs, ToDeviceError), f'Shared key exchange failed: {rs}'
|
||||||
|
|
||||||
|
@ -419,24 +429,26 @@ class MatrixClient(AsyncClient):
|
||||||
)
|
)
|
||||||
|
|
||||||
async def _on_key_verification_key(self, event: KeyVerificationKey):
|
async def _on_key_verification_key(self, event: KeyVerificationKey):
|
||||||
sas = self.key_verifications[event.transaction_id]
|
sas = self._get_sas(event)
|
||||||
|
if not sas:
|
||||||
|
return
|
||||||
|
|
||||||
self.logger.info(
|
self.logger.info(
|
||||||
'Received emoji verification from device %s: %s',
|
'Received emoji verification from device %s: %s',
|
||||||
event.sender,
|
event.sender,
|
||||||
sas.get_emoji(),
|
sas.get_emoji(),
|
||||||
)
|
)
|
||||||
|
|
||||||
# TODO Support user interaction instead of blindly confirming?
|
rs = await self.confirm_short_auth_string(sas.transaction_id)
|
||||||
# await asyncio.sleep(5)
|
|
||||||
print('***** SENDING AUTH STRING')
|
|
||||||
rs = await self.confirm_short_auth_string(event.transaction_id)
|
|
||||||
assert not isinstance(
|
assert not isinstance(
|
||||||
rs, ToDeviceError
|
rs, ToDeviceError
|
||||||
), f'confirm_short_auth_string failed: {rs}'
|
), f'confirm_short_auth_string failed: {rs}'
|
||||||
|
|
||||||
async def _on_key_verification_mac(self, event: KeyVerificationMac):
|
async def _on_key_verification_mac(self, event: KeyVerificationMac):
|
||||||
self.logger.info('Received MAC verification request from %s', event.sender)
|
self.logger.info('Received MAC verification request from %s', event.sender)
|
||||||
sas = self.key_verifications[event.transaction_id]
|
sas = self._get_sas(event)
|
||||||
|
if not sas:
|
||||||
|
return
|
||||||
|
|
||||||
try:
|
try:
|
||||||
mac = sas.get_mac()
|
mac = sas.get_mac()
|
||||||
|
@ -517,6 +529,30 @@ class MatrixPlugin(AsyncRunnablePlugin):
|
||||||
Note that ``libolm`` and the ``[e2e]`` module are only required if you want E2E encryption
|
Note that ``libolm`` and the ``[e2e]`` module are only required if you want E2E encryption
|
||||||
support.
|
support.
|
||||||
|
|
||||||
|
Unless you configure the extension to use the token of an existing trusted
|
||||||
|
device, it is recommended that you mark the virtual device used by this
|
||||||
|
integration as trusted through a device that is already trusted. You may
|
||||||
|
encounter errors when sending or receiving messages on encrypted rooms if
|
||||||
|
your user has some untrusted devices. The easiest way to mark the device as
|
||||||
|
trusted is the following:
|
||||||
|
|
||||||
|
- Configure the integration with your credentials and start Platypush.
|
||||||
|
- Use the same credentials to log in through a Matrix app or web client
|
||||||
|
(Element, Hydrogen, etc.) that has already been trusted.
|
||||||
|
- You should see a notification that prompts you to review the
|
||||||
|
untrusted devices logged in to your account. Dismiss it for now -
|
||||||
|
that verification path is currently broken on the underlying library
|
||||||
|
used by this integration.
|
||||||
|
- Instead, select a room that you have already joined, select the list
|
||||||
|
of users in the room and select yourself.
|
||||||
|
- In the _Security_ section, you should see that at least one device is
|
||||||
|
marked as unverified, and you can start the verification process by
|
||||||
|
clicking on it.
|
||||||
|
- Select "_Verify through emoji_". A list of emojis should be prompted.
|
||||||
|
Optionally, verify the logs of the application to check that you see
|
||||||
|
the same list. Then confirm that you see the same emojis, and your
|
||||||
|
device will be automatically marked as trusted.
|
||||||
|
|
||||||
Triggers:
|
Triggers:
|
||||||
|
|
||||||
* :class:`platypush.message.event.matrix.MatrixMessageEvent`: when a message is received.
|
* :class:`platypush.message.event.matrix.MatrixMessageEvent`: when a message is received.
|
||||||
|
|
Loading…
Reference in a new issue